**** PEACHY IDENTITY PROVIDER 64 ****
64K RAM SYSTEM · KEYCLOAK LOADED · READY.

◆ PEACHY IDP · KEYCLOAK SHOWCASE

WE ARE THE IDENTITY PROVIDER · OAUTH 2.0 / OPENID CONNECT · USER STORE IN REALM peachy

◆ WHAT THIS SHOWS OFF

  • Keycloak as a full IdP on PeachyServer (not a social login bolt-on).
  • User store in realm peachy — register yourself; accounts live here.
  • OAuth 2.0 / OIDC authorization code flow to a real app (the notice board).
  • Client peachy-board with redirect URIs, scopes, and logout.
  • After you register/sign in, you can read & post on the C64 Peachy Notice Board.

◆ HOW TO TRY IT (30 SECONDS)

  1. Hit REGISTER — Keycloak account form (user store write).
  2. Complete signup → redirected back via OIDC code exchange.
  3. Land on the Notice Board as an authenticated citizen.
  4. Post a message. Log out ends the Keycloak SSO session too.

◆ ENDPOINTS (NERD SHEET)

WhatURL
Issuerhttps://www.jkpage.co.uk/auth/realms/peachy
OIDC discovery…/realms/peachy/.well-known/openid-configuration
Auth / Register…/protocol/openid-connect/auth · registrations
Token…/protocol/openid-connect/token
UserInfo…/protocol/openid-connect/userinfo
Admin (lab)/auth/admin/ · user admin · pass balloons
Demo sysop usersysop / balloons

Lab credentials are intentionally weak — change them before treating this as production.

◆ ARCHITECTURE

Browser → nginx (www.jkpage.co.uk) → Keycloak (:8089 /auth) + Peachy Board app (:8090)

Postgres holds the Keycloak user store. Board posts live in SQLite on PeachyServer.

Flow: Register/Login at Keycloak → redirect with ?code= → board exchanges code for tokens → session cookie → notice board unlocked.