# setup on admin page

client: web
secret: <client secret>
subdomain: auth.sebse.de/auth/realms/public
redirect after login: /      <somewhere in the app> // http://localhost:3000/api/auth/keycloak/callback


# remove uuid from package.json




# add strapi user to mongo

sudo docker-compose exec mongo mongo -u root --authenticationDatabase admin -p
use admin
db.createUser({user: "strapi" , pwd: "<DB USER PW>", roles: [  "userAdminAnyDatabase","readWriteAnyDatabase" ]})





# strapi-data/node_modules/strapi-plugin-users-permissions/config/functions/bootstrap.js

    keycloak: {
      enabled: false,
      icon: 'key',
      key: '',
      secret: '',
      oauth: 2,
      subdomain: '',
      callback: `${strapi.config.server.url}/auth/keycloak/callback`,
      scope: ['profile', 'email', 'roles', 'openid'],
    },


# strapi-data/node_modules/strapi-plugin-users-permissions/services/Providers.js

    case 'keycloak': {
      const keycloak = purest({
        provider: 'keycloak',
        config: {
          'keycloak': {
            'https://auth.sebse.de/auth/realms/public': {
              '__domain': {
                'auth': {
                  'auth': {
                    'bearer': '[0]'
                  }
                },
              },
              '{endpoint}': {
                '__path': {
                  'alias': '__default',
                }
              }
            }
          }
        }
      });
      keycloak.query().get('protocol/openid-connect/userinfo').auth(access_token).request((err, res, body) => {
        if (err) {
          callback(err);
        } else {
          callback(null, {
            username: body.preferred_username,
            email: body.email
          });
        }
      });
      break;
    }
