From ca3d9edacc99e41f14e6030a0b8c49fb8000785a Mon Sep 17 00:00:00 2001
From: tawoe <tawoe@posteo.de>
Date: Wed, 25 Jun 2025 14:16:17 +0200
Subject: [PATCH 1/2] add keycloak to env_example and README.md

---
 README.md   |  7 ++++++-
 env_example | 10 ++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8620213..bd9c27c 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,12 @@ Running in the cluster, it will look for "/var/run/secrets/kubernetes.io/service
 The script will assume that the OBP user is already created. If you want to create a new OBP user, set BOOTSTRAP_OBP_USER_EXISTS to false
 If you have not turned e-mail validation off (setting OBP_AUTHUSER_SKIPEMAILVALIDATION to true) on api side script will fail.
 ### Creating Consumer Keys
-Done via Selenium webdriver. Running host/image needs chrome installed and the chromedriver executable available in the PATH.
+Done via Selenium webdriver by default.
+Running host/image needs chrome installed and the chromedriver executable available in the PATH.
+
+Set REGISTER_WITH_KEYCLOAK = "true" if you want to register consumer keys via obp api with keycloak bearer token
+
+
 The script will read the existing consumer key pair from the k8s secret objects of the running api explorer and api manager deployments.
 
 It will only create consumer keys if 'VITE_OBP_CONSUMER_KEY' (api explorer) or 'OAUTH_CONSUMER_KEY' api manager) are:
diff --git a/env_example b/env_example
index 127a479..e9b3001 100644
--- a/env_example
+++ b/env_example
@@ -14,6 +14,16 @@ K8S_OBP_API_NAMESPACE = "obp"
 K8S_OBP_API_DEPLOYMENT = "obp-api"
 # ================================================
 
+# Set to true if you want to create consumer keys via obp api and keycloak bearer token instead of via portal page
+REGISTER_WITH_KEYCLOAK = "false"
+KEYCLOAK_SERVER = "https://mykeycloak.server
+# KEYCLOAK_DEPLOY_CLIENT_ID needs to be the same as configured in OBP_OAUTH2_KEYCLOAK_RESOURCE_ACCESS_KEY_NAME_TO_TRUST
+KEYCLOAK_DEPLOY_CLIENT_ID = "open-bank-project"
+KEYCLOAK_USERNAME = "keycloakadmin"
+KEYCLOAK_PASSWORD = "keycloakpasswd"
+KEYCLOAK_REALM = myrealm
+
+
 APP_NAME = "api explorer"
 # Name of the applications secret object in k8s
 APP_K8S_SECRET_NAME = "api explorer"

From 27c4429865006afa19e09958722f85082c0cc67d Mon Sep 17 00:00:00 2001
From: tawoe <tawoe@posteo.de>
Date: Wed, 25 Jun 2025 17:31:57 +0200
Subject: [PATCH 2/2] improve README.md Keycloak

---
 README.md | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index bd9c27c..85f0529 100644
--- a/README.md
+++ b/README.md
@@ -12,10 +12,16 @@ Running in the cluster, it will look for "/var/run/secrets/kubernetes.io/service
 The script will assume that the OBP user is already created. If you want to create a new OBP user, set BOOTSTRAP_OBP_USER_EXISTS to false
 If you have not turned e-mail validation off (setting OBP_AUTHUSER_SKIPEMAILVALIDATION to true) on api side script will fail.
 ### Creating Consumer Keys
-Done via Selenium webdriver by default.
+Done via the OBP Portal Page through Selenium webdriver by default, or via keycloak bearer token. 
+
+#### Creating Consumer Keys using the Portal Page
 Running host/image needs chrome installed and the chromedriver executable available in the PATH.
 
-Set REGISTER_WITH_KEYCLOAK = "true" if you want to register consumer keys via obp api with keycloak bearer token
+#### Creating Consumer Keys via OBP API with Keycloak bearer token
+
+OBP API needs to allow role assignment via bearer token: Set OBP_OAUTH2_KEYCLOAK_RESOURCE_ACCESS_KEY_NAME_TO_TRUST at OBP configuration/
+Set REGISTER_WITH_KEYCLOAK = "true" if you want to register consumer keys via obp api with keycloak bearer token.
+KEYCLOAK_DEPLOY_CLIENT_ID needs to be the same as configured in OBP_OAUTH2_KEYCLOAK_RESOURCE_ACCESS_KEY_NAME_TO_TRUST
 
 
 The script will read the existing consumer key pair from the k8s secret objects of the running api explorer and api manager deployments.