From bcea4a5a28724cf53f87e84a1b29f1900cfeaac1 Mon Sep 17 00:00:00 2001
From: Walton Hoops <me@waltonhoops.com>
Date: Wed, 30 Oct 2024 14:21:11 -0600
Subject: [PATCH] chore: setup keycloak locally

---
 .envrc.example    | 7 ++++++-
 README.md         | 1 +
 config/config.exs | 4 ++--
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/.envrc.example b/.envrc.example
index 3aece74a4..925515cdb 100644
--- a/.envrc.example
+++ b/.envrc.example
@@ -3,4 +3,9 @@ export DATABASE_PASSWORD=postgres
 export ARROW_DOMAIN=https://arrow.mbta.com
 export ARROW_API_KEY=
 export AWS_ACCESS_KEY_ID=
-export AWS_SECRET_ACCESS_KEY=
\ No newline at end of file
+export AWS_SECRET_ACCESS_KEY=
+export KEYCLOAK_ISSUER=https://login-dev.mbtace.com/auth/realms/MBTA
+export KEYCLOAK_API_BASE=https://login-dev.mbtace.com/auth/admin/realms/MBTA/
+export KEYCLOAK_CLIENT_ID=arrow-dev
+export KEYCLOAK_CLIENT_UUID=bd84a8e2-2fce-4c7a-bfe3-3c7ac71fb5b2
+export KEYCLOAK_CLIENT_SECRET=
\ No newline at end of file
diff --git a/README.md b/README.md
index 9b7b986e0..7bc244b5e 100644
--- a/README.md
+++ b/README.md
@@ -24,6 +24,7 @@
 - `cp .envrc.example .envrc`
 - Update `.envrc` with your local Postgres username and password
 - Update `.envrc` with your AWS credentials or ensure they are available in your shell
+- Update `.envrc` with the Arrow Dev Keycloak client secret (found in 1Password)
 - `mix ecto.setup`
 - `brew install chromedriver`
 - Add your Arrow API key from https://arrow.mbta.com/mytoken to `.envrc`
diff --git a/config/config.exs b/config/config.exs
index 412f4dc24..8ff064bf0 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -20,8 +20,8 @@ config :arrow,
     # map cognito groups to roles
     "arrow-admin" => "admin"
   },
-  ueberauth_provider: :cognito,
-  api_login_module: ArrowWeb.TryApiTokenAuth.Cognito,
+  ueberauth_provider: :keycloak,
+  api_login_module: ArrowWeb.TryApiTokenAuth.Keycloak,
   required_roles: %{
     view_disruption: ["read-only", "admin"],
     create_disruption: ["admin"],