Skip to content

fix: add new client scopes for usuarios, compras, stock, categorias, reservas, and envios #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jorgevillaverde merged 2 commits into from
Oct 17, 2025
Merged

fix: add new client scopes for usuarios, compras, stock, categorias, reservas, and envios #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4c0cc9e
fix: add new client scopes for usuarios, compras, stock, categorias, …
alejorrojas Oct 17, 2025
d174cb8
docs: add troubleshooting section for realm synchronization issues
alejorrojas Oct 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 49 additions & 0 deletions keycloak/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,3 +70,52 @@ Podemos obtener la configuración OIDC en la URL: [.well-known/openid-configurat

Podemos obtener las JSON Web Key Set en la URL: [JWKS](http://localhost:8080/realms/ds-2025-realm/protocol/openid-connect/certs)

---

## 🔧 Solución de Problemas de Sincronización

### Problema: Los cambios en el archivo realm no se aplican

Si modificas el archivo `realm-config/ds-2025-realm.json` pero los cambios no se reflejan en Keycloak, sigue estos pasos:


#### 1. Reinicio Completo con Limpieza

Para aplicar los cambios en el archivo realm, necesitas hacer un reinicio completo que limpie los datos persistentes:

```bash
# Detener contenedores
docker-compose down

# Eliminar volúmenes (esto borrará todos los datos)
docker volume rm keycloak_postgres_data

# Limpiar sistema Docker
docker system prune -f

# Reiniciar
docker-compose up -d
```

#### 2. Verificar la Configuración

Después del reinicio, verifica que:

1. **Default Client Scopes del Realm**: Ve a `Realm Settings > Client Scopes` y verifica que aparezcan todos los scopes definidos en `defaultDefaultClientScopes`

2. **Client Scopes de los Clientes**: Ve a cada cliente (ej: `grupo-03`) y verifica que tenga los `defaultClientScopes` correctos

3. **Acceso a la Consola**: http://localhost:8080 con las credenciales del archivo `.env`

### Client Scopes Disponibles

El realm ahora incluye todos estos client scopes:

- `usuarios:read` / `usuarios:write`
- `compras:read` / `compras:write`
- `stock:read` / `stock:write`
- `productos:read` / `productos:write`
- `categorias:read` / `categorias:write`
- `reservas:read` / `reservas:write`
- `envios:read` / `envios:write`

300 changes: 300 additions & 0 deletions keycloak/realm-config/ds-2025-realm.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,156 @@
]
},
"clientScopes": [
{
"name": "usuarios:read",
"description": "Scope que permite acceso de lectura a los usuarios",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"name": "realm roles mapper usuarios:read",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"claim.name": "roles",
"jsonType.label": "String",
"multivalued": "true",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true"
}
}
]
},
{
"name": "usuarios:write",
"description": "Scope que permite acceso de escritura a los usuarios",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"name": "realm roles mapper usuarios:write",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"claim.name": "roles",
"jsonType.label": "String",
"multivalued": "true",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true"
}
}
]
},
{
"name": "compras:read",
"description": "Scope que permite acceso de lectura a las compras",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"name": "realm roles mapper compras:read",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"claim.name": "roles",
"jsonType.label": "String",
"multivalued": "true",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true"
}
}
]
},
{
"name": "compras:write",
"description": "Scope que permite acceso de escritura a las compras",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"name": "realm roles mapper compras:write",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"claim.name": "roles",
"jsonType.label": "String",
"multivalued": "true",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true"
}
}
]
},
{
"name": "stock:read",
"description": "Scope que permite acceso de lectura al stock",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"name": "realm roles mapper stock:read",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"claim.name": "roles",
"jsonType.label": "String",
"multivalued": "true",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true"
}
}
]
},
{
"name": "stock:write",
"description": "Scope que permite acceso de escritura al stock",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"name": "realm roles mapper stock:write",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"claim.name": "roles",
"jsonType.label": "String",
"multivalued": "true",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true"
}
}
]
},
{
"name": "productos:read",
"description": "Scope que permite acceso de lectura a los productos",
Expand Down Expand Up @@ -83,6 +233,156 @@
}
}
]
},
{
"name": "categorias:read",
"description": "Scope que permite acceso de lectura a las categorías",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"name": "realm roles mapper categorias:read",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"claim.name": "roles",
"jsonType.label": "String",
"multivalued": "true",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true"
}
}
]
},
{
"name": "categorias:write",
"description": "Scope que permite acceso de escritura a las categorías",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"name": "realm roles mapper categorias:write",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"claim.name": "roles",
"jsonType.label": "String",
"multivalued": "true",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true"
}
}
]
},
{
"name": "reservas:read",
"description": "Scope que permite acceso de lectura a las reservas",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"name": "realm roles mapper reservas:read",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"claim.name": "roles",
"jsonType.label": "String",
"multivalued": "true",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true"
}
}
]
},
{
"name": "reservas:write",
"description": "Scope que permite acceso de escritura a las reservas",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"name": "realm roles mapper reservas:write",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"claim.name": "roles",
"jsonType.label": "String",
"multivalued": "true",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true"
}
}
]
},
{
"name": "envios:read",
"description": "Scope que permite acceso de lectura a los envíos",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"name": "realm roles mapper envios:read",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"claim.name": "roles",
"jsonType.label": "String",
"multivalued": "true",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true"
}
}
]
},
{
"name": "envios:write",
"description": "Scope que permite acceso de escritura a los envíos",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"name": "realm roles mapper envios:write",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"claim.name": "roles",
"jsonType.label": "String",
"multivalued": "true",
"userinfo.token.claim": "true",
"id.token.claim": "true",
"access.token.claim": "true"
}
}
]
}
],
"clients": [
Expand Down