Harmonize Keycloak Client Configurations with Built-in IdP

[michaelstingl]

Is your feature request related to a problem? Please describe.

When switching between the built-in IdP and Keycloak, users may experience authentication issues because the client configurations are inconsistent. The Keycloak client configurations do not match the built-in IdP client configurations in terms of client IDs, redirect URIs, and domain names.

Describe the solution you'd like

Harmonize the Keycloak client configurations to match the built-in IdP as closely as possible:

1. Update Client IDs in Keycloak:

   • Change desktop client ID to OpenCloudDesktop
   • Change Android client ID to OpenCloudAndroid
   • Change iOS client ID to OpenCloudIOS
   • Simplify Cyberduck client ID

2. Fix Domain Names:

   • Update Keycloak configuration to use .eu domains for mobile apps
   • Replace hardcoded domains with templated values

3. Standardize Redirect URIs:

   • Add specific callback paths in web client configuration
   • Ensure desktop client follows same format as built-in IdP

4. Align Authentication Methods:

   • Configure mobile and desktop clients as public clients in Keycloak

Describe alternatives you've considered

• Document the differences and require users to handle them manually (less user-friendly)
• Modify the built-in IdP to match Keycloak (more invasive, requires changing established code)

Additional context

See full analysis in PR #589 which implements this feature request.

The primary goal is to ensure a consistent authentication experience regardless of whether users are using the built-in IdP or Keycloak.