dcovington
/
Campaign_Tracker
1
0
Bifurcation 0
Code Tickets 4 Demandes d'ajout 0 Versions 0 Wiki Activité
Étiquettes Jalons
Nouveau ticket

#3 Story 1.3: Keycloak Realm Configuration & OIDC Integration

Fermé
créé il y a 3 jours par nano · 0 commentaires
nano a commenté il y a 3 jours

Imported from _bmad-output/implementation-artifacts/1-3-keycloak-realm-configuration-oidc-integration.md.

# Story 1.3: Keycloak Realm Configuration & OIDC Integration

Status: ready-for-dev

Story

As a any team member, I want to authenticate using Keycloak single sign-on via OpenID Connect, so that I can securely access the application with my organizational credentials.

Acceptance Criteria

  1. Given a user navigates to the application while unauthenticated When they load any protected route Then they are redirected to the Keycloak login page for the configured realm
  2. Given a user enters valid Keycloak credentials When authentication succeeds Then they receive a JWT access token, are redirected to their role-specific workspace, and the authentication event is logged to the audit service within 5 seconds (NFR7)
  3. Given a user's access token expires When they make an authenticated request Then the refresh token flow silently renews the session or redirects to login if the refresh token is also expired
  4. Given an invalid or expired token is presented to the API When the request is processed Then the API returns 401 Unauthorized and the failed authentication attempt is captured in the audit log
  5. Given the application is deployed When traffic is inspected Then all communication is over TLS 1.2+ (NFR4) and sensitive token data is not exposed in URLs or logs

Tasks / Subtasks

  • Implement story behavior in aligned backend/frontend modules (AC: #1)
    • Add or update API/service/UI components required by the story scope
    • Keep legacy Access entities read-only and route writes to extension-layer structures
  • Cover acceptance criteria #2 in implementation and tests (AC: #2)
    • Add validation/error handling and UX state updates as needed
  • Cover acceptance criteria #3 in implementation and tests (AC: #3)
    • Add validation/error handling and UX state updates as needed
  • Cover acceptance criteria #4 in implementation and tests (AC: #4)
    • Add validation/error handling and UX state updates as needed
  • Validate and document completion evidence
    • Verify build/tests for touched modules
    • Capture changed files and any migration/config implications

Dev Notes

  • Follow Epic 1 architecture constraints: ASP.NET Core + React separation, RBAC-aware patterns, and immutable legacy tables.
  • Reuse shared component and workflow patterns defined in UX and architecture docs; avoid parallel custom implementations.
  • Keep changes scoped to this story; do not pull forward Epic 2+ features.

Project Structure Notes

  • Backend: BriansClientRouteReports.Server/
  • Frontend: brians-client-route-reports-client/
  • Story artifacts: _bmad-output/implementation-artifacts/

References

  • Story source: _bmad-output/planning-artifacts/epics.md (Epic 1 / Story 1.3)
  • Architecture constraints: _bmad-output/planning-artifacts/architecture.md
  • UX patterns: _bmad-output/planning-artifacts/ux-design-specification.md

Dev Agent Record

Agent Model Used

GPT-5 Codex

Debug Log References

  • Story generated from epic source and architecture/UX planning artifacts.

Completion Notes List

  • Story context created and marked ready-for-dev.

File List

  • _bmad-output/implementation-artifacts/1-3-keycloak-realm-configuration-oidc-integration.md
Imported from [_bmad-output/implementation-artifacts/1-3-keycloak-realm-configuration-oidc-integration.md](https://onefortheroadgit.sytes.net/dcovington/Campaign_Tracker/src/branch/main/_bmad-output/implementation-artifacts/1-3-keycloak-realm-configuration-oidc-integration.md). # Story 1.3: Keycloak Realm Configuration & OIDC Integration Status: ready-for-dev ## Story As a any team member, I want to authenticate using Keycloak single sign-on via OpenID Connect, so that I can securely access the application with my organizational credentials. ## Acceptance Criteria 1. **Given** a user navigates to the application while unauthenticated **When** they load any protected route **Then** they are redirected to the Keycloak login page for the configured realm 2. **Given** a user enters valid Keycloak credentials **When** authentication succeeds **Then** they receive a JWT access token, are redirected to their role-specific workspace, and the authentication event is logged to the audit service within 5 seconds (NFR7) 3. **Given** a user's access token expires **When** they make an authenticated request **Then** the refresh token flow silently renews the session or redirects to login if the refresh token is also expired 4. **Given** an invalid or expired token is presented to the API **When** the request is processed **Then** the API returns 401 Unauthorized and the failed authentication attempt is captured in the audit log 5. **Given** the application is deployed **When** traffic is inspected **Then** all communication is over TLS 1.2+ (NFR4) and sensitive token data is not exposed in URLs or logs ## Tasks / Subtasks - [ ] Implement story behavior in aligned backend/frontend modules (AC: #1) - [ ] Add or update API/service/UI components required by the story scope - [ ] Keep legacy Access entities read-only and route writes to extension-layer structures - [ ] Cover acceptance criteria #2 in implementation and tests (AC: #2) - [ ] Add validation/error handling and UX state updates as needed - [ ] Cover acceptance criteria #3 in implementation and tests (AC: #3) - [ ] Add validation/error handling and UX state updates as needed - [ ] Cover acceptance criteria #4 in implementation and tests (AC: #4) - [ ] Add validation/error handling and UX state updates as needed - [ ] Validate and document completion evidence - [ ] Verify build/tests for touched modules - [ ] Capture changed files and any migration/config implications ## Dev Notes - Follow Epic 1 architecture constraints: ASP.NET Core + React separation, RBAC-aware patterns, and immutable legacy tables. - Reuse shared component and workflow patterns defined in UX and architecture docs; avoid parallel custom implementations. - Keep changes scoped to this story; do not pull forward Epic 2+ features. ### Project Structure Notes - Backend: `BriansClientRouteReports.Server/` - Frontend: `brians-client-route-reports-client/` - Story artifacts: `_bmad-output/implementation-artifacts/` ### References - Story source: `_bmad-output/planning-artifacts/epics.md` (Epic 1 / Story 1.3) - Architecture constraints: `_bmad-output/planning-artifacts/architecture.md` - UX patterns: `_bmad-output/planning-artifacts/ux-design-specification.md` ## Dev Agent Record ### Agent Model Used GPT-5 Codex ### Debug Log References - Story generated from epic source and architecture/UX planning artifacts. ### Completion Notes List - Story context created and marked ready-for-dev. ### File List - `_bmad-output/implementation-artifacts/1-3-keycloak-realm-configuration-oidc-integration.md`
nano a ajouté l'étiquette
Sprint 1
il y a 3 jours
nano a ajouté cela au jalon Sprint 1 il y a 3 jours
Connectez-vous pour rejoindre cette conversation.
Aucune branche/tag spécifiés
Branches Tags
Étiquettes
Effacer les étiquettes
Sprint 1
Sprint 1 implementation stories
Pas d'étiquette
Sprint 1
Jalon
Effacer le jalon
Aucun jalon
Sprint 1
Affecté à
Supprimer les affectations
Pas d'assignataires
1 participants
Échéance

Aucune échéance n'a été définie.

Dépendances

Ce ticket n'a actuellement pas de dépendance.

Écrire Aperçu
Chargement…
Annuler
Enregistrer
Il n'existe pas encore de contenu.
Supprimer la branche '%!s(MISSING)'

Supprimer une branche est permanent. Cela NE PEUVENT être annulées. Continuer ?

Non
Oui

Powered by TurnKey Linux.