Adding missing scope/client

Signed-off-by: Matthias Wessendorf <[email protected]>

Author: matzew

build/keycloak.mk

@@ -216,6 +216,20 @@ keycloak-setup-realm: ## Setup OpenShift realm with token exchange support
 		exit 1; \
 	fi; \
 	echo ""; \
+	echo "Creating mcp-client public client..."; \
+	MCP_PUBLIC_CLIENT_RESPONSE=$$(curl -s -w "HTTPCODE:%{http_code}" -X POST "http://localhost:8090/admin/realms/openshift/clients" \
+		-H "Authorization: Bearer $$TOKEN" \
+		-H "Content-Type: application/json" \
+		-d '{"clientId":"mcp-client","enabled":true,"publicClient":true,"standardFlowEnabled":true,"directAccessGrantsEnabled":true,"serviceAccountsEnabled":false,"authorizationServicesEnabled":false,"redirectUris":["*"],"defaultClientScopes":[],"optionalClientScopes":["mcp-server"]}'); \
+	MCP_PUBLIC_CLIENT_CODE=$$(echo "$$MCP_PUBLIC_CLIENT_RESPONSE" | grep -o "HTTPCODE:[0-9]*" | cut -d: -f2); \
+	if [ "$$MCP_PUBLIC_CLIENT_CODE" = "201" ] || [ "$$MCP_PUBLIC_CLIENT_CODE" = "409" ]; then \
+		if [ "$$MCP_PUBLIC_CLIENT_CODE" = "201" ]; then echo "✅ mcp-client public client created"; \
+		else echo "✅ mcp-client public client already exists"; fi; \
+	else \
+		echo "❌ Failed to create mcp-client public client (HTTP $$MCP_PUBLIC_CLIENT_CODE)"; \
+		exit 1; \
+	fi; \
+	echo ""; \
 	echo "Creating mcp-server client with token exchange..."; \
 	MCP_CLIENT_RESPONSE=$$(curl -s -w "HTTPCODE:%{http_code}" -X POST "http://localhost:8090/admin/realms/openshift/clients" \
 		-H "Authorization: Bearer $$TOKEN" \
@@ -289,6 +303,9 @@ keycloak-setup-realm: ## Setup OpenShift realm with token exchange support
 	echo "  Email: [email protected]"; \
 	echo ""; \
 	echo "Clients:"; \
+	echo "  mcp-client (public, for browser-based auth)"; \
+	echo "    Client ID: mcp-client"; \
+	echo "    Optional Scopes: mcp-server"; \
 	echo "  mcp-server (confidential, token exchange enabled)"; \
 	echo "    Client ID: mcp-server"; \
 	echo "    Client Secret: $$CLIENT_SECRET"; \