Event Timeline
Comment Actions
$ swh-doco-keycloak exec swh-deposit /bin/bash + cd /home/tony/work/inria/repo/swh/swh-environment/docker + docker-compose -f docker-compose.yml -f docker-compose.keycloak.yml -f docker-compose.override.yml exec swh-deposit /bin/bash swh@b5cb0d186318:/$ ipython bash: ipython: command not found swh@b5cb0d186318:/$ pip install ipython Collecting ipython Downloading ipython-7.21.0-py3-none-any.whl (784 kB) |████████████████████████████████| 784 kB 4.7 MB/s Collecting traitlets>=4.2 Downloading traitlets-5.0.5-py3-none-any.whl (100 kB) |████████████████████████████████| 100 kB 4.0 MB/s Requirement already satisfied: pygments in /srv/softwareheritage/venv/lib/python3.7/site-packages (from ipython) (2.8.1) Collecting backcall Downloading backcall-0.2.0-py2.py3-none-any.whl (11 kB) Requirement already satisfied: prompt-toolkit!=3.0.0,!=3.0.1,<3.1.0,>=2.0.0 in /srv/softwareheritage/venv/lib/python3.7/site-packages (from ipython) (3.0.17) Collecting pickleshare Downloading pickleshare-0.7.5-py2.py3-none-any.whl (6.9 kB) Requirement already satisfied: setuptools>=18.5 in /srv/softwareheritage/venv/lib/python3.7/site-packages (from ipython) (54.1.1) Collecting pexpect>4.3 Downloading pexpect-4.8.0-py2.py3-none-any.whl (59 kB) |████████████████████████████████| 59 kB 3.2 MB/s Requirement already satisfied: decorator in /srv/softwareheritage/venv/lib/python3.7/site-packages (from ipython) (4.4.2) Collecting jedi>=0.16 Downloading jedi-0.18.0-py2.py3-none-any.whl (1.4 MB) |████████████████████████████████| 1.4 MB 3.0 MB/s Collecting parso<0.9.0,>=0.8.0 Downloading parso-0.8.1-py2.py3-none-any.whl (93 kB) |████████████████████████████████| 93 kB 2.0 MB/s Collecting ptyprocess>=0.5 Downloading ptyprocess-0.7.0-py2.py3-none-any.whl (13 kB) Requirement already satisfied: wcwidth in /srv/softwareheritage/venv/lib/python3.7/site-packages (from prompt-toolkit!=3.0.0,!=3.0.1,<3.1.0,>=2.0.0->ipython) (0.2.5) Collecting ipython-genutils Downloading ipython_genutils-0.2.0-py2.py3-none-any.whl (26 kB) Installing collected packages: ptyprocess, parso, ipython-genutils, traitlets, pickleshare, pexpect, jedi, backcall, ipython Successfully installed backcall-0.2.0 ipython-7.21.0 ipython-genutils-0.2.0 jedi-0.18.0 parso-0.8.1 pexpect-4.8.0 pickleshare-0.7.5 ptyprocess-0.7.0 traitlets-5.0.5 swh@b5cb0d186318:/$ export SWH_CONFIG_FILENAME=/deposit-keycloak.yml swh@b5cb0d186318:/$ ipython Python 3.7.9 (default, Dec 18 2020, 05:32:43) Type 'copyright', 'credits' or 'license' for more information IPython 7.21.0 -- An enhanced Interactive Python. Type '?' for help. In [1]: from swh.auth.keycloak import KeycloakOpenIDConnect /srv/softwareheritage/venv/lib/python3.7/site-packages/jose/backends/cryptography_backend.py:18: CryptographyDeprecationWarning: int_from_bytes is deprecated, use int.from_bytes instead from cryptography.utils import int_from_bytes, int_to_bytes In [3]: client = KeycloakOpenIDConnect.from_configfile(client_id="swh-deposit") In [4]: client Out[4]: <swh.auth.keycloak.KeycloakOpenIDConnect at 0x7f4319e218d0> In [5]: oidc_profile = client.login("test", "test") In [6]: oidc_profile Out[6]: {'access_token': 'eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJNYV9GQTRPRjBCa1d3b2dHVmxXNGR6VDFSS0hLaHBTRlQtMUQ5TnlXTzhnIn0.eyJleHAiOjE2MTU2Mjc2ODksImlhdCI6MTYxNTYyNzM4OSwianRpIjoiMmQ5ZjVjMWQtMmExZS00ZWRiLWFmMDAtMGJmNzE3YWU2ZDk4IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDgwL2tleWNsb2FrL2F1dGgvcmVhbG1zL1NvZnR3YXJlSGVyaXRhZ2UiLCJhdWQiOlsic3doLWRlcG9zaXQiLCJhY2NvdW50Il0sInN1YiI6ImMxMjFjYjIwLWRkM2ItNDZhMC1hNDEzLTBjMjY3ODU4NmVkNyIsInR5cCI6IkJlYXJlciIsImF6cCI6InN3aC1kZXBvc2l0Iiwic2Vzc2lvbl9zdGF0ZSI6Ijc4ZmYxZTdjLWE4ZDAtNDk5MC04NjMxLTg2ZTQ5ZWZlMWI2OSIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL2xvY2FsaG9zdDo1MDA2Il0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsic3doLWRlcG9zaXQiOnsicm9sZXMiOlsic3doLmRlcG9zaXQuYXBpIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6Im9wZW5pZCBlbWFpbCBwcm9maWxlIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJuYW1lIjoiVGVzdCBhaWJvdCIsImdyb3VwcyI6W10sInByZWZlcnJlZF91c2VybmFtZSI6InRlc3QiLCJnaXZlbl9uYW1lIjoiVGVzdCIsImZhbWlseV9uYW1lIjoiYWlib3QiLCJlbWFpbCI6InRlc3RAc3doLm9yZyJ9.mhpRzNcC9y69dFjJs5cYojqYO2Q2OQfx8teDFWOik1idRqFiwc16a8Bfluc4rJj1Hvk5laYlyJtuoGXr7EaHGMwt21sIvDWHwncu9d_sEyVMjtX62NrknCdP_dw5DO71JwyO4bvCpMwMBWWh4Rt-D8pRCXG0q2yGxEdXy7mERbwRw1Vv6peXB_c_hIQDxXBMY_Lxjo3uumkcSOhenZa1VUgoNxCcFT2c9bP-_9_-mzcVADVzmdJHY4oy3rXzgzSmRjja-oAloHwlU_YK0dg8KwhbD7UXPRDqpnQRA3tLs4leWjTUbQE_Q3-BWGioF0zRIkeoS6a7FDyhYg8ePkQSjg', 'expires_in': 300, 'refresh_expires_in': 1800, 'refresh_token': 'eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3OGQwOTNmNS05M2IyLTQxOTQtYWFjYS1lOWU0NTVkZTAwZjIifQ.eyJleHAiOjE2MTU2MjkxODksImlhdCI6MTYxNTYyNzM4OSwianRpIjoiNDM5ZTk0NDUtZmNmOS00MzcxLTkxMzMtZTE3NmQ1NGQ3ZmQwIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDgwL2tleWNsb2FrL2F1dGgvcmVhbG1zL1NvZnR3YXJlSGVyaXRhZ2UiLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjUwODAva2V5Y2xvYWsvYXV0aC9yZWFsbXMvU29mdHdhcmVIZXJpdGFnZSIsInN1YiI6ImMxMjFjYjIwLWRkM2ItNDZhMC1hNDEzLTBjMjY3ODU4NmVkNyIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJzd2gtZGVwb3NpdCIsInNlc3Npb25fc3RhdGUiOiI3OGZmMWU3Yy1hOGQwLTQ5OTAtODYzMS04NmU0OWVmZTFiNjkiLCJzY29wZSI6Im9wZW5pZCBlbWFpbCBwcm9maWxlIn0.YsAJ0HYKHhy0DM2N9op0ybEyyc_ZwQk4PD5QA63Pl44', 'token_type': 'Bearer', 'id_token': 'eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJNYV9GQTRPRjBCa1d3b2dHVmxXNGR6VDFSS0hLaHBTRlQtMUQ5TnlXTzhnIn0.eyJleHAiOjE2MTU2Mjc2ODksImlhdCI6MTYxNTYyNzM4OSwiYXV0aF90aW1lIjowLCJqdGkiOiI5MjBjYTYxNS1iZDc2LTQxMzUtOTk1Ny05N2QyOTM5YWY0ZmMiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjUwODAva2V5Y2xvYWsvYXV0aC9yZWFsbXMvU29mdHdhcmVIZXJpdGFnZSIsImF1ZCI6InN3aC1kZXBvc2l0Iiwic3ViIjoiYzEyMWNiMjAtZGQzYi00NmEwLWE0MTMtMGMyNjc4NTg2ZWQ3IiwidHlwIjoiSUQiLCJhenAiOiJzd2gtZGVwb3NpdCIsInNlc3Npb25fc3RhdGUiOiI3OGZmMWU3Yy1hOGQwLTQ5OTAtODYzMS04NmU0OWVmZTFiNjkiLCJhdF9oYXNoIjoiU29NRWJzNF95YWFkX3FvLVdMSnYtUSIsImFjciI6IjEiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJUZXN0IGFpYm90IiwiZ3JvdXBzIjpbXSwicHJlZmVycmVkX3VzZXJuYW1lIjoidGVzdCIsImdpdmVuX25hbWUiOiJUZXN0IiwiZmFtaWx5X25hbWUiOiJhaWJvdCIsImVtYWlsIjoidGVzdEBzd2gub3JnIn0.Q_8ksPD42SXSX1vSqMu-9HMdK9g5VB3Q57JlKplzJ2plaqHffP49RMtapYB8WhF2wHTS8jpbwQPmyuZVVo700NeJl_Mn8W9Yh1V_ss5QV2PjUO-Z2y6PVZkjvaXXcgsDDRtbqQvSWOdO5eQkc7yW6M83nXCroJRHAL8EvaPlXM_wK5QK7RCJ6Qo6TEu6Jnr6xo6HEJBgm_daQMtBm2bf_Umq15cEbUKqAn-3VYhwlc1JibF9DD781POZlDbwfpPmWz-8-du3kHmoEyyM9ekA6o5JVkFK-gMCEvLVLLBkGae-ppuKXZZ_4Ocjbadp1bz3lXhL8zMxwU-N-A29NmLzZQ', 'not-before-policy': 0, 'session_state': '78ff1e7c-a8d0-4990-8631-86e49efe1b69', 'scope': 'openid email profile'} In [7]: decoded_token = client.decode_token(oidc_profile["access_token"]) In [8]: decoded_token Out[8]: {'exp': 1615627689, 'iat': 1615627389, 'jti': '2d9f5c1d-2a1e-4edb-af00-0bf717ae6d98', 'iss': 'http://localhost:5080/keycloak/auth/realms/SoftwareHeritage', 'aud': ['swh-deposit', 'account'], 'sub': 'c121cb20-dd3b-46a0-a413-0c2678586ed7', 'typ': 'Bearer', 'azp': 'swh-deposit', 'session_state': '78ff1e7c-a8d0-4990-8631-86e49efe1b69', 'acr': '1', 'allowed-origins': ['http://localhost:5006'], 'realm_access': {'roles': ['offline_access', 'uma_authorization']}, 'resource_access': {'swh-deposit': {'roles': ['swh.deposit.api']}, 'account': {'roles': ['manage-account', 'manage-account-links', 'view-profile']}}, 'scope': 'openid email profile', 'email_verified': False, 'name': 'Test aibot', 'groups': [], 'preferred_username': 'test', 'given_name': 'Test', 'family_name': 'aibot', 'email': 'test@swh.org'} In [9]: oidc_profile Out[9]: {'access_token': 'eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJNYV9GQTRPRjBCa1d3b2dHVmxXNGR6VDFSS0hLaHBTRlQtMUQ5TnlXTzhnIn0.eyJleHAiOjE2MTU2Mjc2ODksImlhdCI6MTYxNTYyNzM4OSwianRpIjoiMmQ5ZjVjMWQtMmExZS00ZWRiLWFmMDAtMGJmNzE3YWU2ZDk4IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDgwL2tleWNsb2FrL2F1dGgvcmVhbG1zL1NvZnR3YXJlSGVyaXRhZ2UiLCJhdWQiOlsic3doLWRlcG9zaXQiLCJhY2NvdW50Il0sInN1YiI6ImMxMjFjYjIwLWRkM2ItNDZhMC1hNDEzLTBjMjY3ODU4NmVkNyIsInR5cCI6IkJlYXJlciIsImF6cCI6InN3aC1kZXBvc2l0Iiwic2Vzc2lvbl9zdGF0ZSI6Ijc4ZmYxZTdjLWE4ZDAtNDk5MC04NjMxLTg2ZTQ5ZWZlMWI2OSIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL2xvY2FsaG9zdDo1MDA2Il0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsic3doLWRlcG9zaXQiOnsicm9sZXMiOlsic3doLmRlcG9zaXQuYXBpIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6Im9wZW5pZCBlbWFpbCBwcm9maWxlIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJuYW1lIjoiVGVzdCBhaWJvdCIsImdyb3VwcyI6W10sInByZWZlcnJlZF91c2VybmFtZSI6InRlc3QiLCJnaXZlbl9uYW1lIjoiVGVzdCIsImZhbWlseV9uYW1lIjoiYWlib3QiLCJlbWFpbCI6InRlc3RAc3doLm9yZyJ9.mhpRzNcC9y69dFjJs5cYojqYO2Q2OQfx8teDFWOik1idRqFiwc16a8Bfluc4rJj1Hvk5laYlyJtuoGXr7EaHGMwt21sIvDWHwncu9d_sEyVMjtX62NrknCdP_dw5DO71JwyO4bvCpMwMBWWh4Rt-D8pRCXG0q2yGxEdXy7mERbwRw1Vv6peXB_c_hIQDxXBMY_Lxjo3uumkcSOhenZa1VUgoNxCcFT2c9bP-_9_-mzcVADVzmdJHY4oy3rXzgzSmRjja-oAloHwlU_YK0dg8KwhbD7UXPRDqpnQRA3tLs4leWjTUbQE_Q3-BWGioF0zRIkeoS6a7FDyhYg8ePkQSjg', 'expires_in': 300, 'refresh_expires_in': 1800, 'refresh_token': 'eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3OGQwOTNmNS05M2IyLTQxOTQtYWFjYS1lOWU0NTVkZTAwZjIifQ.eyJleHAiOjE2MTU2MjkxODksImlhdCI6MTYxNTYyNzM4OSwianRpIjoiNDM5ZTk0NDUtZmNmOS00MzcxLTkxMzMtZTE3NmQ1NGQ3ZmQwIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDgwL2tleWNsb2FrL2F1dGgvcmVhbG1zL1NvZnR3YXJlSGVyaXRhZ2UiLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjUwODAva2V5Y2xvYWsvYXV0aC9yZWFsbXMvU29mdHdhcmVIZXJpdGFnZSIsInN1YiI6ImMxMjFjYjIwLWRkM2ItNDZhMC1hNDEzLTBjMjY3ODU4NmVkNyIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJzd2gtZGVwb3NpdCIsInNlc3Npb25fc3RhdGUiOiI3OGZmMWU3Yy1hOGQwLTQ5OTAtODYzMS04NmU0OWVmZTFiNjkiLCJzY29wZSI6Im9wZW5pZCBlbWFpbCBwcm9maWxlIn0.YsAJ0HYKHhy0DM2N9op0ybEyyc_ZwQk4PD5QA63Pl44', 'token_type': 'Bearer', 'id_token': 'eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJNYV9GQTRPRjBCa1d3b2dHVmxXNGR6VDFSS0hLaHBTRlQtMUQ5TnlXTzhnIn0.eyJleHAiOjE2MTU2Mjc2ODksImlhdCI6MTYxNTYyNzM4OSwiYXV0aF90aW1lIjowLCJqdGkiOiI5MjBjYTYxNS1iZDc2LTQxMzUtOTk1Ny05N2QyOTM5YWY0ZmMiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjUwODAva2V5Y2xvYWsvYXV0aC9yZWFsbXMvU29mdHdhcmVIZXJpdGFnZSIsImF1ZCI6InN3aC1kZXBvc2l0Iiwic3ViIjoiYzEyMWNiMjAtZGQzYi00NmEwLWE0MTMtMGMyNjc4NTg2ZWQ3IiwidHlwIjoiSUQiLCJhenAiOiJzd2gtZGVwb3NpdCIsInNlc3Npb25fc3RhdGUiOiI3OGZmMWU3Yy1hOGQwLTQ5OTAtODYzMS04NmU0OWVmZTFiNjkiLCJhdF9oYXNoIjoiU29NRWJzNF95YWFkX3FvLVdMSnYtUSIsImFjciI6IjEiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJUZXN0IGFpYm90IiwiZ3JvdXBzIjpbXSwicHJlZmVycmVkX3VzZXJuYW1lIjoidGVzdCIsImdpdmVuX25hbWUiOiJUZXN0IiwiZmFtaWx5X25hbWUiOiJhaWJvdCIsImVtYWlsIjoidGVzdEBzd2gub3JnIn0.Q_8ksPD42SXSX1vSqMu-9HMdK9g5VB3Q57JlKplzJ2plaqHffP49RMtapYB8WhF2wHTS8jpbwQPmyuZVVo700NeJl_Mn8W9Yh1V_ss5QV2PjUO-Z2y6PVZkjvaXXcgsDDRtbqQvSWOdO5eQkc7yW6M83nXCroJRHAL8EvaPlXM_wK5QK7RCJ6Qo6TEu6Jnr6xo6HEJBgm_daQMtBm2bf_Umq15cEbUKqAn-3VYhwlc1JibF9DD781POZlDbwfpPmWz-8-du3kHmoEyyM9ekA6o5JVkFK-gMCEvLVLLBkGae-ppuKXZZ_4Ocjbadp1bz3lXhL8zMxwU-N-A29NmLzZQ', 'not-before-policy': 0, 'session_state': '78ff1e7c-a8d0-4990-8631-86e49efe1b69', 'scope': 'openid email profile'} In [11]: oidc_profile.keys() Out[11]: dict_keys(['access_token', 'expires_in', 'refresh_expires_in', 'refresh_token', 'token_type', 'id_token', 'not-before-policy', 'session_state', 'scope']) In [12]: decoded_token Out[12]: {'exp': 1615627689, 'iat': 1615627389, 'jti': '2d9f5c1d-2a1e-4edb-af00-0bf717ae6d98', 'iss': 'http://localhost:5080/keycloak/auth/realms/SoftwareHeritage', 'aud': ['swh-deposit', 'account'], 'sub': 'c121cb20-dd3b-46a0-a413-0c2678586ed7', 'typ': 'Bearer', 'azp': 'swh-deposit', 'session_state': '78ff1e7c-a8d0-4990-8631-86e49efe1b69', 'acr': '1', 'allowed-origins': ['http://localhost:5006'], 'realm_access': {'roles': ['offline_access', 'uma_authorization']}, 'resource_access': {'swh-deposit': {'roles': ['swh.deposit.api']}, 'account': {'roles': ['manage-account', 'manage-account-links', 'view-profile']}}, 'scope': 'openid email profile', 'email_verified': False, 'name': 'Test aibot', 'groups': [], 'preferred_username': 'test', 'given_name': 'Test', 'family_name': 'aibot', 'email': 'test@swh.org'} In [13]: decoded_token.keys() Out[13]: dict_keys(['exp', 'iat', 'jti', 'iss', 'aud', 'sub', 'typ', 'azp', 'session_state', 'acr', 'allowed-origins', 'realm_access', 'resource_access', 'scope', 'email_verified', 'name', 'groups', 'preferred_username', 'given_name', 'family_name', 'email'])
Indeed, no "auth_time" in there ¯\_(ツ)_/¯