Keycloak Phone Auth (#1122)

* custom keycloak provider for phone

* custom keycloak provider for phone

* custom keycloak provider for phone

* custom keycloak provider for phone

* Moved from IMemoryCache to IDistributedCache, catering for multiple i… (#1115)

* Moved from IMemoryCache to IDistributedCache, catering for multiple intances of the api

* Change store and category info cache to expire on an hourly basis ensuring new stores are picked-up

* partner sharing & post as active form issue, dropdown focus issue (#1117)

* removed theme folder from keycloak container

* keycloak provider: telephone number is optional

* keycloak provider: username email/phone fix and added required action for phone number change

* phone number as username rafctoring

* users.sh update

* API Refactoring

* Fixed users.sh

* Bug fixes

* Fixed keycloak extension issue

* org register: phone numbers for additional admins

* UI: changes to org edit, links etc for phoneNumber

* cleanup of dockerfile (keycloak provider arg) & keycloak realm user profile fields

* Phone number update: Allow updating / setting phone number if not set

* UPDATE_PHONE_NUMBER action now submitted as part of the PutUsersByUserIdAsync update

* UI: update phone number on user profile edit

* keycloak: set email theme to phone

* UI: update profile messages for reset password/phone form fields

* Keycloak update user logic to handle required actions correctly

* Rename `keycloak-providers` to `keycloak/providers` (#1120)

* Move Keycloak Provider Jars to `src/keycloak/providers/jars`

* Maintain project naming and structure conventions
* Add `temurin-17` and `maven` to `.mise.toml`

* Add Maven `target` dirs to `gitignore`

* Rename `keycloak-providers` to `keycloak/providers`

* Maintain project naming and structure conventions
* Update `.gitignore` accordingly
* Update the `pom.xml` files accordingly

* YOMA-538: Configure Twilio Keycloak SMS Provider (#1121)

* Using the Twilio Test keys in Dev and Stage
* Using Twilio Test number in Dev
* Stage and Prod have a placeholder while we wait for the actual Yoma number
* Twilio Live credentials in Prod
* Download our custom Twilio Provider JARs in the Download Providers init container

* Remove duplicate keycloak providers target gitignore

* YOMA-538: Fix Keycloak SMS SPI environment variables

* keycloak email theme fix

* keycloak fix: send event after user is persisted

* dotnet format

* Allow user email and phone number change (pending TODO ZLTO)

* user profile: allow email update on form

* UI: force sign-out after changing email/phone/password (user profile)

* keycloak: country code selector for phone number

* Fixed log info messages refering to email instead of username

* Fix Keycloak Deploy

* Remove Keycloak `chown` of Providers

* keycloak: twilio phone number config for country codes

* keycloak: comment for default twilio config (docker)

* Clean up Keycloak Providers Maven Target Dir

* Update Twilio Keycloak Config

* Fix Twilio Keycloak Config

* - Add tracking and update logic for ZLTO wallet username on system username change (email or phone)
- Add client-side category filtering with pagination for ZLTO Store Search due to no server-side filter in API

* User first name and last name is now nullable

* Linting

* ReceiveKeyCloakEvent: Type no parsed using the description

* API refactoring review

* keycloak: login screen - country code (WIP)

* keycloak: added country code to forgot password page

* keycloak: login screen - intl-tel-input control for phone number

* keycloak: forgot password screen - intl-tel-input control for phone number

* keycloak: added update password screen & updated phone number screen - intl-tel-input control for phone number

* keycloak: registration screen - intl-tel-input control for phone number

* keycloak: registration screen - require phone verification (only once on form resubmission)

* keycloak: registration screen - fix for phone verification session state

* keycloak: registration screen - fix for phone verification session issue

* keycloak: add /auth path to client requests (KC_HTTP_RELATIVE_PATH env var)

* keycloak: tabs on registration screen, styles & template refactor

* keycloak: form button spacing & phone verification on clear phone verification on re-render

* keycloak: improved password requirements indicator on register & update password pages

* keycloak: improved password requirements indicator on register & update password pages, added send code messages to update phone page

* keycloak: phone verification - send code & error messages

* keycloak: generate password on register & update password screens

* Add Twilio config to Yoma API

* Add Twilio integration with SMS and WhatsApp support. Fallback to WhatsApp if no email address is available. Integration currently disabled.

* when pasting multiple values, split them by ' ' & ';' characters and trim values (#1130)

* partner sharing & post as active form issue, dropdown focus issue (#1117)

* org register: phone numbers for additional admins

* UI: changes to org edit, links etc for phoneNumber

* keycloak: cryptographic security enhancement for password generation

* Comment change to force PR rerun

---------

Co-authored-by: Jason Dicker <[email protected]>
Co-authored-by: adrianwium <[email protected]>
Co-authored-by: Jason Dicker <[email protected]>
Clean up the Maven Target dirs for Keycloak Providers (#1133)

* Clean up the Maven Target dirs for Keycloak Providers

* Remove Keycloak Themes

* Themes are now built into the custom providers

.github/workflows/cicd.yml

@@ -447,7 +447,7 @@ jobs:
               --environment ${{ vars.ENVIRONMENT }} \
               --selector app=keycloak \
               --set config-cli.init.ref=${{ github.event_name == 'release' && github.ref_name || github.sha }} \
-              --set keycloak.themes.ref=${{ github.event_name == 'release' && github.ref_name || github.sha }} \
+              --set keycloak.providers.ref=${{ github.event_name == 'release' && github.ref_name || github.sha }} \
               --set postInstallHook.ref=${{ github.event_name == 'release' && github.ref_name || github.sha }}
           helmfile-version: ${{ env.HELMFILE_VERSION }}
           helm-version: ${{ env.HELM_VERSION }}

.gitignore

@@ -9,6 +9,9 @@
 **/public/workbox-*.js.map
 **/public/worker-*.js.map
 
+# Ignore the Maven Target Dirs which contain build artifacts
+src/keycloak/providers/**/target
+
 # Created by https://www.toptal.com/developers/gitignore/api/node,yarn,linux,macos,csharp,nextjs,windows,aspnetcore,dotnetcore,sublimetext,intellij+all,visualstudio,visualstudiocode
 # Edit at https://www.toptal.com/developers/gitignore?templates=node,yarn,linux,macos,csharp,nextjs,windows,aspnetcore,dotnetcore,sublimetext,intellij+all,visualstudio,visualstudiocode
 

.mise.toml

@@ -1,8 +1,10 @@
 # https://github.com/jdx/mise
 [tools]
 dotnet = "8.0"
+java = "temurin-17"
+maven = "3.9"
 node = "18"
 tilt = "latest"
 
 [env]
-MISE_FETCH_REMOTE_VERSIONS_TIMEOUT="30s" # Because azure is slow
+MISE_FETCH_REMOTE_VERSIONS_TIMEOUT = "30s" # Because azure is slow

helm/keycloak/conf/dev/secrets.yaml

@@ -29,6 +29,12 @@ keycloak:
                 database: ENC[AES256_GCM,data:E0jLFFQazWU=,iv:svmiHaLI96ty8NLaLt6Ymj0dKdnUHOGeERqHLPckxdk=,tag:sUHlYtuTURA3Uji3MtboWQ==,type:str]
                 user: ENC[AES256_GCM,data:WgSbrgPm0I4=,iv:+zNxjybnPaEc8hqz/8KiAgFnTqjy4YfBeD2FRyEMuyg=,tag:BQhC/umkzAzh8BC6/F2WBQ==,type:str]
                 password: ENC[AES256_GCM,data:p6jOnvclPDA=,iv:5/4OGvNaEl/tsiKRItUZC1L2LnIAhuentEvtf/jZwss=,tag:7yd/4poPZiZZaK/Kwe9QVg==,type:str]
+        twilio:
+            stringData:
+                sid: ENC[AES256_GCM,data:EbpNjDcFQkiQLlBrDJYCQzXzNXEMKH7zWG7I0C5Dr5rsOg==,iv:K74xK1QVaJlc/CpT2P/fCIfHsBBUDyFRnsP1Te+WxEc=,tag:fdYt5DOhwUQHz/YFDq2PBg==,type:str]
+                token: ENC[AES256_GCM,data:KzmcqjjPt25hrYV6begodVpI3AN8A/THixX6HARv6Q8=,iv:P6YVUVGLG1tCi3xx6MzQ8yYMuofBBh4C5/VbOvwQ3Ns=,tag:BKgfDFg6huUJrbgpjAUERQ==,type:str]
+                #ENC[AES256_GCM,data:ykHupEfcYDqFs4bVvZTwjBvLuR3BO9Ln2BpsoE77zSbK9bQ+etPL782lC0NdcXgsMZX4WIjSywlJ,iv:EBV1vzcxg9209TM3IffsurUbYi/yUUhj/eml3nyd/jw=,tag:Cy7YEcqNXFtq6FHODvxc1w==,type:comment]
+                number: ENC[AES256_GCM,data:9Qr8eSnY+hLhWKKTfg==,iv:2ObU32lXXqL6/7Ndn+3Tmc3GZ5rCPBa0mAVnwxy/1QU=,tag:aX+2ftMl/Ez2ILTRr1Shxw==,type:str]
 config-cli:
     secrets:
         KEYCLOAK_USER: ENC[AES256_GCM,data:DQzrhhayQ2Q=,iv:NwgCJZuKx+D2gUcSc1T+Vv0LigPo8UFeiYgbBfvT0vM=,tag:arBptodK9nGgPVRqsk7zGQ==,type:str]
@@ -54,8 +60,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-07-29T07:21:28Z"
-    mac: ENC[AES256_GCM,data:f0IgtC3m48QjEfaxx23ZS6YFOkcCmhrCFZr4msYfltQ3k6qbk6Qbe7GvJLnWpHETB5+B6OjRVfPciC6p1Y3C4Juf+Xa++5PUPf9D5PxAKcNI/SL8LKhejgmARlE2JfbfYd7bWNJZvYJy6CGR+jlgE4RnxuU7XbYgKABxjMhF/A0=,iv:XF+41nyyJpG/y8vgU4xw3TUWsS1ABCnIZnBSbssIyPo=,tag:ZMyqGPn2MKRicykri5hKkQ==,type:str]
+    lastmodified: "2024-10-17T12:23:28Z"
+    mac: ENC[AES256_GCM,data:CrEaxNrwPaUdFoDmdFXThBwHb6bM4XcLvegSDWojmW1hCU2N3xwQlS2Dw+YeT8uYzskifdGYpfNGSi7zxLh8hjMFKH1xfoGoiO2MPf6kAZRycjv7NDr6zHm3sxEeTZkcDL3PuqgLVlKdE5T97HJzuNXken6sMpYLLzJq9GjQBHU=,iv:Hg64GnGl0A0qvSp1W8i/Wbp92AcqXxCkUp9SkOdM14w=,tag:OOZwDZvFsc59GaLSLsATRQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.0
+    version: 3.9.1

helm/keycloak/conf/prod/secrets.yaml

@@ -8,6 +8,12 @@ keycloak:
                 #ENC[AES256_GCM,data:lltrqHjMjrp+ZaGwOXM=,iv:kTnOAn3acFbMjFUE1nZNigomN3LrtOx0U2n1SFwlBeg=,tag:YdbwJyOLZV7ws5JDvhzJWg==,type:comment]
                 #ENC[AES256_GCM,data:VvwA2+9/yCyjQNc1JFM96yUxJr/orj07vnGjUY/hL3JB7saF7H6GSpBI,iv:4Xxc8MPEVT8SdFQSpfBBxPPoCCRGGQTdb8nw65+xnJ8=,tag:gLS1vBprSHHkTpkow6PjZA==,type:comment]
                 #ENC[AES256_GCM,data:o8X/VsS2vcLN6OoG5Q02lJNjTL6GSBgVq5W8/znbImHez42a0IqPpLBnPna+Dq6Ij9LTzAF3mYYfsnXbLfKcRpxj,iv:PXb3RXOC3/9JfqoNqUTyukReRhu6cE7glEojY/cH6B4=,tag:QvPLh2JFJ7515FbUuzL6Wg==,type:comment]
+        twilio:
+            stringData:
+                sid: ENC[AES256_GCM,data:KEuBL0NsjuJFpaZc+9h4pRE6PFY9c20wb1F6Ifyoz7IfdQ==,iv:pvcw+rV6lhbNpL4sXhinBDrYYMyLN31v0lXcAdUIJcY=,tag:d26c1C+iCv/qAYnsi6GtQQ==,type:str]
+                token: ENC[AES256_GCM,data:8ttJmjNkFNzutX+SoPQE5QYQF7DqhvOvcwIDhn44eBM=,iv:KvP5WtISwDqHITqQWZ44FOt1s1F/z29GPuH5fVLXqq0=,tag:McdfdILIDXPREhLw85/4Pw==,type:str]
+                #ENC[AES256_GCM,data:kz0+uKQT9byVVhDoBFkxOmMlhxyWpNLx2zyMAkAKprharFVT8dD+HCPAs/sui6L5YnUA+zeHrx5D,iv:SqiqLrDJk86rGPpgBTvbr+vxHHQhQbkYHCWE1mhkA84=,tag:tJMvS2yOrxsc0cm33Lbhkw==,type:comment]
+                number: ENC[AES256_GCM,data:OnN8p8+wMHfbcVkJ/Q==,iv:kHVtAjX49TEMG8TVRIXHZ906WSlCX8bi0PxioVEV0bc=,tag:yNH3cN5WkVJD/DfGAK5SbQ==,type:str]
 config-cli:
     secrets:
         KEYCLOAK_USER: ENC[AES256_GCM,data:k/b9R1DS3lw=,iv:n4OGjLPXpPoyrxCtCz+BPmwwy+fDcD6aG1J1whUzuXw=,tag:Pd+vak3/ZukMe3fcRqHFpg==,type:str]
@@ -33,8 +39,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-07-29T07:21:52Z"
-    mac: ENC[AES256_GCM,data:V1e0QvQl4prFG7UXaQST2Oz/lzPOMk3Udr36pVsHK3lj9OXl1V4SuMzAWyLJjaMTBprDvkjh2xk5tkYjYwj6/6H/GnawHLdAdjpNQk4zd1v0iWP1KfngAOhNN4tDDuXekK5e5WrHUBoDvRyunXK2zgd27Im2IqtFczwgmZ/6mr8=,iv:jwh32O52eHk+DL9otJPxncTSgjG2fEoMA52QlvKzl3k=,tag:tbzXPsbGFWnZKfsOaCJBUQ==,type:str]
+    lastmodified: "2024-10-17T12:23:09Z"
+    mac: ENC[AES256_GCM,data:gq2Lh8mWvq+dqmpmSJvzq4BUftj3KpCmT0KJSS0ikNu0jhY9s5S0o2rHDkiSkpzZcxOzqFI1klramm81S7fMOu9xDtt0kkesvOUxNDMBbqZyj6cBh8S1NzfkpHdq52BUiH9PIWu3y+4h0cAOUwegJMVH4wDe0Bhdld4zhmYl3LE=,iv:QLP7AgaXb+eevFKDX2Bz3XBHrFKjn60sOXZlyydky+8=,tag:m4KCjVDGdBvuv5MJSfee/g==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.0
+    version: 3.9.1

helm/keycloak/conf/stage/secrets.yaml

@@ -4,10 +4,12 @@ keycloak:
             stringData:
                 WEBHOOK_HTTP_AUTH_USERNAME: ENC[AES256_GCM,data:kdNoR0TG3g==,iv:SyrnoQetML1TaQ3Q0gx0qaw2twLaqByfCXC8p5h3/ac=,tag:bUTJWQ0VrGwySlaiyCHE9Q==,type:str]
                 WEBHOOK_HTTP_AUTH_PASSWORD: ENC[AES256_GCM,data:OgP8nv4ob23E3btlwoTlFj+2ckJW5zU67RMX9lp4RLA=,iv:s2HqvlhzqGleTOJbC1z6oyzWiz6S5zu62zNx11y8Mic=,tag:U+Z8WCFhDrXrn2qqU0lQSA==,type:str]
-                #ENC[AES256_GCM,data:KthHAuqqxw==,iv:FlWBiukpHGyEBoJNNCKG/F3kMqi5mYwuRLPFfF9BUAk=,tag:2nHj2HoNX6ZrBI+Bbayldg==,type:comment]
-#ENC[AES256_GCM,data:dZSqAcdfG1b3IhPYhAMtXZPbtizE+rQCyNt/bSeaOX/qY5ScBQqoxuHL4qtFlGZtGmiZtqvwMqEhUTc5fegaZ6ep83Z/HdJObRPtjmEAg42ORRPWOVaVmm9bI2nNh0MCwr8tjbvg2O5I1aqrETzJFo9zkZxvpmrhMd/mHJHHipJkBxs=,iv:q2u9QupkWkDEcw64qKr+5FHtdm56lBe6pSCw4f2r/A8=,tag:1atRQX1bp+/OcgkSHFK5fg==,type:comment]
-#ENC[AES256_GCM,data:l+wobjYxdlJKFqISuazpFUNNlqaZ2zpjVnK3tFOX+l6FzDmh0MzXM6efypMdgRKXgR5XQaiXwlLgRLbtP8wxdZGnouVHH4F5uZwtg51NwvsbNiJ2iWU4Bf1OiAsaoeF+oyLinwjnQ8Xa2t48fbC8ZNWPqDlSTJ/dtcotBK+YcCfJZtFCrGxoROQXuwWp23obcp1HFLySGgKMrzr1anF3S1pvXJL/ik8=,iv:jJdJb3Bp/HKabP0LK1OYk6eQ7BMY1QYEx8vISvPKSZI=,tag:5p/lsUlBtqrda15LqjrhBA==,type:comment]
-#ENC[AES256_GCM,data:tgOPq8BYWbSfNmyGejxhHaWiXVC6PZtoSN5k+0m015xh+0lWSSzqmJ67PhAzyDVDV+iHehe1IvCIsQ216FdHwpu05jsS1L1OeMtzaqSjYaIZvOPj5WY1dwzcsTRIH7tAGwxMCZW/JH+Ch6XE7UgYwnMSEmiH4qyZHoe+bctXu7sPfLZ/zP5ES6ZazDrKNVU5tutHqXZn2FlI7ezYaLTHlP0GlbG5EeJfZaMv,iv:rdlmfW6ppeYSgjraea3KUdOzQF9nooRedWUnjlAm/u0=,tag:CW8jwOt34izyVt9kX1dymg==,type:comment]
+        twilio:
+            stringData:
+                sid: ENC[AES256_GCM,data:qN5gQzOFjgrQ4q11PTWicyxoLOcoxLVAeXZO/7QNxZnEdQ==,iv:kY/3CiaQskm6D1Cwg/3+jAzIZwkx7oNZj2dw6jxmw+4=,tag:BWN1PdzGKmfFIYTwr1pp7Q==,type:str]
+                token: ENC[AES256_GCM,data:s2VLoA+o8m40gvTCGJEMFa2L/31eL5p76CdLkqhxyPU=,iv:mWEbVTmZx7xrDgvMoX/uE0+zj0/Pvk/YC4Cf+NDToXo=,tag:0UlDJ92BTRVC4BP4Gf8MVg==,type:str]
+                #ENC[AES256_GCM,data:M6KkbQRB60LcfAZRHj0Y6KK/h3HpZ8pXfKQAhd9nAUi+rlKD9GAlF962C1pWnZ6smr0Boie/SdQa,iv:EII2KqdcZzzYZIVhRekOhA6So5ZMyBIlLt5gFbzRP9A=,tag:Z3Vi1ixD3EhW+cijx69TKA==,type:comment]
+                number: ENC[AES256_GCM,data:L57ep1VM7KItOKnrjQ==,iv:h/jsS9OY+jRqv/F0snphkt3wAc5aAK86lVFcQgVfNE4=,tag:APBh9EsWfQFsLN8Tq/rHTg==,type:str]
 config-cli:
     secrets:
         KEYCLOAK_USER: ENC[AES256_GCM,data:eXMN0g6tu3I=,iv:+VFQ4+ug/ux/QKq8GQ4MgPMf/3sqlpgZPAOw3F6qZjg=,tag:AExr/1YRiWwaTRIFZzzdAA==,type:str]
@@ -33,8 +35,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-07-29T07:22:03Z"
-    mac: ENC[AES256_GCM,data:VzQ9L9QcGWQkPVIEIVGtqJ4FdQroAV8TUs1cX9dFL0FiCKF8fhnj0yEMhY46uQqhGMpl6ljDPJniLQA8rhQPsLE/qk7n2pDN6jQpvbYN+dvDv9sHkmK+JKPJf4P0PyTz3/ufvMbfKPvInA4l5rOL7NrQTkKu/R1bc7dYV67vKtY=,iv:pk85jVmdI5Tg6kV8ZdhRkeJ2bFMC9yCuT2zsF+pIi0g=,tag:mAkeu1+IlkvO34toSF9w+w==,type:str]
+    lastmodified: "2024-10-17T12:23:12Z"
+    mac: ENC[AES256_GCM,data:FSnTLi7tRmPTm2CKUtfAtqVu9vKUwtBOLHeqIW33bGAPVnN0Z7CzCvK4d3g4d9UAfgFPExb79gb0CzhvSgH79gsv8EeJQc9CcW56J4mNGPch1+FrtyktbTu4oG2FhXF00fR4Ed0XncvhET2SIRkuISq+BSEZ48P2bxuWXtsnqR8=,iv:/KVkYPoJyyYLEk06lioMvHU5iCvDBJxTgFaCRez4it8=,tag:Lob5O3lUTvCpUJTIVnMHDg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.0
+    version: 3.9.1

helm/keycloak/values.yaml

@@ -193,43 +193,29 @@ keycloak:
 
   webhook:
     version: 0.3.0
-  themes:
-    enabled: false
+  providers:
     ref: develop
   extraInitContainers: |-
-    - name: download-extensions
+    - name: download-providers
       image: docker.io/busybox:stable
       imagePullPolicy: IfNotPresent
       command:
         - sh
       args:
         - -c
         - |-
+          cd /providers
           wget -q \
             https://github.com/vymalo/keycloak-webhook/releases/download/v{{ .Values.webhook.version }}/keycloak-webhook-{{ .Values.webhook.version }}-all.jar \
               -O /providers/keycloak-webhook-{{ .Values.webhook.version }}.jar
-      volumeMounts:
-        - name: providers
-          mountPath: /providers
-    {{- if .Values.themes.enabled }}
-    - name: download-themes
-      image: docker.io/busybox:stable
-      imagePullPolicy: IfNotPresent
-      command:
-        - sh
-      args:
-        - -c
-        - |-
-          cd /themes
           wget -qO - \
             --header="Accept:application/vnd.github.v3.raw" \
-            https://api.github.com/repos/didx-xyz/yoma/tarball/{{ .Values.themes.ref }} | tar xz
-          cp -R ./didx-xyz-yoma-*/src/keycloak/themes/yoma /themes
+            https://api.github.com/repos/didx-xyz/yoma/tarball/{{ .Values.providers.ref }} | tar xz
+          cp -v ./didx-xyz-yoma-*/src/keycloak/providers/jars/*.jar /providers
           rm -rf ./didx-xyz-yoma-*
       volumeMounts:
-        - name: themes
-          mountPath: /themes
-    {{- end }}
+        - name: providers
+          mountPath: /providers
   extraEnv: |-
     - name: JAVA_OPTS_APPEND
       value: >-
@@ -281,6 +267,27 @@ keycloak:
       value: sslmode=prefer
     - name: KC_LOG_CONSOLE_OUTPUT
       value: json
+    - name: KC_SPI_PHONE_DEFAULT_SERVICE
+      value: twilio
+    - name: KC_SPI_MESSAGE_SENDER_SERVICE_TWILIO_ACCOUNT
+      valueFrom:
+        secretKeyRef:
+          name: {{ include "keycloak.fullname" . }}-twilio
+          key: sid
+    - name: KC_SPI_MESSAGE_SENDER_SERVICE_TWILIO_TOKEN
+      valueFrom:
+        secretKeyRef:
+          name: {{ include "keycloak.fullname" . }}-twilio
+          key: token
+    - name: KC_SPI_MESSAGE_SENDER_SERVICE_TWILIO_NUMBER
+      valueFrom:
+        secretKeyRef:
+          name: {{ include "keycloak.fullname" . }}-twilio
+          key: number
+    - name: KC_SPI_PHONE_DEFAULT_TOKEN_EXPIRES_IN
+      value: "120"
+    - name: KC_SPI_PHONE_DEFAULT_YOMA_DEFAULT_NUMBER_REGEX
+      value: "^\\+?\\d+$"
 
   affinity: |-
     nodeAffinity:
@@ -328,7 +335,7 @@ keycloak:
     admission.datadoghq.com/enabled: "false" # disabled by default (for now)
   podAnnotations:
     # gcr.io/datadoghq/dd-lib-java-init
-    admission.datadoghq.com/java-lib.version: v1.39.0
+    admission.datadoghq.com/java-lib.version: v1.40.1
     ad.datadoghq.com/keycloak.logs: '[{ "service": "keycloak", "source": "jboss_wildfly" }]'
 
   lifecycleHooks: |
@@ -379,6 +386,13 @@ keycloak:
   http:
     relativePath: /auth
 
+  secrets:
+    twilio:
+      stringData:
+        sid: superDuperVerySecret
+        token: superDuperVerySecret
+        number: superDuperVerySecret
+
   autoscaling:
     # If `true`, an autoscaling/v2 HorizontalPodAutoscaler resource is created (requires Kubernetes 1.23 or above)
     # Autoscaling seems to be most reliable when using KUBE_PING service discovery (see README for details)

helm/yoma-api/conf/base/secrets.yaml

@@ -52,6 +52,7 @@ appSettings:
         SwaggerScopesClientCredentials: ENC[AES256_GCM,data:AJP63VIImR4=,iv:ZcC8hUkTVngm8SDFIgBvrXjpFGAsMIsvwMNdhgV+zqs=,tag:O4+saessUL9FiWSy1PPwpw==,type:str]
         TestDataSeedingDelayInMinutes: ENC[AES256_GCM,data:fg==,iv:6ZUIol+SIYFcqRZVyCu4WZi7IGioX8Gr9Q6ksvQHxmw=,tag:mnMF7JThkUFpQtaZfC2ZUw==,type:int]
         TestDataSeedingEnvironments: ENC[AES256_GCM,data:1ZBcho+GzOP3MpNsVks3FwZR,iv:CHVCYxLxWDuMFm77upO7N+IzGMxrB/HOzJXinqdM3Vw=,tag:THcAavgQrcM+IjTCIDmAfQ==,type:str]
+        TwilioEnabledEnvironments: null
         YomaOrganizationName: ENC[AES256_GCM,data:QxSwgu+4KuUdyoKz/oQlM8eIB3RdwxcqA4nX4skNcw==,iv:ybfK99GaMDcaXk1DDVnGJqzkbueCCOUvzxh12TlCQj8=,tag:gKpqMvZrxJEz5SGRDHJosw==,type:str]
         YomaSupportEmailAddress: ENC[AES256_GCM,data:6DSJ84zaVrBbVcNSe7Z84J6B,iv:EnrWTxwOOERulmK1TavjrpmxW4VkYahtDP1XLUsqjR0=,tag:nRTtqTZ3cWwG5aQB/Wb+wg==,type:str]
     Bitly:
@@ -227,6 +228,12 @@ appSettings:
         BaseUrl: ENC[AES256_GCM,data:+o+AI3UClkY7Nr90/azY0RYy2jZ7HEntkOUrA4otyZvDnA==,iv:Fs5q0BMgdXw3S+E9O3zqMFn5Rim7R+MlSv1aF04VVVg=,tag:XplLANUsJKhGKikTXyrCcA==,type:str]
         ApiVersionL: ENC[AES256_GCM,data:nsVY,iv:u8KWkKJ3a677Q+jlp418LnJp8RV4plEWqfPPsOMN2LA=,tag:+OF/PGVmUVyv/bESnDkC+g==,type:str]
         ApiKey: ENC[AES256_GCM,data:vcDaE4jUE50=,iv:G6pRg9X9W0GoRtYFv1qZVeGSdg2pe90ixh8n7ZKNrqQ=,tag:AJkYHe4Fauvxx8REF08t6g==,type:str]
+    Twilio:
+        AccountSid: ENC[AES256_GCM,data:2JZmM7QjPqGp2ClyucnuEJgCjqRPVaVrU7SBsSMTM5VjTQ==,iv:WIOtVnOWDUD4oMYQ6u7nigYThH6wA5NTT/RzlB3tljI=,tag:JdmrGiNFheDOMxZO7jbFeg==,type:str]
+        AuthToken: ENC[AES256_GCM,data:dfmWnvnYxZK/NQrkvCBp3V2RzVNlD4ei3zhFqeoGonw=,iv:b9d1GXQX8VXangH4MMy4mF+M4uENeAYhZdAo8NIi8ZI=,tag:u/u8NFAuQhjTecTdS6qdEg==,type:str]
+        From:
+            SMS: ENC[AES256_GCM,data:efG0G5ZOfEL27Cc=,iv:H7rS4t4r3gyEUqzyw5mazsL2ziEECJuH6pXcqMDvFO4=,tag:FQjGjXIjSaWBvziZVgVCrw==,type:str]
+        Templates: null
 sops:
     kms:
         - arn: arn:aws:kms:eu-west-1:210913241065:alias/helm/yoma-dev
@@ -241,8 +248,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-10-24T08:24:36Z"
-    mac: ENC[AES256_GCM,data:sXfc3C8aGpHU38OkDNskj8hzvGOI38A/INpcAhMy4Dq7PHnhuhKImvFlGKbrb9UA+SP4dmSeHeQ1yUPMDd/z+O/m3P81d/FgXvwlo5c3i42GFbB9uH71fiI2E/WWNRSnnZOh6uLrJDVNuAFsDG+0kWlTS1XjrgrRHVrUXsEXWkI=,iv:mVpZIkuhf8RL1JHLkjZbaK8Q+4gfRzLqHJFZJFB2LUs=,tag:nv7bsyasxlfbm3emPPbV1Q==,type:str]
+    lastmodified: "2024-10-29T12:32:32Z"
+    mac: ENC[AES256_GCM,data:o+K7sitICd/AC+PpweMj84zkSIzb5mma+iFHfIaNiujmWGIh7VHC8/9E+owryRguIgyQWu5NVaLjKOJKQGM5y8eA376F/WBTl+czGhP9oe/iKNS3IJU8/NRbyeuMZZJAZFHpcV4Hcz7fdhCDlNex5mb0UxJSugavjfq0snuymuQ=,iv:Fx4qIP3ZhJRhEQeyDLScgj4kY9qXZ3bhAnegs0Y1r+c=,tag:nVVjxa6DPLdBOxTkmP6fng==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.1

src/api/Yoma.Core.sln

@@ -44,6 +44,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Yoma.Core.Infrastructure.Bi
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Yoma.Core.Infrastructure.SAYouth", "src\infrastructure\Yoma.Core.Infrastructure.SAYouth\Yoma.Core.Infrastructure.SAYouth.csproj", "{A3E9E26D-ED27-4791-9A0C-5C1345FB99AD}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Yoma.Core.Infrastructure.Twilio", "src\infrastructure\Yoma.Core.Infrastructure.Twillio\Yoma.Core.Infrastructure.Twilio.csproj", "{B00B10EE-AC67-43BB-90D3-E2C1E9EBDA95}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -98,6 +100,10 @@ Global
 		{A3E9E26D-ED27-4791-9A0C-5C1345FB99AD}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{A3E9E26D-ED27-4791-9A0C-5C1345FB99AD}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{A3E9E26D-ED27-4791-9A0C-5C1345FB99AD}.Release|Any CPU.Build.0 = Release|Any CPU
+		{B00B10EE-AC67-43BB-90D3-E2C1E9EBDA95}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{B00B10EE-AC67-43BB-90D3-E2C1E9EBDA95}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{B00B10EE-AC67-43BB-90D3-E2C1E9EBDA95}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{B00B10EE-AC67-43BB-90D3-E2C1E9EBDA95}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -118,6 +124,7 @@ Global
 		{4244D97D-502A-4B37-9C1A-EFD7D2DBEFDD} = {2129F035-3D60-4CC4-AE25-9BFEE9340D8D}
 		{4988FBD6-4E1F-4830-A0EC-8975FE152FF1} = {2129F035-3D60-4CC4-AE25-9BFEE9340D8D}
 		{A3E9E26D-ED27-4791-9A0C-5C1345FB99AD} = {2129F035-3D60-4CC4-AE25-9BFEE9340D8D}
+		{B00B10EE-AC67-43BB-90D3-E2C1E9EBDA95} = {2129F035-3D60-4CC4-AE25-9BFEE9340D8D}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {D658A68F-8A10-4EF2-B8C9-F1350399BF58}