routers:
  keycloak:
    priority: 1
    entryPoint: https
    service: keycloak
    routes: 
      - Host(`auth.z.com`).PathPrefix(`/`)
    tls:
      certProvider: default
    # stripPrefix: true

  # openid:
  #   priority: 2
  #   entryPoint: http
  #   service: openid
  #   routes: 
  #     - Host(`127.0.0.1`).PathPrefix(`/keycloak/openid`)
  #   tls:
  #     certProvider: default
  #   stripPrefix: true

  # issuer:
  #   priority: 2
  #   entryPoint: https
  #   service: issuer
  #   routes: 
  #     - Host(`auth.z.com`).PathPrefix(`/issuer`)
  #   tls:
  #     certProvider: default
  #   stripPrefix: true

  # config:
  #   priority: 2
  #   entryPoint: http
  #   service: config
  #   routes: 
  #     - Host(`127.0.0.1`).PathPrefix(`/keycloak/config`)
  #   tls:
  #     certProvider: default
  #   stripPrefix: true

  # authorization:
  #   priority: 2
  #   entryPoint: https
  #   service: authorization
  #   routes: 
  #     - Host(`auth.z.com`).PathPrefix(`/auth`)
  #   tls:
  #     certProvider: default
  #   stripPrefix: true

  # token:
  #   priority: 2
  #   entryPoint: http
  #   service: token
  #   routes: 
  #     - Host(`127.0.0.1`).PathPrefix(`/keycloak/token`)
  #   tls:
  #     certProvider: default
  #   stripPrefix: true

  # introspection:
  #   priority: 2
  #   entryPoint: http
  #   service: introspection
  #   routes: 
  #     - Host(`127.0.0.1`).PathPrefix(`/keycloak/introspect`)
  #   tls:
  #     certProvider: default
  #   stripPrefix: true

  # userinfo:
  #   priority: 2
  #   entryPoint: http
  #   service: userinfo
  #   routes: 
  #     - Host(`127.0.0.1`).PathPrefix(`/keycloak/userinfo`)
  #   tls:
  #     certProvider: default
  #   stripPrefix: true

  # logout:
  #   priority: 2
  #   entryPoint: https
  #   service: logout
  #   routes: 
  #     - Host(`auth.z.com`).PathPrefix(`/logout`)
  #   tls:
  #     certProvider: default
  #   stripPrefix: true

  # certs:
  #   priority: 2
  #   entryPoint: http
  #   service: certs
  #   routes: 
  #     - Host(`127.0.0.1`).PathPrefix(`/keycloak/certs`)
  #   tls:
  #     certProvider: default
  #   stripPrefix: true

services:
  keycloak: http://127.0.0.1:8080

auth:
  keycloak:
    sessionSecret: keycloak
    paths:
      prefix: /auth
      login: /login
      logout: /logout
      callback: /callback
      postlogout: /post-logout
    openId:
      realm: dev
      client_id: dev_client
      client_secret: dWhSJgARBAuBAXN7sUTpqpIq2sKQdugs
      redirect_uri: https://app.z.com/auth/callback
      post_logout_redirect_uri: https://app.z.com/auth/post-logout
      issuer: https://auth.z.com/realms/dev/
      authURL: https://auth.z.com/realms/dev/protocol/openid-connect/auth
      logoutUrl: https://auth.z.com/realms/dev/protocol/openid-connect/logout
      config: https://auth.z.com/realms/dev/.well-known/openid-configuration
      tokenURL: http://127.0.0.1:8080/realms/dev/protocol/openid-connect/token
      userURL: http://127.0.0.1:8080/realms/dev/protocol/openid-connect/userinfo
      jwksURI: http://127.0.0.1:8080/realms/dev/protocol/openid-connect/certs