Update Keycloak realm and AppHost for OIDC silent redirect URIs (#52)

sei-awelle · web-flow · commit 9b5b9ae780c0 · 2026-02-27T14:59:04.000-05:00
* Make toggle-local-library.sh executable

* Document toggle-local-library.sh usage in README

Add usage examples showing how to enable/disable/check status of local
library debugging for EntityEvents.

* Update Keycloak realm and UI resource templates for OIDC silent redirect URIs

- Update crucible-realm.json redirect URIs to use .html extension
- Update UI resource templates (*.ui.json) to generate correct OIDC settings
- Ensures silent token renewal uses static HTML files instead of Angular routes

---------

Co-authored-by: Adam Welle &lt;arwelle@sei.cmu.edu&gt;
diff --git a/Crucible.AppHost/resources/alloy.ui.json b/Crucible.AppHost/resources/alloy.ui.json
@@ -8,6 +8,6 @@
     "response_type": "code",
     "scope": "openid profile player player-vm alloy caster steamfitter",
     "automaticSilentRenew": true,
-    "silent_redirect_uri": "http://localhost:4403/auth-callback-silent"
+    "silent_redirect_uri": "http://localhost:4403/auth-callback-silent.html"
   }
 }
diff --git a/Crucible.AppHost/resources/blueprint.ui.json b/Crucible.AppHost/resources/blueprint.ui.json
@@ -8,7 +8,7 @@
     "response_type": "code",
     "scope": "openid profile blueprint cite gallery player player-vm steamfitter",
     "automaticSilentRenew": true,
-    "silent_redirect_uri": "http://localhost:4725/auth-callback-silent"
+    "silent_redirect_uri": "http://localhost:4725/auth-callback-silent.html"
   },
     "AppTitle": "Blueprint",
     "AppTopBarHexColor": "#2d69b4",
diff --git a/Crucible.AppHost/resources/caster.ui.json b/Crucible.AppHost/resources/caster.ui.json
@@ -8,6 +8,6 @@
     "response_type": "code",
     "scope": "openid profile email caster",
     "automaticSilentRenew": true,
-    "silent_redirect_uri": "http://localhost:4310/auth-callback-silent/"
+    "silent_redirect_uri": "http://localhost:4310/auth-callback-silent.html"
   }
 }
diff --git a/Crucible.AppHost/resources/cite.ui.json b/Crucible.AppHost/resources/cite.ui.json
@@ -8,7 +8,7 @@
     "response_type": "code",
     "scope": "openid profile cite gallery",
     "automaticSilentRenew": true,
-    "silent_redirect_uri": "http://localhost:4721/auth-callback-silent"
+    "silent_redirect_uri": "http://localhost:4721/auth-callback-silent.html"
   },
   "AppTitle": "CITE",
   "AppTopBarHexColor": "#E81717",
diff --git a/Crucible.AppHost/resources/crucible-realm.json b/Crucible.AppHost/resources/crucible-realm.json
@@ -1472,7 +1472,7 @@
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "redirectUris": [
-        "http://host.docker.internal:4303/auth-callback-silent",
+        "http://host.docker.internal:4303/auth-callback-silent.html",
         "http://localhost:4303/auth-callback*",
         "http://host.docker.internal:4303/auth-callback*"
       ],
@@ -2052,7 +2052,7 @@
       "clientAuthenticatorType": "client-secret",
       "redirectUris": [
         "http://localhost:4725/auth-callback",
-        "http://localhost:4725/auth-callback-silent"
+        "http://localhost:4725/auth-callback-silent.html"
       ],
       "webOrigins": ["http://localhost:4725"],
       "notBefore": 0,
@@ -2245,7 +2245,7 @@
       "clientAuthenticatorType": "client-secret",
       "redirectUris": [
         "http://localhost:4721/auth-callback",
-        "http://localhost:4721/auth-callback-silent"
+        "http://localhost:4721/auth-callback-silent.html"
       ],
       "webOrigins": ["http://localhost:4721"],
       "notBefore": 0,
@@ -2398,7 +2398,7 @@
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "redirectUris": [
-        "http://localhost:4723/auth-callback-silent",
+        "http://localhost:4723/auth-callback-silent.html",
         "http://localhost:4723/auth-callback"
       ],
       "webOrigins": ["http://localhost:4723"],
@@ -2559,7 +2559,7 @@
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "redirectUris": [
-        "http://localhost:4401/auth-callback-silent",
+        "http://localhost:4401/auth-callback-silent.html",
         "http://localhost:4401/auth-callback"
       ],
       "webOrigins": ["http://localhost:4401"],
diff --git a/Crucible.AppHost/resources/gallery.ui.json b/Crucible.AppHost/resources/gallery.ui.json
@@ -8,7 +8,7 @@
     "response_type": "code",
     "scope": "openid profile gallery steamfitter",
     "automaticSilentRenew": true,
-    "silent_redirect_uri": "http://localhost:4723/auth-callback-silent"
+    "silent_redirect_uri": "http://localhost:4723/auth-callback-silent.html"
   },
     "AppTitle": "Gallery",
     "AppTopBarHexColor": "#E81717",
diff --git a/Crucible.AppHost/resources/steamfitter.ui.json b/Crucible.AppHost/resources/steamfitter.ui.json
@@ -8,7 +8,7 @@
     "response_type": "code",
     "scope": "openid profile player player-vm steamfitter",
     "automaticSilentRenew": true,
-    "silent_redirect_uri": "http://localhost:4401/auth-callback-silent"
+    "silent_redirect_uri": "http://localhost:4401/auth-callback-silent.html"
   },
   "AppTitle": "Steamfitter",
   "AppTopBarHexColor": "#BB0000",
diff --git a/README.md b/README.md
@@ -617,6 +617,22 @@ This is the preferred method to enable display of debug messages inside of the b
 
 The crucible-common-dotnet shared library is cloned into the `/mnt/data.crucible/libraries` directory. By default, APIs that use these libraries pull the published packages from NuGet. When developing or debugging these libraries, it is convenient to point the APIs to the local copy of the library. Developers can use the `scripts/toggle-local-library.sh` script to easily toggle between the default published NuGet packages and local Project References.
 
+### Usage
+
+```bash
+# Enable local library debugging (uses local EntityEvents source)
+./scripts/toggle-local-library.sh on
+
+# Disable local library debugging (uses NuGet packages)
+./scripts/toggle-local-library.sh off
+
+# Check current status
+./scripts/toggle-local-library.sh status
+
+# Toggle current state
+./scripts/toggle-local-library.sh
+```
+
 A Directory.Build.props file is mounted to `/mnt/data`. This file defines a variable `<UseLocalEntityEvents>false</UseLocalEntityEvents>`. If you want to use the local version of the Crucible.Common.EntityEvents library, copy this file to `/mnt/data/crucible` and set `<UseLocalEntityEvents>true</UseLocalEntityEvents>`. This will tell MSBuild to use a local project reference instead of the NuGet package and this file will not get checked into git. The script automates this process for you.
 
 This pattern should be extended to the other libraries in crucible-common-dotnet as necessary in the future.
diff --git a/scripts/toggle-local-library.sh b/scripts/toggle-local-library.sh

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,6 @@`
`8`	`8`	`"response_type": "code",`
`9`	`9`	`"scope": "openid profile player player-vm alloy caster steamfitter",`
`10`	`10`	`"automaticSilentRenew": true,`
`11`		`- "silent_redirect_uri": "http://localhost:4403/auth-callback-silent"`
	`11`	`+ "silent_redirect_uri": "http://localhost:4403/auth-callback-silent.html"`
`12`	`12`	`}`
`13`	`13`	`}`
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,6 @@`
`8`	`8`	`"response_type": "code",`
`9`	`9`	`"scope": "openid profile email caster",`
`10`	`10`	`"automaticSilentRenew": true,`
`11`		`- "silent_redirect_uri": "http://localhost:4310/auth-callback-silent/"`
	`11`	`+ "silent_redirect_uri": "http://localhost:4310/auth-callback-silent.html"`
`12`	`12`	`}`
`13`	`13`	`}`