From fcf7032769c6fe3e6537c89ede182b0ee1f8c72d Mon Sep 17 00:00:00 2001
From: Mary Dickson <mary.dickson@virtru.com>
Date: Tue, 3 Feb 2026 15:12:58 -0800
Subject: [PATCH] feat(keycloak): add public client for browser-based SDK
 authentication

Add opentdf-public client and enable direct access grants to support
browser-based JavaScript SDK quickstart authentication flow.

Signed-off-by: Mary Dickson <mary.dickson@virtru.com>
---
 service/cmd/keycloak_data.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/service/cmd/keycloak_data.yaml b/service/cmd/keycloak_data.yaml
index ef54501c48..e26fc036af 100644
--- a/service/cmd/keycloak_data.yaml
+++ b/service/cmd/keycloak_data.yaml
@@ -77,10 +77,23 @@ realms:
           name: cli-client
           serviceAccountsEnabled: false
           publicClient: true
+          directAccessGrantsEnabled: true
           redirectUris:
             - 'http://localhost:*'
           protocolMappers:
             - *customAudMapper
+      - client:
+          clientID: opentdf-public
+          enabled: true
+          name: opentdf-public
+          serviceAccountsEnabled: false
+          publicClient: true
+          directAccessGrantsEnabled: true
+          redirectUris:
+            - 'http://localhost:*'
+            - 'http://127.0.0.1:*'
+          protocolMappers:
+            - *customAudMapper
     users:
       - username: sample-user
         enabled: true