{
  "realm": "hemhub",
  "enabled": true,
  "displayName": "HemHub",
  "registrationAllowed": false,
  "loginWithEmailAllowed": true,
  "duplicateEmailsAllowed": false,
  "resetPasswordAllowed": true,
  "editUsernameAllowed": false,

  "roles": {
    "realm": [
      { "name": "OWNER" },
      { "name": "MEMBER" },
      { "name": "ADMIN" }
    ]
  },

  "users": [
    {
      "username": "maria",
      "email": "maria@example.com",
      "firstName": "Maria",
      "lastName": "Andersson",
      "enabled": true,
      "emailVerified": true,
      "attributes": { "household_id": ["H-ANDERSSON"] },
      "credentials": [{ "type": "password", "value": "Passw0rd", "temporary": false }],
      "realmRoles": ["OWNER","MEMBER"]
    },
    {
      "username": "ulf",
      "email": "ulf@example.com",
      "firstName": "Ulf",
      "lastName": "Svensson",
      "enabled": true,
      "emailVerified": true,
      "attributes": { "household_id": ["H-ANDERSSON"] },
      "credentials": [{ "type": "password", "value": "Passw0rd", "temporary": false }],
      "realmRoles": ["MEMBER"]
    }
  ],

  "clientScopes": [
    {
      "name": "roles",
      "description": "OpenID Connect scope for add user roles to the access token",
      "protocol": "openid-connect",
      "attributes": { "include.in.token.scope": "true" },
      "protocolMappers": [
        {
          "name": "realm roles",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-realm-role-mapper",
          "consentRequired": false,
          "config": {
            "claim.name": "realm_access.roles",
            "jsonType.label": "String",
            "multivalued": "true",
            "usermodel.realmRoleMapping.rolePrefix": "",
            "access.token.claim": "true",
            "id.token.claim": "false"
          }
        }
      ]
    },
    {
      "name": "profile",
      "description": "Standard OpenID Connect profile claims",
      "protocol": "openid-connect",
      "attributes": { "include.in.token.scope": "true" },
      "protocolMappers": [
        {
          "name": "preferred username",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-property-mapper",
          "config": {
            "user.attribute": "username",
            "claim.name": "preferred_username",
            "jsonType.label": "String",
            "access.token.claim": "true",
            "id.token.claim": "true"
          }
        },
        {
          "name": "given name",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-property-mapper",
          "config": {
            "user.attribute": "firstName",
            "claim.name": "given_name",
            "jsonType.label": "String",
            "access.token.claim": "true",
            "id.token.claim": "true"
          }
        },
        {
          "name": "family name",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-property-mapper",
          "config": {
            "user.attribute": "lastName",
            "claim.name": "family_name",
            "jsonType.label": "String",
            "access.token.claim": "true",
            "id.token.claim": "true"
          }
        },
        {
          "name": "name",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-full-name-mapper",
          "config": {
            "access.token.claim": "true",
            "id.token.claim": "true"
          }
        }
      ]
    },
    {
      "name": "email",
      "description": "Standard OpenID Connect email claims",
      "protocol": "openid-connect",
      "attributes": { "include.in.token.scope": "true" },
      "protocolMappers": [
        {
          "name": "email",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-property-mapper",
          "config": {
            "user.attribute": "email",
            "claim.name": "email",
            "jsonType.label": "String",
            "access.token.claim": "true",
            "id.token.claim": "true"
          }
        },
        {
          "name": "email verified",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-property-mapper",
          "config": {
            "user.attribute": "emailVerified",
            "claim.name": "email_verified",
            "jsonType.label": "boolean",
            "access.token.claim": "true",
            "id.token.claim": "true"
          }
        }
      ]
    },
    {
      "name": "hemhub-extra",
      "description": "Custom claims for HemHub",
      "protocol": "openid-connect",
      "attributes": { "include.in.token.scope": "true" },
      "protocolMappers": [
        {
          "name": "household_id",
          "protocol": "openid-connect",
          "protocolMapper": "oidc-usermodel-attribute-mapper",
          "config": {
            "user.attribute": "household_id",
            "claim.name": "household_id",
            "jsonType.label": "String",
            "access.token.claim": "true",
            "id.token.claim": "true"
          }
        }
      ]
    }
  ],

  "defaultDefaultClientScopes": [ "roles", "profile", "email", "hemhub-extra" ],
  "defaultOptionalClientScopes": [ "offline_access" ],

  "clients": [
    {
      "clientId": "hemhub-public",
      "name": "HemHub Public",
      "enabled": true,
      "publicClient": true,
      "protocol": "openid-connect",
      "standardFlowEnabled": true,
      "directAccessGrantsEnabled": true,
      "serviceAccountsEnabled": false,
      "attributes": { "pkce.code.challenge.method": "S256" },
      "redirectUris": [
        "http://localhost:8080/swagger-ui/*",
        "http://localhost:5173/*"
      ],
      "webOrigins": ["*"]
    },
    {
      "clientId": "hemhub-service",
      "name": "HemHub Service",
      "enabled": true,
      "publicClient": false,
      "protocol": "openid-connect",
      "standardFlowEnabled": false,
      "directAccessGrantsEnabled": false,
      "serviceAccountsEnabled": true,
      "secret": "dev-secret"
    }
  ]
}