search

ucd-library / aggie-experts

Publicly reported feedback and issues for Aggie Experts
https://ucd-library.github.io/aggie-experts/
MIT License
1 stars 2 forks source link

Qh miv credentials #449

Closed qjhart closed 2 weeks ago

qjhart commented 2 weeks ago

This pull request is a stop-gap measure for the MIV team. I have defined a new separate realm in keycloak with only one client. The client credential TTL is very long, 180 days, so that the MIV team has more time to update their authentication scheme.

This requires a near complete re-implementation of the authorization step, since fin expects (rightfully) only one realm.

We will work with the MIV team on developing the best method of updating this setup. 

  host="https://auth.library.ucdavis.edu"
  connect="${host}/realms/aggie-experts-miv/protocol/openid-connect/token"

  http --form $connect grant_type=client_credentials client_id=miv client_secret="$secret" | tee token_package.json

  # You can investigate this with `jq . token_package.json. See the long ttl eg.
  token=$(jq -r .access_token token_package.json)

  experts:=https://stage.experts.library.ucdavis.edu/

  #Now you can get some grant info
  http ${experts}/api/miv/grants ucdPersonUUID==00021386 Authorization:"Bearer $token"
rakunkel-ucd commented 2 weeks ago

typo in your script ... experts:=https