Skip to content

init-keycloak: build `redirectUris` when it's not in the configuration

Problem

The keycloak-create-client.j2 requires the config['keycloak']['redirectUris'] configuration with full URIs.

We should provide a way to construct the URIs automatically.

Proposal

We could construct the URIs by iterating all the configuration keys looking up for hostname and appending the domain, for example:

{%- set redirectUris = [] %}
{#- Remove smtp since we don't want it's hostname #}
{%- do config.pop('smtp') %}

{%- if config['keycloak'].get('redirectUris', False) %}
{%-   set redirectUris = config['keycloak']['redirectUris'] %}
{%- else %}
{#-   Gather all hostnames, execept for `smtp` #}
{%-   set hostnames = config.values()
      | selectattr("hostname", "defined")
      | map(attribute="hostname")
      | list %}
{%-   for hostname in hostnames %}
{%-     do redirectUris.append("https://{}.{}/*".format(hostname, domain)) %}
{%-   endfor %}
{%- endif %}

The only problem is that

Improvement

We could even make some simplistif variable interpolation with:

{%- set redirectUris = [] %}
{%- if config['keycloak'].get('redirectUris', False) %}
{%-   set redirectUris = config['keycloak']['redirectUris']
      | map("replace", "$domain", domain)
      | map("replace", "${domain}", domain)
      | list %}
{%- else %}
[…]

Which permit to set in the configuration:

[keycloak]
redirectUris=https://agenda.${domain}/*
    https://auth.${domain}/*
    https://blog.${domain}/*