Open clemens-tolboom opened 4 months ago
Sketchy example:
spring:
security:
oauth2:
authorizationserver:
issuer: http://auth-server:9000 # Set the issuer URL for your authorization server
client:
articles-client: # Define your client configuration
registration:
client-id: articles-client
client-secret: "{noop}secret" # Replace with your actual client secret
client-name: Articles Client
client-authentication-methods:
- client_secret_basic
authorization-grant-types:
- authorization_code
- refresh_token # Include refresh token grant type
but path spring.security.oauth2.client.registration.[registrationId].authorization-grant-type is listed
We managed to login through the UI https://dev-armadillo.molgenis.org using KeyCloak config below
Described on https://github.com/molgenis/molgenis-r-auth we see KeyCloak is not working from R
# Fusion Auth
endpoint <- discover("https://auth.molgenis.org")
does similar
curl https://auth.molgenis.org/.well-known/openid-configuration
endpoint <- discover("https://auth1.molgenis.net/realms/Molgenis")
does similar
curl https://auth1.molgenis.net/realms/Molgenis/.well-known/openid-configuration
There are some fields added for KeyCloak esp. for resourceserver
oauth2:
client:
provider:
molgenis:
issuer-uri: https://auth1.molgenis.net/realms/Molgenis
registration:
molgenis:
redirect-uri: 'https://dev-armadillo.molgenis.org/login/oauth2/code/molgenis'
scope: openid, profile, email <=================
client-id: Dev-Armadillo-Test
client-secret: ...
resourceserver:
jwt:
issuer-uri: https://auth1.molgenis.net/realms/Molgenis
jwk-set-uri: https://auth1.molgenis.net/realms/Molgenis/protocol/openid-connect/certs <=======
opaquetoken:
introspection-url: 'https://auth1.molgenis.net/realms/Molgenis/protocol/openid-connect/token/introspect' <====
client-id: Dev-Armadillo-Test
client-secret: ...
After cloning https://github.com/molgenis/molgenis-r-auth and googling and managing KeyCloak checkboxes we tried POST-ing as form and device login works
In #121 we learned that increasing the OICD token lifetime make long R queries finish correctly.
Is seems we should add a refresh token into Armadillo ... the R side takes care of keeping the Armadillo session alive but has no business with JWT token timeout