Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add OIDC support #12

Merged
merged 4 commits into from
Apr 5, 2024
Merged

Add OIDC support #12

merged 4 commits into from
Apr 5, 2024

Conversation

jmaupetit
Copy link
Member

@jmaupetit jmaupetit commented Mar 29, 2024
edited
Loading

Purpose

We choose OIDC to handle API access management.

Proposal

  • integrate keycloak as an OIDC provider in the development environment
  • add OIDC authentication in the core FastAPI application

@jmaupetit jmaupetit self-assigned this Mar 29, 2024
@jmaupetit jmaupetit marked this pull request as draft March 29, 2024 19:15
@jmaupetit
Copy link
Member Author

🗒️ Note to self

To query an access token from Keycloak api client within the qualicharge realm for the johndoe user, use the following command:

http --form --verbose POST \
    http://localhost:8080/realms/qualicharge/protocol/openid-connect/token \
    client_id=api \
    client_secret=super-secret \
    username=johndoe \
    password=pass \
    grant_type=password

Nota bene: for Keycloak, submitted data should be url-encoded (it does not work using JSON data format).

@jmaupetit
Copy link
Member Author

For now, the only pain point that makes the whole thing not fully automatized is that we need to inactivate the "Verify Profile" required action. I still haven't found were it can be configured.

image

@jmaupetit
Copy link
Member Author

jmaupetit commented Apr 2, 2024
edited
Loading

For now, the only pain point that makes the whole thing not fully automatized is that we need to inactivate the "Verify Profile" required action. I still haven't found were it can be configured.

This is now fixed.

jmaupetit added 4 commits April 4, 2024 17:00
@jmaupetit
🔨(project) add keycloak service for development
826ff12 
We need an OIDC provider to test our authentication workflow locally.
@jmaupetit
✨(api) add OIDC authentication
e68fcdf 
Every API endpoints should be behind an OpenID Connect authentication
workflow.
@jmaupetit
➕(api) add pytest coverage
01c252f 
We need more details on test code coverage.
@jmaupetit
✅(api) add id token factory to improve testing flow
d6b5e32 
We are now able to better test tokens validation in our tests.
@jmaupetit jmaupetit marked this pull request as ready for review April 5, 2024 10:17
@jmaupetit jmaupetit merged commit 81d3069 into main Apr 5, 2024
8 checks passed
@jmaupetit jmaupetit deleted the add-oidc-support branch April 5, 2024 10:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jmaupetit jmaupetit

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jmaupetit