From 922cd20adc0199db0b79ca878ca824e97755b07e Mon Sep 17 00:00:00 2001
From: Laurent Bossavit <laurent@MacBook-Pro-de-Laurent.local>
Date: Tue, 3 Dec 2024 16:12:02 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=A7=91=E2=80=8D=F0=9F=92=BB(keycloak)=20a?=
 =?UTF-8?q?dd=20siret=20attribute=20and=20mapper=20to=20Keycloak?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We can now find organization data as provided by ProConnect in user_info
---
 docker/auth/realm.json | 60 ++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 58 insertions(+), 2 deletions(-)

diff --git a/docker/auth/realm.json b/docker/auth/realm.json
index 0386314c6..f14d9e837 100644
--- a/docker/auth/realm.json
+++ b/docker/auth/realm.json
@@ -58,6 +58,23 @@
       ],
       "realmRoles": ["user"]
     },
+    {
+      "username": "marie",
+      "email": "marie.varzy@gmail.com",
+      "firstName": "Marie",
+      "lastName": "Devarzy",
+      "enabled": true,
+      "attributes": {
+          "siret": "21580304000017"
+      },
+      "credentials": [
+        {
+          "type": "password",
+          "value": "people"
+        }
+      ],
+      "realmRoles": ["user"]
+    },
     {
       "username": "user-e2e-chromium",
       "email": "user@chromium.e2e",
@@ -695,9 +712,17 @@
   "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
   "webAuthnPolicyPasswordlessAcceptableAaguids": [],
   "scopeMappings": [
+    {
+      "clientScope": "siret",
+      "roles": [
+        "user"
+      ]
+    },
     {
       "clientScope": "offline_access",
-      "roles": ["offline_access"]
+      "roles": [
+        "offline_access"
+      ]
     }
   ],
   "clientScopeMappings": {
@@ -947,6 +972,7 @@
         "acr",
         "roles",
         "profile",
+        "siret",
         "email"
       ],
       "optionalClientScopes": [
@@ -1107,6 +1133,35 @@
         }
       ]
     },
+    {
+      "id": "eb220fbb-02ac-4105-95a3-727954f6565d",
+      "name": "siret",
+      "description": "siret",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "true",
+        "display.on.consent.screen": "false",
+        "gui.order": ""
+      },
+      "protocolMappers": [
+        {
+          "id": "333a4e89-9363-4c36-b56f-79c6b019c6c6",
+          "name": "siret",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "aggregate.attrs": "false",
+            "userinfo.token.claim": "true",
+            "multivalued": "false",
+            "user.attribute": "siret",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "claim.name": "siret"
+          }
+        }
+      ]
+    },
     {
       "id": "af52ccc3-4ecb-49b4-9a67-5d4172f16070",
       "name": "role_list",
@@ -1573,7 +1628,8 @@
     "email",
     "roles",
     "web-origins",
-    "acr"
+    "acr",
+    "siret"
   ],
   "defaultOptionalClientScopes": [
     "offline_access",