Holzleitner---Backend--aktuell-/keycloak/import/realm-holzleitner.json

{
  "realm": "holzleitner",
  "enabled": true,
  "sslRequired": "none",
  "registrationAllowed": false,
  "loginWithEmailAllowed": true,
  "duplicateEmailsAllowed": false,
  "resetPasswordAllowed": false,
  "editUsernameAllowed": false,
  "bruteForceProtected": true,
  "accessTokenLifespan": 1800,
  "ssoSessionIdleTimeout": 1800,
  "ssoSessionMaxLifespan": 36000,
  "roles": {
    "realm": [
      {
        "name": "driver",
        "description": "Lieferfahrer — darf Touren laden, scannen und abschließen."
      }
    ]
  },
  "users": [
    {
      "username": "testfahrer",
      "enabled": true,
      "emailVerified": true,
      "firstName": "Test",
      "lastName": "Fahrer",
      "email": "test@example.com",
      "credentials": [
        {
          "type": "password",
          "value": "test",
          "temporary": false
        }
      ],
      "realmRoles": ["driver"],
      "attributes": {
        "personalnummer": ["1001"]
      }
    }
  ],
  "clients": [
    {
      "clientId": "holzleitner-app",
      "name": "Holzleitner Mobile App",
      "description": "Public Client für die Flutter-App (Authorization Code + PKCE und Direct Access Grants im Dev).",
      "enabled": true,
      "publicClient": true,
      "standardFlowEnabled": true,
      "directAccessGrantsEnabled": true,
      "serviceAccountsEnabled": false,
      "implicitFlowEnabled": false,
      "redirectUris": [
        "http://localhost:*",
        "holzleitner://*"
      ],
      "webOrigins": ["+"],
      "attributes": {
        "post.logout.redirect.uris": "+",
        "pkce.code.challenge.method": "S256"
      },
      "protocolMappers": [
        {
          "name": "audience-holzleitner-api",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-audience-mapper",
          "config": {
            "included.client.audience": "holzleitner-api",
            "id.token.claim": "false",
            "access.token.claim": "true",
            "introspection.token.claim": "true"
          }
        },
        {
          "name": "personalnummer",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-attribute-mapper",
          "config": {
            "user.attribute": "personalnummer",
            "claim.name": "personalnummer",
            "jsonType.label": "long",
            "id.token.claim": "true",
            "access.token.claim": "true",
            "userinfo.token.claim": "true",
            "introspection.token.claim": "true"
          }
        }
      ]
    }
  ]
}