puiterwijk / flask-oidc

OpenID Connect support for Flask
BSD 2-Clause "Simplified" License
154 stars 217 forks source link

unable to validate token, when the flask app is running inside container. #114

Open preethamgali opened 3 years ago

preethamgali commented 3 years ago
from functools import wraps
from flask_oidc import OpenIDConnect

class Authentication:
    oidc = OpenIDConnect()
    use_oidc = True
    token_based_auth = False

    @staticmethod
    def validate_scope(scope):
        """
        Decorator used for authentication and authorization the endpoint.

        Parameters
        ----------
        oidc: Oidc instance
            for authentication
        scope: str
            for authorization

        """

        oidc = Authentication.oidc
        use_oidc = Authentication.use_oidc
        token_based_auth = Authentication.token_based_auth

        def wrapper(view_fun):
            """
            Decorator wrapper function.
            """

            @wraps(view_fun)
            def oidc_decorated(*args, **kwargs):
                """
                Decorator inner function authenticate using access token and authorize using scope.
                """
                acc_tkn = oidc.get_access_token()
                ##this is failing, {"error": "invalid_token", "error_description": "Token required but invalid"}
                flag=  oidc.validate_token(acc_tkn, [scope])
                if flag is True:
                    return view_fun(*args, **kwargs)
                return acc_tkn, 300

            @wraps(view_fun)
            def decorated(*args, **kwargs):
                """
                Decorator inner function for open endpoint.
                """
                return view_fun(*args, **kwargs)

            if use_oidc:
                return oidc.accept_token(True, [scope])(decorated) if token_based_auth \
                    else oidc.require_login(oidc_decorated)
            print("inside the AUTH deco")
            return decorated
        return wrapper

from flask import Flask
from auth import Authentication
from flask import redirect, request
from flask_oidc import OpenIDConnect

app = Flask(__name__)
app_config= {
    "OIDC_CLIENT_SECRETS":"ks.json",
    "SECRET_KEY": "SomethingNotEntirelySecret",
    "TESTING": True,
    "DEBUG": True,
    "OIDC_ID_TOKEN_COOKIE_SECURE": False,
    "OIDC_REQUIRE_VERIFIED_EMAIL": False,
    "OIDC_USER_INFO_ENABLED": True,
    "OIDC_OPENID_REALM": "ChatBotStudio",
    "OIDC_INTROSPECTION_AUTH_METHOD": "client_secret_post"
}
app.config.update(app_config)
oidc= Authentication.oidc
oidc.init_app(app)

@app.route('/user')
@Authentication.validate_scope(scope='user_scope')
def user():
    print("inside user method")
    return "inside user method"

The keycloak client secret file is { "web": { "issuer": "http://{keycloak-ip address}:8080/auth/realms/relam1", "auth_uri": "http://{keycloak-ip address}:8080/auth/realms/relam1/protocol/openid-connect/auth", "client_id": "RCP", "client_secret": "e681876c-afd9-4c3b-9f8c-3e5266706ee4", "userinfo_uri": "http://{keycloak-ip address}:8080/auth/realms/relam1/protocol/openid-connect/userinfo", "token_uri": "http://{keycloak-tag}:8080/auth/realms/relam1/protocol/openid-connect/token", "token_introspection_uri": "http://keycloak-tag:8080/auth/realms/relam1/protocol/openid-connect/token/introspect" } }

creating a common bridge docker network create -d bridge keycloak

running keycloak on docker docker run -tid -p 8080:8080 -p 8443:8443 --network keycloak -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin --name keycloak-tag jboss/keycloak

building and running the sample app


#docker -file
FROM python:3
ADD ks.json /
ADD auth.py /
ADD app.py /
 RUN pip install flask
 RUN pip install flask_oidc
CMD [ "python", "./app.py" ]
docker build -t testing -f docker-file .
docker run -p 8090:8090 --network keycloak testing```
devinfopercept commented 2 years ago

Have you got the solution? Because I am stuck in same situation

volodya-wtf commented 2 years ago

Please if you check solution write there