[FEAT] Add integration tests to detect breaking changes with new keycloak versions

[mboisnard]

Is your feature request related to a problem? Please describe. We don't check if the plugin is compatible with new keycloak versions

Describe the solution you'd like

• Add some integration tests (plugin is deployed, FC theme works, plugin configuration is ok, ...) using Keycloak TestContainers dependency (it starts a Keycloak container only for testing)

• Retrieve Keycloak existing versions (using Docker Hub Api: https://hub.docker.com/v2/repositories/jboss/keycloak/tags/?page_size=100)

• Execute tests foreach Keycloak Docker Image (from 9.0.2 to latest)

• Trigger Github actions workflow every week

[micedre]

We could use https://github.com/dasniko/testcontainers-keycloak for this. The real stopper now is a way to test FranceConnect. We could use the test env but this requires to use fixed url for the integration test (and a way to override dns resolution).

[micedre]

FranceConnect and AgentConnect source here https://github.com/france-connect/sources. Maybe we can use it for integration test.

[mboisnard]

We could use https://github.com/dasniko/testcontainers-keycloak for this. The real stopper now is a way to test FranceConnect. We could use the test env but this requires to use fixed url for the integration test (and a way to override dns resolution).

@micedre Is it possible to configure a static localhost authorized redirect / logout uri for FC+ / AC integration accounts ? I think I can create acceptance tests with codeceptjs and selenium to configure Keycloak and start a session using FC inside an headless Chrome. I still have a pain point with Github Action to run a Keycloak container with latest FC plugin but I will find a solution :)

[micedre]

FC+ or AC disallow the use of localhost as authorized redirect_uri. For local tests, they recommend to use a complete domain (localhost.test or other) by modifying the hosts file.

[mboisnard]

Ok, is http scheme authorized? I think this Github Action can work for our usecase: https://github.com/mboisnard/Keycloak-FranceConnect/blob/master/.github/workflows/acceptance-tests.yml (redirect uri: http://localhost.test:8080/auth/realms/test/broker/franceconnect-particulier/endpoint)

[micedre]

I'll ask, but I don't think it will be accepted. That said, generating a certificate would be hard?

[mboisnard]

It can be painful but it's possible ^^ I have a question about the JWE workflow: How does FC know the rsa public key used for encryption? Is it manually added on FC platform? Is Keycloak Jwks endpoint called by FC?