update to use keycloak-extensions and release standalone/bundled jar

README.md

@@ -19,6 +19,7 @@ The extensions herein are used in the [Phase Two](https://phasetwo.io) cloud off
   - [Installation](#installation)
     - [Admin UI](#admin-ui)
     - [Compatibility](#compatibility)
+  - [Related Tools](#related-tools)
   - [Extensions](#extensions)
     - [Data](#data)
       - [Models](#models)
@@ -51,7 +52,7 @@ But each of these approaches had tradeoffs of scale or frailty we found undesira
 
 ## Quick start
 
-The easiest way to get started is our [Docker image](https://quay.io/repository/phasetwo/phasetwo-keycloak?tab=tags). Documentation and examples for using it are in the [phasetwo-containers](https://github.com/p2-inc/phasetwo-containers) repo. The most recent version of this extension is included.
+The easiest way to get started is our [Docker image](https://quay.io/repository/phasetwo/phasetwo-keycloak?tab=info). Documentation and examples for using it are in the [phasetwo-containers](https://github.com/p2-inc/phasetwo-containers) repo. The most recent version of this extension is included.
 
 ## Building
 
@@ -60,7 +61,7 @@ Checkout this project and run `mvn package`, which will produce a jar in the `ta
 The build uses `keycloak-testsuite-utils` for the unit tests. If you want to run the tests, you'll need to install Keycloak from source locally, as the test utility never gets published to maven central by the Keycloak team. To build Keycloak from source you must check out the tag of the Keycloak version you are using and then build (do this in a separate directory):
 
 ```bash
-KC_VERSION=21.1.1
+KC_VERSION=22.0.3
 git clone https://github.com/keycloak/keycloak
 git fetch origin --tags
 git checkout $KC_VERSION
@@ -75,21 +76,26 @@ mvn clean install -Ptest
 
 ## Installation
 
-The maven build uses the shade plugin to package a fat-jar with all dependencies, except for the [`keycloak-admin-client`](https://mvnrepository.com/artifact/org.keycloak/keycloak-admin-client). Put the `keycloak-orgs` jar and `keycloak-admin-client` jar (that corresponds to your Keycloak version) in your `provider` (for Quarkus-based distribution) or in `standalone/deployments` (for Wildfly, legacy distribution) directory and restart Keycloak. It is unknown if these extensions will work with hot reloading using the legacy distribution.
+The jars that are distributed with the `bundle` classifier have the 3rd party dependencies bundled (via the Maven shade plugin), except for the [`keycloak-admin-client`](https://mvnrepository.com/artifact/org.keycloak/keycloak-admin-client). Put the `keycloak-orgs-{version}-bundle` jar and `keycloak-admin-client` jar (that corresponds to your Keycloak version) and its dependencies in the `providers/` directory of your Keycloak distribution and restart Keycloak. If you are installing several extensions that may have overlapping dependencies, it is recommended that you use the standalone jar, and manually install the dependencies, as you may run into version conflicts with the class files in the shaded jar.
 
 During the first run, some initial migrations steps will occur:
 
-- Database migrations will be run to add the tables for use by the JPA entities. These have been tested with SQL Server,
-  MySQL, MariaDB, H2, and Postgres. Other database types may fail.
+- Database migrations will be run to add the tables for use by the JPA entities. These have been tested with SQL Server, MySQL, MariaDB, H2, and Postgres. Other database types may fail.
 - Initial `realm-management` client roles (`view-organizations` and `manage-organizations`) will be be added to each realm.
 
 ### Admin UI
 
-If you are using the extension as bundled in the [Docker image](https://quay.io/repository/phasetwo/phasetwo-keycloak?tab=tags) or by building our [Admin UI theme](https://github.com/p2-inc/keycloak-ui), you must take an additional step in order to show that theme. In the Admin Console UI, go to the *Realm Settings* -> *Themes* page and select `phasetwo.v2`. Then, the "Organizations" section will be available in the left navigation. Because of a quirk in Keycloak, if you are logging in to the `master` realm, the theme must be set in *that* realm, rather than the realm you wish to administer.  
+If you are using the extension as bundled in the [Docker image](https://quay.io/repository/phasetwo/phasetwo-keycloak?tab=tags) or by building our [Admin UI theme](https://github.com/p2-inc/keycloak), you must take an additional step in order to show that theme. In the Admin Console UI, go to the *Realm Settings* -> *Themes* page and select `phasetwo.v2`. Then, the "Organizations" section will be available in the left navigation. Because of a quirk in Keycloak, if you are logging in to the `master` realm, the theme must be set in *that* realm, rather than the realm you wish to administer.
 
 ### Compatibility
 
-Although it has been developed and working since Keycloak 9.0.0, the extensions are currently known to work with Keycloak > 17.0.0. Other versions may work also. Please file an issue if you have successfully installed it with prior versions. Additionally, because of the fast pace of breaking changes since Keycloak "X" (Quarkus version), we don't make any guaranteed that this will work with any version other than it is packaged with in the [Docker image](https://quay.io/repository/phasetwo/phasetwo-keycloak?tab=tags).
+Although it has been developed and working since Keycloak 9.0.0, the extensions are currently known to work with Keycloak > 17.0.0. Other versions may work also. However, because of the fast pace of breaking changes since Keycloak "X" (Quarkus version), we don't make any guaranteed that this will work with any version other than it is packaged with in the [Docker image](https://quay.io/repository/phasetwo/phasetwo-keycloak?tab=tags).
+
+## Related tools
+
+This extension serves as the base for a growing set of tools, each which rely on the API and model exposed by this extension.
+- [Admin Portal](https://github.com/p2-inc/phasetwo-admin-portal). Account and Organization self-management portal for your users.
+- [IdP Wizard](https://github.com/p2-inc/phasetwo-idp-wizard). Setup wizards for Identity Providers and User Federation / Directory Sync for many popular vendors.
 
 ## Extensions
 
@@ -189,7 +195,7 @@ tbd screenshot of installing in flow
 
 ## License
 
-We’ve changed the license of our core extensions from the AGPL v3 to the [Elastic License v2](https://github.com/elastic/elasticsearch/blob/main/licenses/ELASTIC-LICENSE-2.0.txt). 
+We’ve changed the license of our core extensions from the AGPL v3 to the [Elastic License v2](COPYING). 
 
 - Our blog post on the subject https://phasetwo.io/blog/licensing-change/
 - An attempt at a clarification https://github.com/p2-inc/keycloak-orgs/issues/81#issuecomment-1554683102

pom.xml

@@ -30,7 +30,7 @@
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <main.java.package>io.phasetwo.service</main.java.package>
     <junit.version>4.13.2</junit.version>
-    <keycloak.version>22.0.1</keycloak.version>
+    <keycloak.version>22.0.3</keycloak.version>
     <lombok.version>1.18.28</lombok.version>
     <auto-service.version>1.1.1</auto-service.version>
     <jackson.version>2.15.2</jackson.version>
@@ -51,18 +51,24 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-jar-plugin</artifactId>
-	<version>3.2.0</version>
-        <configuration>
-          <archive>
-            <!-- This is required since we need to add the jboss module references
-                 to the resulting jar -->
-            <manifestEntries>
-              <!-- Adding explicit dependencies to avoid class-loading issues at runtime -->
-              <Dependencies>
-              <![CDATA[org.keycloak.keycloak-common,org.keycloak.keycloak-core,org.keycloak.keycloak-server-spi,org.keycloak.keycloak-server-spi-private,org.keycloak.keycloak-admin-client,org.apache.httpcomponents,org.keycloak.keycloak-services,org.keycloak.keycloak-saml-core,org.keycloak.keycloak-saml-core-public,org.jboss.logging,javax.api,javax.jms.api,javax.transaction.api,com.google.guava,com.fasterxml.jackson.core.jackson-core,com.fasterxml.jackson.core.jackson-annotations,com.fasterxml.jackson.core.jackson-databind,com.googlecode.owasp-java-html-sanitizer,org.apache.commons.io,org.bouncycastle,org.jboss.resteasy.resteasy-jaxrs]]></Dependencies>
-            </manifestEntries>
-          </archive>
-        </configuration>
+	<version>3.3.0</version>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-shade-plugin</artifactId>
+        <version>3.5.0</version>
+        <executions>
+          <execution>
+            <phase>package</phase>
+            <goals>
+              <goal>shade</goal>
+            </goals>
+            <configuration>
+              <shadedArtifactAttached>true</shadedArtifactAttached>
+              <shadedClassifierName>bundle</shadedClassifierName>
+            </configuration>
+          </execution>
+        </executions>
       </plugin>
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
@@ -241,13 +247,20 @@
       <scope>provided</scope>
     </dependency>
 
-    <!-- 3rd party deps -->
+    <!-- 3rd party provided deps -->
     <dependency>
       <groupId>com.google.guava</groupId>
       <artifactId>guava</artifactId>
       <version>32.0.0-jre</version>
       <scope>provided</scope>
     </dependency>
+
+    <!-- 3rd party deps -->
+    <dependency>
+      <groupId>io.phasetwo.keycloak</groupId>
+      <artifactId>keycloak-extensions</artifactId>
+      <version>0.2-SNAPSHOT</version>
+    </dependency>
     <dependency>
       <groupId>dnsjava</groupId>
       <artifactId>dnsjava</artifactId>

src/main/java/io/phasetwo/service/auth/IdpAuthenticator.java

@@ -1,5 +1,6 @@
 package io.phasetwo.service.auth;
 
+import io.phasetwo.keycloak.ext.auth.DefaultAuthenticator;
 import org.keycloak.authentication.AuthenticationFlowContext;
 import org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator;
 import org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext;

src/main/java/io/phasetwo/service/auth/OrgAddUserAuthenticatorFactory.java

@@ -3,6 +3,8 @@
 import static io.phasetwo.service.Orgs.*;
 
 import com.google.auto.service.AutoService;
+import io.phasetwo.keycloak.ext.auth.BaseAuthenticatorFactory;
+import io.phasetwo.keycloak.ext.auth.DefaultAuthenticator;
 import io.phasetwo.service.model.OrganizationModel;
 import io.phasetwo.service.model.OrganizationProvider;
 import java.util.Map;

src/main/java/io/phasetwo/service/auth/OrgNoteAuthenticatorFactory.java

@@ -3,6 +3,8 @@
 import static io.phasetwo.service.Orgs.*;
 
 import com.google.auto.service.AutoService;
+import io.phasetwo.keycloak.ext.auth.BaseAuthenticatorFactory;
+import io.phasetwo.keycloak.ext.auth.DefaultAuthenticator;
 import java.util.Map;
 import lombok.extern.jbosslog.JBossLog;
 import org.keycloak.authentication.AuthenticationFlowContext;

src/main/java/io/phasetwo/service/auth/UsernameNoteAuthenticator.java

@@ -2,7 +2,8 @@
 
 import static org.keycloak.services.validation.Validation.FIELD_USERNAME;
 
-import io.phasetwo.service.util.Emails;
+import io.phasetwo.keycloak.ext.auth.DefaultAuthenticator;
+import io.phasetwo.keycloak.ext.util.Emails;
 import jakarta.ws.rs.core.MultivaluedMap;
 import jakarta.ws.rs.core.Response;
 import lombok.extern.jbosslog.JBossLog;

src/main/java/io/phasetwo/service/auth/UsernameNoteAuthenticatorFactory.java

@@ -1,6 +1,7 @@
 package io.phasetwo.service.auth;
 
 import com.google.auto.service.AutoService;
+import io.phasetwo.keycloak.ext.auth.BaseAuthenticatorFactory;
 import org.keycloak.authentication.Authenticator;
 import org.keycloak.authentication.AuthenticatorFactory;
 import org.keycloak.models.KeycloakSession;

src/main/java/io/phasetwo/service/auth/idp/IdpSelectorAuthenticator.java

@@ -39,7 +39,7 @@ public void authenticate(AuthenticationFlowContext context) {
   }
 
   private void redirect(AuthenticationFlowContext context, String providerId) {
-    IdentityProviderModel identityProvider = context.getRealm().getIdentityProviderByAlias​(providerId);
+    IdentityProviderModel identityProvider = context.getRealm().getIdentityProviderByAlias(providerId);
     if (identityProvider != null && identityProvider.isEnabled()) {
       new Redirector(context).redirectTo(identityProvider);
         /*