fix(compose): Include the ort-server-client client scope

mnonnenmacher · oheger-bosch · commit f4f0ad3baff1 · 2025-12-02T06:58:06.000+01:00
Include the `ort-server-client` client scope in the `ort-server-ui` and
`ort-server-ui-dev` clients by default. This ensures that the
`ort-server` client is included in the audience claim even when the user
has no roles from that client assigned. Otherwise, the backend will not
accept the JWT from such users.

Signed-off-by: Martin Nonnenmacher &lt;martin.nonnenmacher@bosch.com&gt;
diff --git a/scripts/docker/keycloak/master-realm.json b/scripts/docker/keycloak/master-realm.json
@@ -704,7 +704,7 @@
     "authenticationFlowBindingOverrides" : { },
     "fullScopeAllowed" : true,
     "nodeReRegistrationTimeout" : -1,
-    "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ],
+    "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email", "ort-server-client" ],
     "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
   }, {
     "id" : "90717130-1595-44ea-9658-0c8a507d4879",
@@ -749,7 +749,7 @@
     "authenticationFlowBindingOverrides" : { },
     "fullScopeAllowed" : true,
     "nodeReRegistrationTimeout" : -1,
-    "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email" ],
+    "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "basic", "email", "ort-server-client" ],
     "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
   }, {
     "id" : "115c6dcc-fcba-460c-95bb-f2ad93a2aba3",
