Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[5SP,9SP] Implement curl and httplib-based access to Keycloak #350

Closed
ivan-cukic opened this issue Sep 16, 2024 · 1 comment · Fixed by #357
Closed

[5SP,9SP] Implement curl and httplib-based access to Keycloak #350

ivan-cukic opened this issue Sep 16, 2024 · 1 comment · Fixed by #357
Assignees
@vimpostor
Milestone
CALL#5 - Security...

Comments

@ivan-cukic
Copy link
Collaborator

  • Fill in example data into Keycloak
  • Investigate and document which authentication flow(s) should be used
  • Make curl-based scripts for user authentication
  • Implement httplib equivalent of those scripts
@ivan-cukic ivan-cukic converted this from a draft issue Sep 16, 2024
@wirew0rm wirew0rm added this to the CALL#6 - Security Hardening and RBAC Integration milestone Sep 16, 2024
@vimpostor
Copy link
Contributor

vimpostor commented Sep 18, 2024
edited
Loading

The setup of Keycloak with the Admin REST API is already complete and completely scripted over curl, so that it is easy to use from CI.
The httplib implementation is also complete and working and implements a client that is fully compliant with the authorization code grant as per section 4.1 from RFC 6749.

For the above authorization flow a user needs to sign into an external browser and grant access, but it might be also needed to add a userless-flow, as some devices are secured only by the fact that they are located in a secured room. For that the implementation could be extended with section 4.4 of the above RFC.

The last large part remaining to be done is Emscripten support, which might present some difficulties, as section 4.1 requires a port to be opened to exchange the token in the callback from the browser.

The future work of UI integration is covered by fair-acc/opendigitizer#203.

@RalphSteinhagen RalphSteinhagen modified the milestones: CALL#5 - Security Hardening and RBAC Integration, CALL#5 - Security Hardening Sep 25, 2024
@vimpostor vimpostor mentioned this issue Nov 11, 2024
Merged
@vimpostor vimpostor changed the title [5SP] Implement curl and httplib-based access to Keycloak [5SP,9SP] Implement curl and httplib-based access to Keycloak Nov 11, 2024
RalphSteinhagen pushed a commit that referenced this issue Nov 12, 2024
@vimpostor
Implement OAuth Client (#357)
8b472fd 
 for details see: #350
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vimpostor vimpostor

Labels
None yet
Projects
Digitizer Reimplementation
Status: QA-Accepted/Merged (∞)
Milestone
CALL#5 - Security Hardening
Development

Successfully merging a pull request may close this issue.

Implement OAuth Client fair-acc/opencmw-cpp
4 participants
@ivan-cukic @wirew0rm @vimpostor @RalphSteinhagen