Add JWT-based authorization support for Temporal server with Keycloak integration

- Create QUICK_REFERENCE.md for a concise guide on setting up temporal authorization.
- Add README_AUTHORIZATION.md detailing the implementation steps and common issues.
- Introduce REVERSE_PROXY_APPROACH.md as an alternative method for authorization using a reverse proxy.
- Implement Dockerfile for building a custom Temporal server with authorization features.
- Add main.go to initialize the custom Temporal server with JWT authorization.
- Create example-keycloak-mapper.json for mapping Keycloak groups to Temporal permissions.
- Add development.yaml for configuring the Temporal server with JWT settings.
- Implement test-authorization.sh script to verify JWT token claims and Temporal server access.
- Include go.mod for managing Go dependencies in the custom server.
- Document troubleshooting steps and customization options in README.md.

custom-server/config/development.yaml

@@ -0,0 +1,99 @@
+# Temporal Server Configuration with JWT Authorization
+
+global:
+  authorization:
+    # JWT token validation settings
+    jwtKeyProvider:
+      # JWKS endpoint from your Keycloak - this provides the public keys
+      # Format: https://your-keycloak.com/realms/yourRealm/protocol/openid-connect/certs
+      keySourceURIs:
+        - ${TEMPORAL_AUTH_ISSUER_URL}/.well-known/jwks.json
+      # How often to refresh the keys (in Go duration format)
+      refreshInterval: 1h
+    
+    # The claim name in the JWT that contains permissions
+    # Default is "permissions" but you can customize this based on your Keycloak setup
+    permissionsClaimName: "permissions"
+
+# Database configuration
+persistence:
+  defaultStore: default
+  visibilityStore: visibility
+  numHistoryShards: 4
+  datastores:
+    default:
+      sql:
+        pluginName: "postgres12"
+        databaseName: "temporal"
+        connectAddr: "db:5432"
+        connectProtocol: "tcp"
+        user: "temporal"
+        password: "${POSTGRES_PWD}"
+        maxConns: 20
+        maxIdleConns: 20
+        maxConnLifetime: "1h"
+    visibility:
+      sql:
+        pluginName: "postgres12"
+        databaseName: "temporal_visibility"
+        connectAddr: "db:5432"
+        connectProtocol: "tcp"
+        user: "temporal"
+        password: "${POSTGRES_PWD}"
+        maxConns: 10
+        maxIdleConns: 10
+        maxConnLifetime: "1h"
+
+# Services configuration
+services:
+  frontend:
+    rpc:
+      grpcPort: 7233
+      membershipPort: 6933
+      bindOnIP: "0.0.0.0"
+
+  matching:
+    rpc:
+      grpcPort: 7235
+      membershipPort: 6935
+      bindOnIP: "0.0.0.0"
+
+  history:
+    rpc:
+      grpcPort: 7234
+      membershipPort: 6934
+      bindOnIP: "0.0.0.0"
+
+  worker:
+    rpc:
+      grpcPort: 7239
+      membershipPort: 6939
+      bindOnIP: "0.0.0.0"
+
+clusterMetadata:
+  enableGlobalNamespace: false
+  failoverVersionIncrement: 10
+  masterClusterName: "active"
+  currentClusterName: "active"
+  clusterInformation:
+    active:
+      enabled: true
+      initialFailoverVersion: 1
+      rpcName: "frontend"
+      rpcAddress: "127.0.0.1:7233"
+
+dcRedirectionPolicy:
+  policy: "noop"
+
+archival:
+  history:
+    state: "disabled"
+  visibility:
+    state: "disabled"
+
+publicClient:
+  hostPort: "127.0.0.1:7233"
+
+dynamicConfigClient:
+  filepath: "/etc/temporal/config/dynamicconfig/development-sql.yaml"
+  pollInterval: "10s"