Fix OpenRemote auth (password grant + client_secret), add Grafana dashboard, update session resume 2026-05-04

simulator.py

@@ -621,20 +621,22 @@ def publish_frost(sid: str, sensor: dict, field: str, value: float) -> bool:
 _or_token_cache = {"token": "", "expires": 0}
 
 def _get_or_token() -> str:
-    """Obtain an OpenRemote token via password grant (admin-cli, directAccessGrants enabled)."""
+    """Obtain an OpenRemote token via password grant (admin user)."""
     import time, urllib.parse
     if _or_token_cache["token"] and _or_token_cache["expires"] > time.time() + 60:
         return _or_token_cache["token"]
     try:
-        # Use password grant with openremote client in the target realm (smartcity)
+        # Use password grant with admin user (full rights)
+        token_url = f"http://openremote-keycloak-1:8080/auth/realms/{OR_REALM}/protocol/openid-connect/token"
+        client_id = os.environ.get("OR_CLIENT_ID", "openremote")
+        client_secret = os.environ.get("OR_CLIENT_SECRET", "QVTnyObwXdpQ0Vuc60kFSonidK49FiXb")
         data = urllib.parse.urlencode({
             "grant_type": "password",
             "username": os.environ.get("OR_ADMIN_USER", "admin"),
             "password": os.environ.get("OR_ADMIN_PASS", "Digitribe972"),
-            "client_id": os.environ.get("OR_CLIENT_ID", "openremote")
+            "client_id": client_id,
+            "client_secret": client_secret
         }).encode()
-        # Token URL uses OR_REALM (smartcity) not OR_TOKEN_REALM
-        token_url = f"http://openremote-keycloak-1:8080/auth/realms/{OR_REALM}/protocol/openid-connect/token"
         req = urllib.request.Request(
             token_url,
             data=data,