From a642c6d9a27b1b973dc75ebed4ad48fc8a864e5c Mon Sep 17 00:00:00 2001
From: lebaudantoine <lebaud.antoine131@gmail.com>
Date: Tue, 18 Nov 2025 16:57:03 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7(backend)=20add=20Docker=20network?=
 =?UTF-8?q?=20for=20shared=20Keycloak=20OIDC=20authentication?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Define Docker network enabling external service providers to share Keycloak
instance with local development stack, supporting OIDC authentication flow
where services obtain tokens from shared Keycloak then pass to Meet
for introspection and validation.

Prepares Meet infrastructure for multi-service authentication architecture
though external service provider Docker Compose integration changes remain
in separate repository.
---
 compose.yml                        | 10 ++++++++++
 docker/resource-server/compose.yml | 23 +++++++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 docker/resource-server/compose.yml

diff --git a/compose.yml b/compose.yml
index cd760e82..cd435e36 100644
--- a/compose.yml
+++ b/compose.yml
@@ -90,6 +90,9 @@ services:
         - createwebhook
     extra_hosts:
       - "127.0.0.1.nip.io:host-gateway"
+    networks:
+      - resource-server
+      - default
   
   celery-dev:
     user: ${DOCKER_USER:-1000}
@@ -145,6 +148,9 @@ services:
       - ./docker/files/etc/nginx/conf.d:/etc/nginx/conf.d:ro
     depends_on:
       - keycloak
+    networks:
+      - resource-server
+      - default
 
   frontend:
     user: "${DOCKER_USER:-1000}"
@@ -298,3 +304,7 @@ services:
       watch:
         - action: rebuild
           path: ./src/summary
+
+networks:
+  default:
+  resource-server:
diff --git a/docker/resource-server/compose.yml b/docker/resource-server/compose.yml
new file mode 100644
index 00000000..a92e8920
--- /dev/null
+++ b/docker/resource-server/compose.yml
@@ -0,0 +1,23 @@
+version: '3'
+
+# You can add any necessary service here that will join the same docker network
+# sharing keycloak. Services added to the 'meet_resource-server' network will be
+# able to communicate with keycloak and the backend on that network.
+services:
+  # busybox service is only used for testing purposes. It provides curl to test
+  # connectivity to the backend and keycloak services. Replace this with your
+  # relevant application services that need to communicate with keycloak.
+  busybox:
+    image: alpine:latest
+    privileged: true
+    command: sh -c "apk add --no-cache curl && sleep infinity"
+    stdin_open: true
+    tty: true
+    networks:
+      - default
+      - meet_resource-server
+
+networks:
+  default: {}
+  meet_resource-server:
+    external: true