Update doc (README)

2025-02-24 04:23:46 +01:00 · 2025-02-24 04:23:46 +01:00 · 573fb0335b
commit 573fb0335b
parent 5a80765729
1 changed files with 104 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -2,24 +2,123 @@

 Small web app for experimenting a web app with a Keycloak auth server.

-It is a sibbling of the server version (oidc-test)[philorg/oidc-fastapi-test],
+It is a sibling of the server version [oidc-test](philorg/oidc-fastapi-test),
 which acts also as a resource server.

-Live demo: https://philo.ydns.eu/oidc-test-web:
+Live demo: <https://philo.ydns.eu/oidc-test-web>:
+
 - configured with a test realm on a private Keycloak instance
 - 2 users are defined: foo (foofoo) and bar (barbar).

-## Deployment
+**Note**: decoding tokens requires the use of cryto extension,
+that web browsers allow only with a secured connection (https).

-In a container:
+## Configuration
+
+The app expects that a `settings.json` file is available on the server
+at the app's base url.
+
+For example:
+
+```json
+{
+  "keycloakUri": "https://keycloak.your.domain",
+  "realm": "test",
+  "authProvider": "keycloak",
+  "sso": false,
+  "clientId": "oidc-test-web",
+  "tokenSandbox": true,
+  "resourceServerUrl": "https://someserver.your.domain/resourceBaseUrl",
+  "resourceScopes": [
+    "get:time",
+    "get:bs"
+  ],
+  "resourceProviders": {
+    "resourceProvider1": {
+      "name": "Third party 1",
+      "baseUrl": "https://otherserver.your.domain/resources/",
+      "verifySSL": true,
+      "resources": {
+        "public": {
+          "name": "A public resource",
+          "url": "resource/public"
+        },
+        "bs": {
+          "name": "A secured resource, eg by scope",
+          "url": "resource/secured1"
+        },
+        "time": {
+          "name": "Another secured resource, eg by role",
+          "url": "resource/secured2"
+        }
+      }
+    }
+  }
+}
+```
+
+## Build
+
+For generating a `dist` directory ready to be copied to a web server
+static data tree, it's a straightforward:
+
+```sh
+pnpm run build
+```
+
+Eventually specify a `base url` (eg. accessible from `https://for.example.com/oidc-test-web`):

 ```sh
 pnpm run build --base oidc-test-web
-podman run -it --rm -p 8874:80 -v ./dist:/usr/share/nginx/html/oidc-test-web docker.io/nginx:alpine
+```
+
+## Deployment
+
+Examples of deployment are presented below.
+
+- Using the nginx default container, from the development source tree:
+
+```sh
+podman run -it --rm -p 8874:80 -v ./dist:/usr/share/nginx/html/oidc-test-web -v ./settings.json:/usr/share/nginx/html/oidc-test-web/settings.json docker.io/nginx:alpine
+```
+
+- The build is packaged in a provided container (see *pakcages*), serving with the `/oidc-test-web` base url:
+
+```sh
+podman run -it --rm -p 8874:80 -v ./settings.json:/usr/share/nginx/html/oidc-test-web/settings.json code.philo.ydns.eu/philorg/oidc-vue-test:latest
+```
+
+- A *quadlet* *systemd* service, in `~/.config/containers/systemd/oidc-vue-test.container`:
+
+```systemd
+[Container]
+ContainerName=oidc-vue-test
+Image=code.philo.ydns.eu/philorg/oidc-vue-test:latest
+Mount=type=bind,source=/path/to/settings.json,destination=/usr/share/nginx/html/oidc-test-web/settings.json
+PublishPort=8874:80
+
+[Service]
+Restart=always
+RestartSec=5
+
+[Unit]
+After=podman-user-wait-network-online.service
+
+[Install]
+WantedBy=default.target
+```
+
+Run with:
+
+```sh
+systemctl --user daemon-reload
+systemcrl --user start oidc-vue-test
 ```

 ## Frontend

+YMMV, easy with *Caddy*:
+
 ```Caddyfile
 handle /oidc-test-web {
  reverse-proxy hostname.domainame:8874