Following a request to make the list of audiences configurable, I have reworked the way audiences and resource-based roles work. Instead of defining a list of resources to apply roles to (via ServerConfig.Builder::withResourceToMapRolesTo or ServerConfig.Builder::withResourcesToMapRolesTo), the user can now define a list of default audiences (via ServerConfig.Builder::withDefaultAudience or ServerConfig.Builder::withDefaultAudiences). In a new, separate setting ServerConfig.Builder::withLoginRoleMapping, the user can decide whether the roles given by the login shall be applied to the realm, all audiences (which double as resources), or both. Whenever a resource-based role is added to a token configuration, its resource is now automatically added to the audience of the token.
In addition, the deprecated methods in ServerConfig were removed.
New features
- the login workflow now supports redirect URLs which contain request parameters or fragments
- the login page now uses CSS and is a lot nicer to look at 😁
- there is a new endpoint
/docswhich documents all endpoints implemented by the mock
Changed behavior
- the built-in keycloak.js script is now back to version 25.0.6, the latest version of Keycloak that still shipped keycloak.js
- the keycloak.js file is now served on the context path even if a non-standard path is configured