**** PEACHY IDENTITY PROVIDER 64 ****
64K RAM SYSTEM · KEYCLOAK LOADED · READY.
◆ PEACHY IDP · KEYCLOAK SHOWCASE
WE ARE THE IDENTITY PROVIDER · OAUTH 2.0 / OPENID CONNECT · USER STORE IN REALM peachy
◆ WHAT THIS SHOWS OFF
- Keycloak as a full IdP on PeachyServer (not a social login bolt-on).
- User store in realm
peachy — register yourself; accounts live here.
- OAuth 2.0 / OIDC authorization code flow to a real app (the notice board).
- Client
peachy-board with redirect URIs, scopes, and logout.
- After you register/sign in, you can read & post on the C64 Peachy Notice Board.
◆ HOW TO TRY IT (30 SECONDS)
- Hit REGISTER — Keycloak account form (user store write).
- Complete signup → redirected back via OIDC
code exchange.
- Land on the Notice Board as an authenticated citizen.
- Post a message. Log out ends the Keycloak SSO session too.
◆ ENDPOINTS (NERD SHEET)
| What | URL |
| Issuer | https://www.jkpage.co.uk/auth/realms/peachy |
| OIDC discovery | …/realms/peachy/.well-known/openid-configuration |
| Auth / Register | …/protocol/openid-connect/auth · registrations |
| Token | …/protocol/openid-connect/token |
| UserInfo | …/protocol/openid-connect/userinfo |
| Admin (lab) | /auth/admin/ · user admin · pass balloons |
| Demo sysop user | sysop / balloons |
Lab credentials are intentionally weak — change them before treating this as production.
◆ ARCHITECTURE
Browser → nginx (www.jkpage.co.uk) → Keycloak (:8089 /auth) + Peachy Board app (:8090)
Postgres holds the Keycloak user store. Board posts live in SQLite on PeachyServer.
Flow: Register/Login at Keycloak → redirect with ?code= → board exchanges code for tokens → session cookie → notice board unlocked.