Skip to content

Keycloak: Calendars Realm¶

Realm Configuration¶

{
  "realm": "calendars",
  "displayName": "Calendars",
  "enabled": true,
  "sslRequired": "external",
  "registrationAllowed": false,
  "loginWithEmailAllowed": true,
  "defaultSignatureAlgorithm": "RS256"
}

Clients¶

`calendars` (Public OIDC Client)¶

Setting	Value
Client ID	`calendars`
Client Secret	`<generate>`
Redirect URIs	`https://calendars.<domain>/`, `https://api.calendars.<domain>/`
Web Origins	`https://calendars.<domain>`, `https://api.calendars.<domain>`
Post Logout Redirect URIs	Same as redirect URIs
Standard Flow	Enabled
Front Channel Logout	Enabled

No Service Account Needed¶

Unlike Messages, the Calendars realm doesn't need a rest-api service account. Calendars doesn't manage Keycloak users or groups — it communicates with Messages through server-to-server API tokens.

Environment Mapping¶

The Calendars .env maps to these values:

OIDC_RP_CLIENT_ID=calendars
OIDC_RP_CLIENT_SECRET=<calendars-client-secret>