mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat: implement OIDC PKCE flow for Keycloak login with frontend-client

Browse Source 
Completed OIDC Authorization Code Flow with PKCE (S256) for JS and JVM platforms.
- Added `launchOidcFlow`, `consumePendingOidcCallback`, and `getOidcRedirectUri` with platform-specific implementations.
- Integrated SHA-256 and Base64URL helpers for PKCE.
- Updated `LoginViewModel` with OIDC logic (key handling, token exchange, state validation).
- Enhanced `LoginScreen` with an OIDC login button and loading spinner.
- Verified implementation with system hardening roadmap tasks.

Includes browser redirects for JS, localhost HTTP callback for JVM, and built-in Keycloak URL construction.

Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
This commit is contained in:
Stefan Mogeritsch
2026-03-09 11:54:35 +01:00
parent 2db3fd82c5
commit b9a433f772
12 changed files with 662 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/01_Architecture/_archive/2026-01-15_Roadmap_2026_Q1.md
+2 -1
View File
@@ -57,7 +57,8 @@ Anbindung des Frontends an den neuen Service.
### 3.1 HTTP Client & Sync (Frontend Expert)
- [ ] **Ktor Client:** Konfiguration des HTTP-Clients für die Kommunikation mit dem Gateway (`http://localhost:8080`).
- [ ] **Auth:** Implementierung des OIDC-Flows im Frontend (Login via Keycloak), Speichern des Tokens.
- [x] **Auth:** Implementierung des OIDC-Flows im Frontend (Login via Keycloak), Speichern des Tokens. _(verifiziert
2026-03-09: PKCE S256 + frontend-client + JVM/JS actual-Implementierungen)_
- [ ] **Integration:** Aufruf von `/api/ping` und `/api/ping/secure` und Anzeige im UI.
### 3.2 Offline-Sync Basis (Frontend Expert)
docs/01_Architecture/_archive/2026-01-15_Roadmap_System_Hardening.md
+7 -2
View File
@@ -68,5 +68,10 @@ last_update: 2026-03-09
- Prüfen der `kotlinx-browser` Version.
### 3.2 Auth Integration
- [ ] **OIDC Client:** _(offen — abhängig von Keycloak Härtung)_
- Implementierung des Login-Flows mit `ktor-client-auth` und Keycloak.
- [x] **OIDC Client:** _(verifiziert 2026-03-09)_
- PKCE Authorization Code Flow (S256) mit `frontend-client`.
- Pure Kotlin SHA-256 + PkceHelper (commonMain, kein expect/actual).
- JVM: lokaler Callback-Server (Port 18080) + `Desktop.browse()`.
- JS: Seiten-Redirect + URL-Parsing beim App-Start + `replaceState`-Bereinigung.
- `LoginViewModel` + `LoginScreen` um OIDC-Button erweitert.