Details
Details
- Reviewers
anlambert - Group Reviewers
Reviewers - Maniphest Tasks
- T2858: Use keycloak authentication for the deposit
- Commits
- rDENVdabe1c91f3fd: keycloak_swh_setup: Assign swh.deposit.api role to hal user
docker is happy
$ swh-doco-keycloak exec swh-deposit /bin/bash + cd /home/tony/work/inria/repo/swh/swh-environment/docker + docker-compose -f docker-compose.yml -f docker-compose.keycloak.yml -f docker-compose.override.yml exec swh-deposit /bin/bash swh@7910820d6ef2:/$ pip install ipython Collecting ipython ... $ ipython In [1]: from swh.auth.keycloak import KeycloakOpenIDConnect ... In [19]: kc = KeycloakOpenIDConnect(server_url="http://keycloak:8080/keycloak/auth/", realm_name="SoftwareHeritage", client_id="swh-deposit") In [20]: token = kc.login("hal", "test") In [21]: decoded_token = kc.decode_token(token['access_token']) In [22]: decoded_token["resource_access"] Out[22]: {'swh-deposit': {'roles': ['swh.deposit.api']}, 'account': {'roles': ['manage-account', 'manage-account-links', 'view-profile']}}
Diff Detail
Diff Detail
- Repository
- rDENV Development environment
- Lint
Automatic diff as part of commit; lint not applicable. - Unit
Automatic diff as part of commit; unit tests not applicable.
Event Timeline
Comment Actions
Adapt according to review, and checks ok [1]
[1] checked by down --volumes, up -d stanza, login in admin auth ui and checked
the hal users has the swh.deposit.api role in its "role mapping" view (and it does)
with our brand new swh.auth (v0.2.0 ;)
In [19]: kc = KeycloakOpenIDConnect(server_url="http://keycloak:8080/keycloak/auth/", realm_name="SoftwareHeritage", client_id="swh-deposit") In [20]: token = kc.login("hal", "test") In [21]: decoded_token = kc.decode_token(token['access_token']) In [22]: decoded_token["resource_access"] Out[22]: {'swh-deposit': {'roles': ['swh.deposit.api']}, 'account': {'roles': ['manage-account', 'manage-account-links', 'view-profile']}}