From b713be161431729305701f80b3b6f53d2f07f62a Mon Sep 17 00:00:00 2001
From: ertopogo <erwin.t.pombett@gmail.com>
Date: Fri, 20 Feb 2026 19:36:00 +0100
Subject: Initial commit: schemas infrastructure Arauco avec serveur web

---
 micro/iam/keycloak_iam.mmd | 79 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 79 insertions(+)
 create mode 100644 micro/iam/keycloak_iam.mmd

(limited to 'micro/iam/keycloak_iam.mmd')

diff --git a/micro/iam/keycloak_iam.mmd b/micro/iam/keycloak_iam.mmd
new file mode 100644
index 0000000..ff7f0c7
--- /dev/null
+++ b/micro/iam/keycloak_iam.mmd
@@ -0,0 +1,79 @@
+%%{init: {'theme': 'base', 'flowchart': {'nodeSpacing': 60, 'rankSpacing': 60, 'padding': 20}}}%%
+flowchart LR
+
+    subgraph client ["Cote Client"]
+        direction TB
+        user_b["Navigateur<br/>Utilisateur"]
+        bearer["Token JWT<br/>dans le header"]
+        user_b --> bearer
+    end
+
+    subgraph keycloak ["Keycloak - npagnun 192.168.99.35"]
+        direction TB
+
+        subgraph endpoints ["Endpoints"]
+            direction LR
+            http[":8080 HTTP"]
+            https[":8443 HTTPS"]
+            health[":9000 Health"]
+        end
+
+        subgraph config ["Configuration"]
+            direction LR
+            realms["Realms<br/>master + custom"]
+            clients_kc["Clients OIDC<br/>portal, event-hub"]
+            users["Users<br/>& Groups"]
+            roles["Roles RBAC<br/>& Permissions"]
+        end
+
+        subgraph auth_flow ["Flux OIDC"]
+            direction LR
+            step1["1. /auth/realms/.../protocol/openid-connect/auth"]
+            step2["2. Login form + consent"]
+            step3["3. Callback avec code"]
+            step4["4. Exchange code -> tokens"]
+            step1 --> step2 --> step3 --> step4
+        end
+    end
+
+    subgraph db ["Base de donnees"]
+        postgres["PostgreSQL 15<br/>:5432 Docker interne<br/>DB: keycloak<br/>User: keycloak"]
+    end
+
+    subgraph applications ["Applications"]
+        direction TB
+        portal["Portal Korradi<br/>Next.js"]
+        eventhub["Event Hub<br/>Fastify"]
+        widget["Widget SDK"]
+    end
+
+    subgraph model ["Modele de donnees"]
+        direction LR
+        org["Organisation"] --> sp["Spaces"] --> ctx["Contexts"] --> wdg["Widgets"]
+    end
+
+    user_b -->|"Login request"| endpoints
+    step4 -->|"access_token<br/>+ refresh_token"| user_b
+    bearer -->|"Authorization: Bearer ..."| applications
+
+    keycloak --> postgres
+
+    portal -->|"Token verify"| keycloak
+    eventhub -->|"Token verify"| keycloak
+    widget -->|"Token verify"| keycloak
+
+    roles -.->|"RBAC / ABAC"| model
+
+    classDef iamStyle fill:#4a1e3a,stroke:#d94a8a,color:#f0a8c8
+    classDef storStyle fill:#4a3a1e,stroke:#d9a84a,color:#f0d8a8
+    classDef appStyle fill:#1e4a2e,stroke:#4a9a6a,color:#a8e0c0
+    classDef userStyle fill:#1e3a5f,stroke:#4a90d9,color:#a8d0f0
+    classDef modelStyle fill:#3a1e5f,stroke:#8a6ad9,color:#c8b0f0
+    classDef flowStyle fill:#3a2a1e,stroke:#aa7a4a,color:#e8c8a0
+
+    class user_b,bearer userStyle
+    class http,https,health,realms,clients_kc,users,roles iamStyle
+    class step1,step2,step3,step4 flowStyle
+    class postgres storStyle
+    class portal,eventhub,widget appStyle
+    class org,sp,ctx,wdg modelStyle
-- 
cgit v1.2.3