routers:
  keycloak:
    is_auth_router: true
    # priority: 9999
    entryPoint: https
    service: keycloak
    routes: 
      - Host(`auth.z.com`).PathPrefix(`/`)
      # - Host(`auth.z.com`).PathPrefix(`/admin`)
      # - Host(`auth.z.com`).PathPrefix(`/realms`) 
      # - Host(`auth.z.com`).PathPrefix(`/resources`)
    tls:
      certProvider: default
    stripPrefix: false

services:
  keycloak: http://127.0.0.1:8080

auth:
  app_auth:
    auth_root_url: https://auth.z.com
    target_root_url: https://app.z.com
    auth_local_root_url: http://127.0.0.1:8080
    # sessionSecret: keycloak
    paths:
      prefix: /auth
      login: /login
      logout: /logout
      callback: /callback
      postlogout: /postlogout
    openId:
      realm: zprox
      client_id: zprox_client
      client_secret: dWhSJgARBAuBAXN7sUTpqpIq2sKQdugs
      end_points:
        # router target address
        redirect_uri: <{{target_root_url}}>/auth/callback
        post_logout_redirect_uri: <{{target_root_url}}>/auth/postlogout
        # router exposed address
        issuer: <{{auth_root_url}}>/realms/<{{realm}}>
        authURL: <{{auth_root_url}}>/realms/<{{realm}}>/protocol/openid-connect/auth
        logoutUrl: <{{auth_root_url}}>/realms/<{{realm}}>/protocol/openid-connect/logout
        # local address
        config: <{{auth_local_root_url}}>/realms/<{{realm}}>/.well-known/openid-configuration
        tokenURL: <{{auth_local_root_url}}>/realms/<{{realm}}>/protocol/openid-connect/token
        userURL: <{{auth_local_root_url}}>/realms/<{{realm}}>/protocol/openid-connect/userinfo
        jwksURI: <{{auth_local_root_url}}>/realms/<{{realm}}>/protocol/openid-connect/certs

  frontend_auth:
    auth_root_url: https://auth.z.com
    target_root_url: https://frontend.z.com
    auth_local_root_url: http://127.0.0.1:8080
    sessionSecret: keycloak
    paths:
      prefix: /auth
      login: /login
      logout: /logout
      callback: /callback
      postlogout: /postlogout
    openId:
      realm: zprox
      client_id: zprox_client
      client_secret: dWhSJgARBAuBAXN7sUTpqpIq2sKQdugs
      end_points:
        # router target address
        redirect_uri: <{{target_root_url}}>/auth/callback
        post_logout_redirect_uri: <{{target_root_url}}>/auth/postlogout
        # router exposed address
        issuer: <{{auth_root_url}}>/realms/<{{realm}}>
        authURL: <{{auth_root_url}}>/realms/<{{realm}}>/protocol/openid-connect/auth
        logoutUrl: <{{auth_root_url}}>/realms/<{{realm}}>/protocol/openid-connect/logout
        # local address
        config: <{{auth_local_root_url}}>/realms/<{{realm}}>/.well-known/openid-configuration
        tokenURL: <{{auth_local_root_url}}>/realms/<{{realm}}>/protocol/openid-connect/token
        userURL: <{{auth_local_root_url}}>/realms/<{{realm}}>/protocol/openid-connect/userinfo
        jwksURI: <{{auth_local_root_url}}>/realms/<{{realm}}>/protocol/openid-connect/certs