configuration for keycloak working with exchange token

costero-e · costero-e · commit bb892d77656c · 2025-01-15T14:28:49.000+01:00
diff --git a/beacon/__main__.py b/beacon/__main__.py
@@ -140,6 +140,31 @@ async def post(self):
         except Exception as e:# pragma: no cover
             response_obj = build_beacon_error_response(self, ErrorClass.error_code, 'prova', ErrorClass.error_response)
             return web.Response(text=json_util.dumps(response_obj), status=ErrorClass.error_code, content_type='application/json')
+        
+class WellKnown(EndpointView):
+    @log_with_args(level)
+    async def info(self, request):
+        try:
+            response_obj = {"resource": "http://beaconprod:5050/api/",
+                            "authorization_servers": ["http://idp:8080/auth/realms/Beacon/"],
+                            "client_id": "beacon"}
+            return web.Response(text=json_util.dumps(response_obj), status=200, content_type='application/json')
+        except Exception:# pragma: no cover
+            raise
+
+    async def get(self):
+        try:
+            return await self.info(self.request)
+        except Exception as e:# pragma: no cover
+            response_obj = build_beacon_error_response(self, ErrorClass.error_code, 'prova', ErrorClass.error_response)
+            return web.Response(text=json_util.dumps(response_obj), status=ErrorClass.error_code, content_type='application/json')
+
+    async def post(self):
+        try:
+            return await self.info(self.request)
+        except Exception as e:# pragma: no cover
+            response_obj = build_beacon_error_response(self, ErrorClass.error_code, 'prova', ErrorClass.error_response)
+            return web.Response(text=json_util.dumps(response_obj), status=ErrorClass.error_code, content_type='application/json')
 
 class Collection(EndpointView):
     @log_with_args(level)
@@ -305,6 +330,7 @@ async def create_api():# pragma: no cover
     
     app.add_routes([web.post('/api', Info)])
     app.add_routes([web.post('/api/info', Info)])
+    app.add_routes([web.post('/api/.well-known/oauth-protected-resource', WellKnown)])
     app.add_routes([web.post('/api/entry_types', EntryTypes)])
     app.add_routes([web.post('/api/service-info', ServiceInfo)])
     app.add_routes([web.post('/api/configuration', Configuration)])
@@ -348,6 +374,7 @@ async def create_api():# pragma: no cover
     app.add_routes([web.post('/api/runs/{id}/g_variants', Resultset)])
     app.add_routes([web.get('/api', Info)])
     app.add_routes([web.get('/api/info', Info)])
+    app.add_routes([web.get('/api/.well-known/oauth-protected-resource', WellKnown)])
     app.add_routes([web.get('/api/entry_types', EntryTypes)])
     app.add_routes([web.get('/api/service-info', ServiceInfo)])
     app.add_routes([web.get('/api/configuration', Configuration)])
diff --git a/beacon/auth/__main__.py b/beacon/auth/__main__.py
@@ -5,7 +5,7 @@
 from aiohttp import web
 import os
 from dotenv import load_dotenv
-from beacon.logs.logs import log_with_args
+from beacon.logs.logs import log_with_args, LOG
 from beacon.conf.conf import level
 
 @log_with_args(level)
@@ -37,6 +37,7 @@ def validate_access_token(self, access_token, idp_issuer, jwks_url, algorithm, a
 @log_with_args(level)
 def fetch_idp(self, access_token):
     try:
+        LOG.debug(access_token)
         header = jwt.get_unverified_header(access_token)
         algorithm=header["alg"]
         decoded = jwt.decode(access_token, options={"verify_signature": False})
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -3,6 +3,8 @@ version: '3.1'
 networks:
   idp-priv:
   pub:
+  my-app-network:
+    external: True
 
 services:
   beaconprod:
@@ -18,6 +20,7 @@ services:
       - ./beacon/permissions:/beacon/permissions
     networks:
       - pub
+      - my-app-network
 
   idp:
     #image: quay.io/keycloak/keycloak:12.0.0
@@ -38,19 +41,20 @@ services:
       - DB_DATABASE=keycloak
       #- DB_SCHEMA=public
       - KEYCLOAK_IMPORT=/tmp/beacon-realm.json -Dkeycloak.profile.feature.upload_scripts=enabled -Dkeycloak.profile.feature.token_exchange=enabled -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled
-      - KEYCLOAK_HOSTNAME=localhost
+      - KC_HOSTNAME=idp
       #- KC_HOSTNAME_URL=https://beacon-network-test2.ega-archive.org
       #- KC_HOSTNAME_ADMIN_URL=https://beacon-network-test2.ega-archive.org
       #- KEYCLOAK_FRONTEND_URL=https://beacon-network-test2.ega-archive.org/auth/
       #- PROXY_ADDRESS_FORWARDING=true
     volumes:
       - ./beacon/auth/realms/beacon-realm.json:/tmp/beacon-realm.json
     ports:
-      - "8080:8080"
+      - "8070:8080"
       - "9991:8443"
     networks:
       - idp-priv 
       - pub
+      - my-app-network
     depends_on:
       - idp-db
 
