first commit

2025-11-12 10:14:13 +01:00 · 2025-11-12 10:14:13 +01:00 · 4d46891323
commit 4d46891323
1 changed files with 382 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,382 @@
+# ✅ Parte 1: Guida completa per installare e configurare Keycloak come server OAuth2/OIDC locale
+
+## Step 1: Scarica e avvia Keycloak
+
+Vai su (https://www.keycloak.org/downloads)
+
+Scarica la versione Quarkus distribution.
+
+Avvia in modalità sviluppo:
+
+	./bin/kc.sh start-dev
+
+Keycloak sarà disponibile su:
+
+	http://localhost:8080
+
+## Step 2: Configura Realm e Client
+
+Accedi alla console admin: 
+
+	http://localhost:8080/admin.
+
+Crea un Realm (es. flutter-realm).
+
+Crea un Client:
+
+Tipo: Public
+
+Nome: flutter-app
+
+Redirect URI:
+
+	com.tuaapp:/oauthredirect
+
+
+Abilita Standard Flow (Authorization Code).
+
+Salva il Client ID.
+
+## Step 3: Configura utenti
+
+Vai su Users → Aggiungi utente → Imposta credenziali.
+
+Ora hai un utente locale per il login.
+
+
+## Step 4: Sicurezza
+
+In locale puoi usare HTTP, ma in produzione serve HTTPS.
+
+Abilita PKCE per sicurezza (Keycloak lo supporta di default).
+
+# ✅ Parte 2: Esempio Flutter che si collega a Keycloak locale
+
+Dipendenze
+
+```sh
+dependencies:
+  flutter_appauth: ^6.0.0
+  flutter_secure_storage: ^9.0.0
+```
+
+Codice
+
+```sh
+import 'package:flutter_appauth/flutter_appauth.dart';
+import 'package:flutter_secure_storage/flutter_secure_storage.dart';
+
+final FlutterAppAuth appAuth = FlutterAppAuth();
+final storage = FlutterSecureStorage();
+
+Future<void> login() async {
+  final AuthorizationTokenResponse? result = await appAuth.authorizeAndExchangeCode(
+    AuthorizationTokenRequest(
+      'flutter-app', // Client ID
+      'com.tuaapp:/oauthredirect', // Redirect URI
+      issuer: 'http://localhost:8080/realms/flutter-realm',
+      scopes: ['openid', 'profile', 'email'],
+    ),
+  );
+
+  if (result != null) {
+    await storage.write(key: 'access_token', value: result.accessToken);
+    await storage.write(key: 'id_token', value: result.idToken);
+    print('Login OK: ${result.accessToken}');
+  }
+}
+```
+
+Refresh Token
+```sh
+Future<void> refreshToken() async {
+  final refreshToken = await storage.read(key: 'refresh_token');
+  if (refreshToken != null) {
+    final TokenResponse? response = await appAuth.token(
+      TokenRequest(
+        'flutter-app',
+        'com.tuaapp:/oauthredirect',
+        refreshToken: refreshToken,
+        issuer: 'http://localhost:8080/realms/flutter-realm',
+      ),
+    );
+    if (response != null) {
+      await storage.write(key: 'access_token', value: response.accessToken);
+    }
+  }
+}
+```
+
+
+# ✅ Dockerfile per Keycloak
+Questo crea un container con Keycloak in modalità sviluppo:
+
+Dockerfile
+```sh
+FROM quay.io/keycloak/keycloak:24.0.4
+
+# Imposta la modalità sviluppo
+ENV KC_DB=dev-mem
+ENV KC_HTTP_PORT=8080
+ENV KC_HOSTNAME=localhost
+
+# Avvia Keycloak in modalità sviluppo
+```
+Build e Run
+
+```sh
+docker build -t keycloak-local .
+docker run -p 8080:8080 keycloak-local
+```
+
+## ✅ docker-compose.yml
+Se vuoi aggiungere persistenza e database (PostgreSQL):
+
+```sh
+version: '3.8'
+services:
+  keycloak:
+    image: quay.io/keycloak/keycloak:24.0.4
+    container_name: keycloak
+    environment:
+      KC_DB: postgres
+      KC_DB_URL_HOST: postgres
+      KC_DB_URL_DATABASE: keycloak
+      KC_DB_USERNAME: keycloak
+      KC_DB_PASSWORD: keycloak
+      KC_HOSTNAME: localhost
+    ports:
+      - "8080:8080"
+    command:
+      - start-dev
+    depends_on:
+      - postgres
+
+  postgres:
+    image: postgres:15
+    container_name: postgres
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: keycloak
+    ports:
+      - "5432:5432"
+```
+
+## ✅ Come usarlo
+
+Salva il file come docker-compose.yml.
+
+e avvia con
+
+	docker-compose up -d
+
+Accedi a Keycloak su http://localhost:8080.
+
+Crea Realm, Client, e imposta il Redirect URI per la tua app Flutter.
+
+
+## ✅ Script Bash: init-keycloak.sh
+
+```sh
+#!/bin/bash
+
+# Variabili
+KEYCLOAK_URL="http://localhost:8080"
+REALM_NAME="mio-realm"
+CLIENT_ID="flutter-app"
+REDIRECT_URI="com.tuaapp:/oauthredirect"
+ADMIN_USER="admin"
+ADMIN_PASS="admin"
+
+# Login come admin
+/opt/keycloak/bin/kcadm.sh config credentials \
+    --server $KEYCLOAK_URL \
+    --realm master \
+    --user $ADMIN_USER \
+    --password $ADMIN_PASS
+
+# Crea Realm
+/opt/keycloak/bin/kcadm.sh create realms \
+    -s realm=$REALM_NAME \
+    -s enabled=true
+
+# Crea Client
+/opt/keycloak/bin/kcadm.sh create clients -r $REALM_NAME \
+    -s clientId=$CLIENT_ID \
+    -s enabled=true \
+    -s publicClient=true \
+    -s redirectUris="[\"$REDIRECT_URI\"]" \
+    -s protocol=openid-connect \
+    -s standardFlowEnabled=true \
+    -s directAccessGrantsEnabled=true
+
+echo "✅ Realm '$REALM_NAME' e Client '$CLIENT_ID' creati con successo!"
+```
+### ✅ Come usarlo con Docker
+
+Copia lo script in una cartella.
+
+Aggiorna docker-compose.yml aggiungendo un volume per montare lo script:
+
+```sh
+volumes:
+  - ./init-keycloak.sh:/opt/keycloak/init-keycloak.sh
+```
+
+Dopo che il container è avviato, esegui:
+
+	docker exec -it keycloak bash /opt/keycloak/init-keycloak.sh
+
+## Nginx config
+
+```sh
+server {
+    listen 443 ssl;
+    server_name keycloak.local;
+
+    ssl_certificate /etc/nginx/ssl/keycloak.crt;
+    ssl_certificate_key /etc/nginx/ssl/keycloak.key;
+
+    location / {
+        proxy_pass http://keycloak:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+}
+
+server {
+    listen 80;
+    server_name keycloak.local;
+    return 301 https://$host$request_uri;
+}
+```
+
+## Flutter
+
+1. Dipendenze
+
+Nel pubspec.yaml:
+
+```sh
+dependencies:
+  flutter_appauth: ^6.0.0
+  flutter_secure_storage: ^9.0.0
+  http: ^1.2.0
+```
+
+2. Configurazione Keycloak
+
+Realm: mio-realm
+
+Client: flutter-app
+
+Redirect URI: com.tuaapp:/oauthredirect
+
+Abilita:
+
+standardFlowEnabled=true
+
+directAccessGrantsEnabled=true (per registrazione via API)
+
+3. Codice Flutter
+
+Ecco il file auth_service.dart:
+
+```sh
+import 'package:flutter_appauth/flutter_appauth.dart';
+import 'package:flutter_secure_storage/flutter_secure_storage.dart';
+import 'package:http/http.dart' as http;
+import 'dart:convert';
+
+class AuthService {
+  final FlutterAppAuth _appAuth = FlutterAppAuth();
+  final FlutterSecureStorage _secureStorage = const FlutterSecureStorage();
+
+  final String clientId = 'flutter-app';
+  final String redirectUri = 'com.tuaapp:/oauthredirect';
+  final String issuer = 'https://keycloak.local/realms/mio-realm';
+  final List<String> scopes = ['openid', 'profile', 'email'];
+
+  Future<void> login() async {
+    final result = await _appAuth.authorizeAndExchangeCode(
+      AuthorizationTokenRequest(
+        clientId,
+        redirectUri,
+        issuer: issuer,
+        scopes: scopes,
+      ),
+    );
+
+    if (result != null) {
+      await _secureStorage.write(key: 'access_token', value: result.accessToken);
+      await _secureStorage.write(key: 'refresh_token', value: result.refreshToken);
+      await _secureStorage.write(key: 'id_token', value: result.idToken);
+    }
+  }
+
+  Future<void> logout() async {
+    await _secureStorage.deleteAll();
+  }
+
+  Future<void> register(String username, String password, String email) async {
+    final url = '$issuer/protocol/openid-connect/token';
+    // Usa le API Admin di Keycloak o un endpoint custom
+    // Qui esempio con Direct Access Grant (non consigliato in produzione)
+    final response = await http.post(
+      Uri.parse('$issuer/protocol/openid-connect/token'),
+      headers: {'Content-Type': 'application/x-www-form-urlencoded'},
+      body: {
+        'client_id': clientId,
+        'grant_type': 'password',
+        'username': username,
+        'password': password,
+      },
+    );
+    if (response.statusCode == 200) {
+      final data = jsonDecode(response.body);
+      await _secureStorage.write(key: 'access_token', value: data['access_token']);
+      await _secureStorage.write(key: 'refresh_token', value: data['refresh_token']);
+    } else {
+      throw Exception('Errore registrazione/login');
+    }
+  }
+}
+```
+
+4. UI di esempio
+
+Nel main.dart:
+
+```sh
+import 'package:flutter/material.dart';
+import 'auth_service.dart';
+
+void main() => runApp(MyApp());
+
+class MyApp extends StatelessWidget {
+  final AuthService authService = AuthService();
+
+  @override
+  Widget build(BuildContext context) {
+    return MaterialApp(
+      home: Scaffold(
+        appBar: AppBar(title: Text('Login & Registrazione')),
+        body: Center(
+          child: Column(
+            mainAxisAlignment: MainAxisAlignment.center,
+            children: [
+              ElevatedButton(onPressed: authService.login, child: Text('Login')),
+              ElevatedButton(onPressed: () => authService.register('user', 'pass', 'email@test.com'), child: Text('Registrati')),
+              ElevatedButton(onPressed: authService.logout, child: Text('Logout')),
+            ],
+          ),
+        ),
+      ),
+    );
+  }
+}
+```
+