Add OIDC support - Githubissues

MTES-MCT / qualicharge

Améliorer la qualité globale du service de recharge pour véhicules électriques en analysant les données de supervision.

https://beta.gouv.fr/startups/qualicharge.html

MIT License

2 stars 1 forks source link

Add OIDC support #12

Closed jmaupetit closed 5 months ago

jmaupetit commented 5 months ago

Purpose

We choose OIDC to handle API access management.

Proposal

[x] integrate keycloak as an OIDC provider in the development environment
[x] add OIDC authentication in the core FastAPI application

jmaupetit commented 5 months ago

:spiral_notepad: Note to self

To query an access token from Keycloak api client within the qualicharge realm for the johndoe user, use the following command:

http --form --verbose POST \
    http://localhost:8080/realms/qualicharge/protocol/openid-connect/token \
    client_id=api \
    client_secret=super-secret \
    username=johndoe \
    password=pass \
    grant_type=password

Nota bene: for Keycloak, submitted data should be url-encoded (it does not work using JSON data format).

jmaupetit commented 5 months ago

For now, the only pain point that makes the whole thing not fully automatized is that we need to inactivate the "Verify Profile" required action. I still haven't found were it can be configured.

jmaupetit commented 5 months ago

For now, the only pain point that makes the whole thing not fully automatized is that we need to inactivate the "Verify Profile" required action. I still haven't found were it can be configured.

This is now fixed.