chore: setup keycloak locally

mbta · Oct 30, 2024 · 6c581b7 · 6c581b7
1 parent 0b567e6
commit 6c581b7
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 3 deletions.
diff --git a/.envrc.example b/.envrc.example
@@ -3,4 +3,9 @@ export DATABASE_PASSWORD=postgres
 export ARROW_DOMAIN=https://arrow.mbta.com
 export ARROW_API_KEY=
 export AWS_ACCESS_KEY_ID=
-export AWS_SECRET_ACCESS_KEY=
+export AWS_SECRET_ACCESS_KEY=
+export KEYCLOAK_ISSUER=https://login-dev.mbtace.com/auth/realms/MBTA
+export KEYCLOAK_API_BASE=https://login-dev.mbtace.com/auth/admin/realms/MBTA/
+export KEYCLOAK_CLIENT_ID=arrow-dev
+export KEYCLOAK_CLIENT_UUID=bd84a8e2-2fce-4c7a-bfe3-3c7ac71fb5b2
+export KEYCLOAK_CLIENT_SECRET=
diff --git a/README.md b/README.md
@@ -24,6 +24,7 @@
 - `cp .envrc.example .envrc`
 - Update `.envrc` with your local Postgres username and password
 - Update `.envrc` with your AWS credentials or ensure they are available in your shell
+- Update `.envrc` with the Arrow Dev Keycloak client secret (found in 1Password)
 - `mix ecto.setup`
 - `brew install chromedriver`
 - Add your Arrow API key from https://arrow.mbta.com/mytoken to `.envrc`

diff --git a/config/config.exs b/config/config.exs
@@ -20,8 +20,8 @@ config :arrow,
     # map cognito groups to roles
     "arrow-admin" => "admin"
   },
-  ueberauth_provider: :cognito,
-  api_login_module: ArrowWeb.TryApiTokenAuth.Cognito,
+  ueberauth_provider: :keycloak,
+  api_login_module: ArrowWeb.TryApiTokenAuth.Keycloak,
   required_roles: %{
     view_disruption: ["read-only", "admin"],
     create_disruption: ["admin"],