Skip to content

Commit

Permalink
configuration for keycloak working with exchange token
Browse files Browse the repository at this point in the history
  • Loading branch information
@costero-e
costero-e committed Jan 15, 2025
1 parent 448b195 commit bb892d7
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 3 deletions.
27 changes: 27 additions & 0 deletions beacon/__main__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,31 @@ async def post(self):
except Exception as e:# pragma: no cover
response_obj = build_beacon_error_response(self, ErrorClass.error_code, 'prova', ErrorClass.error_response)
return web.Response(text=json_util.dumps(response_obj), status=ErrorClass.error_code, content_type='application/json')

class WellKnown(EndpointView):
@log_with_args(level)
async def info(self, request):
try:
response_obj = {"resource": "http://beaconprod:5050/api/",
"authorization_servers": ["http://idp:8080/auth/realms/Beacon/"],
"client_id": "beacon"}
return web.Response(text=json_util.dumps(response_obj), status=200, content_type='application/json')
except Exception:# pragma: no cover
raise

async def get(self):
try:
return await self.info(self.request)
except Exception as e:# pragma: no cover
response_obj = build_beacon_error_response(self, ErrorClass.error_code, 'prova', ErrorClass.error_response)
return web.Response(text=json_util.dumps(response_obj), status=ErrorClass.error_code, content_type='application/json')

async def post(self):
try:
return await self.info(self.request)
except Exception as e:# pragma: no cover
response_obj = build_beacon_error_response(self, ErrorClass.error_code, 'prova', ErrorClass.error_response)
return web.Response(text=json_util.dumps(response_obj), status=ErrorClass.error_code, content_type='application/json')

class Collection(EndpointView):
@log_with_args(level)
Expand Down Expand Up @@ -305,6 +330,7 @@ async def create_api():# pragma: no cover

app.add_routes([web.post('/api', Info)])
app.add_routes([web.post('/api/info', Info)])
app.add_routes([web.post('/api/.well-known/oauth-protected-resource', WellKnown)])
app.add_routes([web.post('/api/entry_types', EntryTypes)])
app.add_routes([web.post('/api/service-info', ServiceInfo)])
app.add_routes([web.post('/api/configuration', Configuration)])
Expand Down Expand Up @@ -348,6 +374,7 @@ async def create_api():# pragma: no cover
app.add_routes([web.post('/api/runs/{id}/g_variants', Resultset)])
app.add_routes([web.get('/api', Info)])
app.add_routes([web.get('/api/info', Info)])
app.add_routes([web.get('/api/.well-known/oauth-protected-resource', WellKnown)])
app.add_routes([web.get('/api/entry_types', EntryTypes)])
app.add_routes([web.get('/api/service-info', ServiceInfo)])
app.add_routes([web.get('/api/configuration', Configuration)])
Expand Down
3 changes: 2 additions & 1 deletion beacon/auth/__main__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
from aiohttp import web
import os
from dotenv import load_dotenv
from beacon.logs.logs import log_with_args
from beacon.logs.logs import log_with_args, LOG
from beacon.conf.conf import level

@log_with_args(level)
Expand Down Expand Up @@ -37,6 +37,7 @@ def validate_access_token(self, access_token, idp_issuer, jwks_url, algorithm, a
@log_with_args(level)
def fetch_idp(self, access_token):
try:
LOG.debug(access_token)
header = jwt.get_unverified_header(access_token)
algorithm=header["alg"]
decoded = jwt.decode(access_token, options={"verify_signature": False})
Expand Down
8 changes: 6 additions & 2 deletions docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ version: '3.1'
networks:
idp-priv:
pub:
my-app-network:
external: True

services:
beaconprod:
Expand All @@ -18,6 +20,7 @@ services:
- ./beacon/permissions:/beacon/permissions
networks:
- pub
- my-app-network

idp:
#image: quay.io/keycloak/keycloak:12.0.0
Expand All @@ -38,19 +41,20 @@ services:
- DB_DATABASE=keycloak
#- DB_SCHEMA=public
- KEYCLOAK_IMPORT=/tmp/beacon-realm.json -Dkeycloak.profile.feature.upload_scripts=enabled -Dkeycloak.profile.feature.token_exchange=enabled -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled
- KEYCLOAK_HOSTNAME=localhost
- KC_HOSTNAME=idp
#- KC_HOSTNAME_URL=https://beacon-network-test2.ega-archive.org
#- KC_HOSTNAME_ADMIN_URL=https://beacon-network-test2.ega-archive.org
#- KEYCLOAK_FRONTEND_URL=https://beacon-network-test2.ega-archive.org/auth/
#- PROXY_ADDRESS_FORWARDING=true
volumes:
- ./beacon/auth/realms/beacon-realm.json:/tmp/beacon-realm.json
ports:
- "8080:8080"
- "8070:8080"
- "9991:8443"
networks:
- idp-priv
- pub
- my-app-network
depends_on:
- idp-db

Expand Down

0 comments on commit bb892d7

Please sign in to comment.