Fix the documentation for keycloak 20.0* and more

rgrunbla · nijel · commit 706c9e363387 · 2023-04-28T09:26:19.000+02:00
diff --git a/social_core/backends/keycloak.py b/social_core/backends/keycloak.py
@@ -25,45 +25,55 @@ class KeycloakOAuth2(BaseOAuth2):  # pylint: disable=abstract-method
 
     To set up, please take the following steps:
 
-    1. Create a new Keycloak client in the Clients section.
+    1. Create a new Keycloak client in the Clients section:
+
+        a. Choose the `Client ID` in the `General Settings` pane.
+
+        b. Select `Client authentication` and `Authorization` in the
+           `Capability config` pane.
 
     2. Configure the following parameters in the Client setup:
 
         Settings >
             Client ID (copy to settings as `KEY` value)
         Credentials >
             Client Authenticator >
-                Secret (copy to settings as `SECRET` value)
+                Use `Client Id and Secret` and copy the `Client secret` value
+                to settings as `SECRET` value
 
     3. For the tokens to work with the JWT setup the following configuration has
        to be made in Keycloak:
 
-        Settings >
-            Access Type >
-                confidential
-        Settings >
-            Fine Grain OpenID Connect Configuration >
-                User Info Signed
-        Response Algorithm >
-            RS256
-        Settings >
-            Fine Grain OpenID Connect Configuration >
-                Request Object Signature Algorithm > RS256
+        Advanced >
+            Fine grain OpenID Connect configuration >
+                User Info Signed Response Algorithm >
+                    RS256
+        Advanced >
+            Fine grain OpenID Connect configuration >
+                Request Object Signature Algorithm >
+                    RS256
+
+    4. Re-enable the audience (see https://issues.redhat.com/browse/KEYCLOAK-6638
+       for context):
+
+       Go to Client scopes > YOUR-CLIENT-ID-dedicated > Add mapper > Audience, pick
+       a name for the mapper and select the Client ID corresponding to your client
+       in `Included Client Audience`.
 
-    4. Get the public key (copy to settings as `PUBLIC_KEY` value) to be used
+    5. Get the public key (copy to settings as `PUBLIC_KEY` value) to be used
        with the backend:
 
         Realm Settings > Keys > Public key
 
-    5. Configure access token fields are configured via the Keycloak Client
+    6. Configure access token fields are configured via the Keycloak Client
        mappers:
 
         Clients > Client ID > Mappers
 
     They have to include at least the `ID_KEY` value and the dictionary keys
     defined in the `get_user_details` method.
 
-    6. Configure your web backend. Example setting values for Django settings
+    7. Configure your web backend. Example setting values for Django settings
        could be:
 
         SOCIAL_AUTH_KEYCLOAK_KEY = 'example'
@@ -75,7 +85,7 @@ class KeycloakOAuth2(BaseOAuth2):  # pylint: disable=abstract-method
         SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = \
           'https://sso.com/auth/realms/example/protocol/openid-connect/token'
 
-    7. The default behaviour is to associate users via username field, but you
+    8. The default behaviour is to associate users via username field, but you
        can change the key with e.g.
 
             SOCIAL_AUTH_KEYCLOAK_ID_KEY = 'email'
