From b0002d6a0970beff7c9167ff084d53661ff67cae Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Mon, 4 May 2015 21:09:01 +0200
Subject: [PATCH] Fix broker examples

---
 examples/broker/facebook-authentication/README.md    | 12 ++++++------
 .../facebook-identity-provider-realm.json            |  7 +------
 .../src/main/webapp/index.html                       |  2 +-
 examples/broker/google-authentication/README.md      | 12 ++++++------
 .../google-identity-provider-realm.json              |  7 +------
 .../google-authentication/src/main/webapp/index.html |  2 +-
 examples/broker/saml-broker-authentication/README.md |  4 ++--
 .../src/main/webapp/index.html                       |  2 +-
 examples/broker/twitter-authentication/README.md     | 12 ++++++------
 .../broker/twitter/TwitterShowUserServlet.java       |  6 +++---
 .../src/main/webapp/index.html                       |  2 +-
 .../twitter-identity-provider-realm.json             |  7 +------
 12 files changed, 30 insertions(+), 45 deletions(-)

diff --git a/examples/broker/facebook-authentication/README.md b/examples/broker/facebook-authentication/README.md
index d7d10bdb23f..5f4ad8d0138 100644
--- a/examples/broker/facebook-authentication/README.md
+++ b/examples/broker/facebook-authentication/README.md
@@ -3,22 +3,22 @@
 What is it?
 -----------
 
-This example demonstrates how to use Social Ientity Providers with KeyCloak to authenticate users. In this case,
-users are authenticated with Facebook using KeyCloak Identity Broker capabilities using the oAuth 2 protocol.
+This example demonstrates how to use Social Identity Providers with Keycloak to authenticate users. In this case,
+users are authenticated with Facebook using Keycloak Identity Broker capabilities using the oAuth 2 protocol.
 
 From this example, you'll learn how to:
 
 * Setup a social identity provider for a specific realm
 * Store tokens from a social identity provider and use these tokens to invoke the social provider API
 
-Basically, once you try to access the application for the first time, you'll be redirected to KeyCloak's login page.
+Basically, once you try to access the application for the first time, you'll be redirected to Keycloak's login page.
 In this page you'll note that there is a "Facebook" button that allows you to authenticate with Facebook Identity Provider.
 
 After clicking the "Facebook" button, you'll be redirected to Facebook's login page from where you must authenticate
-and grant the necessary permissions to KeyCloak in order to access your personal information from Facebook.
+and grant the necessary permissions to Keycloak in order to access your personal information from Facebook.
 
-If everything is fine, Facebook will redirect you back to KeyCloak and at this point you'll be asked to provide some
-basic profile information in order to create a new user in KeyCloak based on your social account. Once you update your profile,
+If everything is fine, Facebook will redirect you back to Keycloak and at this point you'll be asked to provide some
+basic profile information in order to create a new user in Keycloak based on your social account. Once you update your profile,
 you'll be authenticated and redirected to the application.
 
 Basically, what the application does is obtain some basic information for the authenticated user and also allow users to
diff --git a/examples/broker/facebook-authentication/facebook-identity-provider-realm.json b/examples/broker/facebook-authentication/facebook-identity-provider-realm.json
index 580ab5a1db9..aa6810f6328 100644
--- a/examples/broker/facebook-authentication/facebook-identity-provider-realm.json
+++ b/examples/broker/facebook-authentication/facebook-identity-provider-realm.json
@@ -42,12 +42,6 @@
             ],
             "webOrigins": [
               "http://localhost:8080"
-            ],
-            "identityProviders": [
-                {
-                    "id": "facebook",
-                    "retrieveToken": true
-                }
             ]
         }
     ],
@@ -58,6 +52,7 @@
           "enabled": true,
           "updateProfileFirstLogin" : "true",
           "storeToken" : "true",
+          "addReadTokenRoleOnCreate" : true,
           "config": {
             "clientId": "CHANGE_CLIENT_ID",
             "clientSecret": "CHANGE_CLIENT_SECRET"
diff --git a/examples/broker/facebook-authentication/src/main/webapp/index.html b/examples/broker/facebook-authentication/src/main/webapp/index.html
index 196ee414028..7f01f0be05e 100644
--- a/examples/broker/facebook-authentication/src/main/webapp/index.html
+++ b/examples/broker/facebook-authentication/src/main/webapp/index.html
@@ -20,7 +20,7 @@
     <div id="content">
         <h2>Hello, {{identity.name}} [<a href="" ng-click="logout()">Sign Out</a>]</h2>
         <div>
-            <p><b>This is your KeyCloak Profile</b>:</p>
+            <p><b>This is your Keycloak Profile</b>:</p>
             <p>
                 <ul>
                     <li><b>Id</b>: {{identity.sub}}</li>
diff --git a/examples/broker/google-authentication/README.md b/examples/broker/google-authentication/README.md
index 60c21ac878e..0825aed6321 100644
--- a/examples/broker/google-authentication/README.md
+++ b/examples/broker/google-authentication/README.md
@@ -3,22 +3,22 @@
 What is it?
 -----------
 
-This example demonstrates how to use Social Ientity Providers with KeyCloak to authenticate users. In this case,
-users are authenticated with Google using KeyCloak Identity Broker capabilities using the oAuth 2 protocol.
+This example demonstrates how to use Social Ientity Providers with Keycloak to authenticate users. In this case,
+users are authenticated with Google using Keycloak Identity Broker capabilities using the oAuth 2 protocol.
 
 From this example, you'll learn how to:
 
 * Setup a social identity provider for a specific realm
 * Store tokens from a social identity provider and use these tokens to invoke the social provider API
 
-Basically, once you try to access the application for the first time, you'll be redirected to KeyCloak's login page.
+Basically, once you try to access the application for the first time, you'll be redirected to Keycloak's login page.
 In this page you'll note that there is a "Google" button that allows you to authenticate with Google Identity Provider.
 
 After clicking the "Google" button, you'll be redirected to Google's login page from where you must authenticate
-and grant the necessary permissions to KeyCloak in order to access your personal information from Google.
+and grant the necessary permissions to Keycloak in order to access your personal information from Google.
 
-If everything is fine, Google will redirect you back to KeyCloak and at this point you'll be asked to provide some
-basic profile information in order to create a new user in KeyCloak based on your social account. Once you update your profile,
+If everything is fine, Google will redirect you back to Keycloak and at this point you'll be asked to provide some
+basic profile information in order to create a new user in Keycloak based on your social account. Once you update your profile,
 you'll be authenticated and redirected to the application.
 
 Basically, what the application does is obtain some basic information for the authenticated user and also allow users to
diff --git a/examples/broker/google-authentication/google-identity-provider-realm.json b/examples/broker/google-authentication/google-identity-provider-realm.json
index 7db619f0cc0..37af52b5428 100644
--- a/examples/broker/google-authentication/google-identity-provider-realm.json
+++ b/examples/broker/google-authentication/google-identity-provider-realm.json
@@ -42,12 +42,6 @@
             ],
             "webOrigins": [
               "http://localhost:8080"
-            ],
-            "identityProviders": [
-                {
-                    "id": "google",
-                    "retrieveToken": true
-                }
             ]
         }
     ],
@@ -58,6 +52,7 @@
           "enabled": true,
           "updateProfileFirstLogin" : "true",
           "storeToken" : "true",
+          "addReadTokenRoleOnCreate" : true,
           "config": {
             "clientId": "CHANGE_CLIENT_ID",
             "clientSecret": "CHANGE_CLIENT_SECRET"
diff --git a/examples/broker/google-authentication/src/main/webapp/index.html b/examples/broker/google-authentication/src/main/webapp/index.html
index 7226cb0b7c0..87e7cd1ff5e 100644
--- a/examples/broker/google-authentication/src/main/webapp/index.html
+++ b/examples/broker/google-authentication/src/main/webapp/index.html
@@ -20,7 +20,7 @@
     <div id="content">
         <h2>Hello, {{identity.name}} [<a href="" ng-click="logout()">Sign Out</a>]</h2>
         <div>
-            <p><b>This is your KeyCloak Profile</b>:</p>
+            <p><b>This is your Keycloak Profile</b>:</p>
             <p>
                 <ul>
                     <li><b>Id</b>: {{identity.sub}}</li>
diff --git a/examples/broker/saml-broker-authentication/README.md b/examples/broker/saml-broker-authentication/README.md
index bbb1f962694..c276495de21 100755
--- a/examples/broker/saml-broker-authentication/README.md
+++ b/examples/broker/saml-broker-authentication/README.md
@@ -1,9 +1,9 @@
-# Keycloak Broker: Brokering a KeyCloak SAML v2 Identity Provider Quickstart
+# Keycloak Broker: Brokering a Keycloak SAML v2 Identity Provider Quickstart
 
 What is it?
 -----------
 
-This example demonstrates how to broker a SAML Identity Provider in KeyCloak. In this case, the SAML Identity Provider
+This example demonstrates how to broker a SAML Identity Provider in Keycloak. In this case, the SAML Identity Provider
 belongs to a different realm than the application and we want to trust users from one realm to authenticate and access the
 applications in another realm.
 
diff --git a/examples/broker/saml-broker-authentication/src/main/webapp/index.html b/examples/broker/saml-broker-authentication/src/main/webapp/index.html
index 7251a9ebe43..7301e499af5 100644
--- a/examples/broker/saml-broker-authentication/src/main/webapp/index.html
+++ b/examples/broker/saml-broker-authentication/src/main/webapp/index.html
@@ -20,7 +20,7 @@
     <div id="content">
         <h2>Hello, {{identity.name}} [<a href="" ng-click="logout()">Sign Out</a>]</h2>
         <div>
-            <p><b>This is your KeyCloak Profile</b>:</p>
+            <p><b>This is your Keycloak Profile</b>:</p>
             <p>
                 <ul>
                     <li><b>Id</b>: {{identity.sub}}</li>
diff --git a/examples/broker/twitter-authentication/README.md b/examples/broker/twitter-authentication/README.md
index 0a0ebc607e8..5e93083bbfa 100644
--- a/examples/broker/twitter-authentication/README.md
+++ b/examples/broker/twitter-authentication/README.md
@@ -3,22 +3,22 @@
 What is it?
 -----------
 
-This example demonstrates how to use Social Ientity Providers with KeyCloak to authenticate users. In this case,
-users are authenticated with Twitter using KeyCloak Identity Broker capabilities using the oAuth 2 protocol.
+This example demonstrates how to use Social Ientity Providers with Keycloak to authenticate users. In this case,
+users are authenticated with Twitter using Keycloak Identity Broker capabilities using the oAuth 2 protocol.
 
 From this example, you'll learn how to:
 
 * Setup a social identity provider for a specific realm
 * Store tokens from a social identity provider and use these tokens to invoke the social provider API
 
-Basically, once you try to access the application for the first time, you'll be redirected to KeyCloak's login page.
+Basically, once you try to access the application for the first time, you'll be redirected to Keycloak's login page.
 In this page you'll note that there is a "Twitter" button that allows you to authenticate with Twitter Identity Provider.
 
 After clicking the "Twitter" button, you'll be redirected to Twitter's login page from where you must authenticate
-and grant the necessary permissions to KeyCloak in order to access your personal information from Twitter.
+and grant the necessary permissions to Keycloak in order to access your personal information from Twitter.
 
-If everything is fine, Twitter will redirect you back to KeyCloak and at this point you'll be asked to provide some
-basic profile information in order to create a new user in KeyCloak based on your social account. Once you update your profile,
+If everything is fine, Twitter will redirect you back to Keycloak and at this point you'll be asked to provide some
+basic profile information in order to create a new user in Keycloak based on your social account. Once you update your profile,
 you'll be authenticated and redirected to the application.
 
 Basically, what the application does is obtain some basic information for the authenticated user and also allow users to
diff --git a/examples/broker/twitter-authentication/src/main/java/org/keycloak/examples/broker/twitter/TwitterShowUserServlet.java b/examples/broker/twitter-authentication/src/main/java/org/keycloak/examples/broker/twitter/TwitterShowUserServlet.java
index e8e7ba212ff..188621ba836 100644
--- a/examples/broker/twitter-authentication/src/main/java/org/keycloak/examples/broker/twitter/TwitterShowUserServlet.java
+++ b/examples/broker/twitter-authentication/src/main/java/org/keycloak/examples/broker/twitter/TwitterShowUserServlet.java
@@ -49,7 +49,7 @@ import java.io.PrintWriter;
 /**
  * <p>A simple servlet to proxy Twitter API using the Twitter4j library.</p>
  *
- * <p>It provides some additional code to properly handle token retrieval from the Twitter identity provider in KeyCloak
+ * <p>It provides some additional code to properly handle token retrieval from the Twitter identity provider in Keycloak
  * and use that token to invoke Twitter's API.</p>
  *
  * @author pedroigor
@@ -64,7 +64,7 @@ public class TwitterShowUserServlet extends HttpServlet {
 
     @Override
     public void init(ServletConfig config) throws ServletException {
-        initKeyCloakClient(config);
+        initKeycloakClient(config);
     }
 
     @Override
@@ -122,7 +122,7 @@ public class TwitterShowUserServlet extends HttpServlet {
         return this.authServer + "/realms/" + this.realmName + "/broker/" + this.identityProvider.getAlias() + "/token";
     }
 
-    private void initKeyCloakClient(ServletConfig config) {
+    private void initKeycloakClient(ServletConfig config) {
         ServletContext servletContext = config.getServletContext();
         JsonNode keycloakConfig;
 
diff --git a/examples/broker/twitter-authentication/src/main/webapp/index.html b/examples/broker/twitter-authentication/src/main/webapp/index.html
index 74658459a5c..c5041720e66 100644
--- a/examples/broker/twitter-authentication/src/main/webapp/index.html
+++ b/examples/broker/twitter-authentication/src/main/webapp/index.html
@@ -20,7 +20,7 @@
     <div id="content">
         <h2>Hello, {{identity.name}} [<a href="" ng-click="logout()">Sign Out</a>]</h2>
         <div>
-            <p><b>This is your KeyCloak Profile</b>:</p>
+            <p><b>This is your Keycloak Profile</b>:</p>
             <p>
                 <ul>
                     <li><b>Id</b>: {{identity.sub}}</li>
diff --git a/examples/broker/twitter-authentication/twitter-identity-provider-realm.json b/examples/broker/twitter-authentication/twitter-identity-provider-realm.json
index e4c94cb8616..a450eadfa3d 100644
--- a/examples/broker/twitter-authentication/twitter-identity-provider-realm.json
+++ b/examples/broker/twitter-authentication/twitter-identity-provider-realm.json
@@ -43,12 +43,6 @@
             ],
             "webOrigins": [
               "http://localhost:8080"
-            ],
-            "identityProviders": [
-                {
-                    "id": "twitter",
-                    "retrieveToken": true
-                }
             ]
         },
         {
@@ -69,6 +63,7 @@
           "enabled": true,
           "updateProfileFirstLogin" : "true",
           "storeToken" : "true",
+          "addReadTokenRoleOnCreate" : true,
           "config": {
             "clientId": "CHANGE_CLIENT_ID",
             "clientSecret": "CHANGE_CLIENT_SECRET"