Add Keycloak authentication for dashboard and API endpoints

Dashboard: OAuth2/OIDC login flow with PKCE, session-based auth middleware protecting all server function endpoints, check-auth server function for frontend auth state, login page gate in AppShell, user info in sidebar. Agent API: JWT validation middleware using Keycloak JWKS endpoint, conditionally enabled when KEYCLOAK_URL and KEYCLOAK_REALM are set. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 23:59:52 +01:00
parent 42cabf0582
commit daaa588fc3
21 changed files with 745 additions and 13 deletions
--- a/compliance-dashboard/Cargo.toml
+++ b/compliance-dashboard/Cargo.toml
@@ -27,6 +27,12 @@ server = [
    "dep:dioxus-cli-config",
    "dep:dioxus-fullstack",
    "dep:tokio",
+    "dep:tower-sessions",
+    "dep:time",
+    "dep:rand",
+    "dep:url",
+    "dep:sha2",
+    "dep:base64",
 ]

 [dependencies]
@@ -54,3 +60,9 @@ dotenvy = { version = "0.15", optional = true }
 tokio = { workspace = true, optional = true }
 dioxus-cli-config = { version = "=0.7.3", optional = true }
 dioxus-fullstack = { version = "=0.7.3", optional = true }
+tower-sessions = { version = "0.15", default-features = false, features = ["axum-core", "memory-store", "signed"], optional = true }
+time = { version = "0.3", default-features = false, optional = true }
+rand = { version = "0.9", optional = true }
+url = { version = "2", optional = true }
+sha2 = { workspace = true, optional = true }
+base64 = { version = "0.22", optional = true }