Closed uw-rvitorino closed 1 year ago
The decode token option is optional, and false by default, so it would make sense to reflect this in the readme. The following would be useful.
DECODE_TOKEN enables extracting a user's profile data from the JWT token instead of fetching this data from Keycloak via an API call. This has the effect of reducing the latency, but also requires the profile to be included in the JWT token in the first place. This can be configured in Keycloak's client scopes tab.
Regarding the Graphene middleware, I'm not sure if we should promote its use. The middleware is basically only used for user authentication in the same way that the normal middleware is, but it is called for each node of the GraphQL query. In effect, this reauthenticates the user multiple times, when once using the normal middleware is enough. Therefore, unless there is some use case that I am not aware of, I would deprecate it instead of recommending its use.
Regarding the setup instructions, they look quite similar to my internal ones. I've adding them below as reference:
my-realm
The imports
folder contains all the settings to use keycloak in a dev environment. It is used by the start script of the core service.
my-realm
realm, go to clients and create a new onecore-service
as the client ID and http://localhost:8000
as the Root URL and save the clientAccess Type
to confidential
and save the changesService Accounts Enabled
and save the changesService Account Roles
tabClient Roles
dropdown select realm-management
Available Roles
select manage-users
and press Add selected
Available Roles
select view-users
and press Add selected
Effective Roles
: manage-users
, query-groups
, query-users
and view-users
In the core service Keycloak settings (core/core/settings.py --> KEYCLOAK_CONFIG) use core-service
as the client ID and the secret from the Credentials
tab.
my-realm
realm, go to clients and create a new oneweb-app
as the client ID and http://localhost:4200
as the Root URL and save the clientmy-realm
realm, create a new realm role (sidebar --> Roles --> Add Role)admin
and press Save
core-service
client (sidebar --> Clients --> core-service --> Roles tab --> Add Role)admin
and press Save
my-realm
realm, go to the user management pageAdd user
and create a user with the username admin
admin
editor, go to the Role Mappings
tabRealm Roles
--> Available Roles
select admin
and the press Add selected
Client Roles
--> core-service
select admin
from the Available Roles
and press Add selected
admin
editor, go to the Credentials
tabPassword
and Password Confirmation
fields, unselect Temporary
and save the password.@uw-rvitorino I like the docs improvement. A small, but important, note: These steps (and screenshots) are for keycloak v10. With the latest keycloak v19, they are a bit outdated. Maybe we should target more recent versions?
Absolutely, I'm a recycling kind of guy 😀, can you, Simão or Moritz provide such screenshots? Feel free to contribute directly to the branch
I'm also still on the legacy Keycloak branch, so my screenshots won't be any newer :sweat_smile:
Hey @uw-rvitorino, how about we just add the 3 small changes I posted above to have the updates visible and do another round of doc improvements in a different MR?
This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 10 days.
This PR was closed because it has been stalled for 10 days with no activity.
As directly requested in #36 and also suggested in #25, this PR aims at improving the README with:
Beyond the accuracy of the instructions, revisions to the English grammar and the quality of the screenshots are more then welcome.