Fix client creation by adding serviceAccountsEnabled: true
to allow access token fetching
#12
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A fast follow to this issue: https://github.com/solo-io/solo-projects/issues/6993. We would likely want to discuss making different flows optional, but defaulting to setting this to true to allow a flow to be automatically set.
Because we previously weren't setting the
serviceAccountsEnabled: true
, we didn't have a method to use the client id + secret to retrieve an access token for a client (app). With this addition now we can use theclient_credentials
flow to get an access token.I verified by running my oauth branch in solo-projects, building + injecting a build of the idp with this branch, and going through the reproduction, where now when an oauth credential is generated (a client for an app) the service account (client_credential flow) is enabled.
Updated the circle CI image because the old one was deprecated and caused failures. Updated to
ubuntu-2204:2024.01.1
to match GME's image, which we previously were as well.Note: no tests, because unit tests verify the output (which hasn't changed) and e2e tests are for cognito. personally it would be overkill to create a whole new suite of keycloak tests for this addition + it would impact the completion of my client credential work in solo-projects.