Commit 7842968e authored by jackie / Andrea Ida Malkah Klaura's avatar jackie / Andrea Ida Malkah Klaura
Browse files

add OIDC refs and setup info for python

parent 1b52f79b
......@@ -4,16 +4,10 @@ In this repository we provide different client stubs and functions, which
can be used to authenticate against AURA components and use the resulting
bearer token to access the different AURA APIs.
Currently there are only bash functions implemented to retrieve tokens
from AURA Steering directly.
Planned and upcoming:
- Shell function to retrieve token via AURA tank
- Python functions
- Javascript functions
- Functions to refresh token before it expires
- Make bash functions fully POSIX/dash compliant
If you are unsure what all this OIDC is about, take a look at Nate Barbettini's
talk [OAuth 2.0 and OpenID Connect (in plain English)](https://www.youtube.com/watch?v=996OiexHze0).
You can also take a peek at the [OpenID Connect FAQs and Q&As](https://openid.net/connect/faq/)
if want to check if you already know everything you need to know about the topic.
## Setup of the OIDC client
......@@ -25,6 +19,8 @@ Shell, Python or Javascript functions.
Also make sure to have the correct response type set, that corresponds to
the OIDC flow you use in your client.
In the next section specifc setups of the client stubs are explained.
## Usage
### Bash
......@@ -35,12 +31,49 @@ with one of the three provided flows.
### Python
The file [python/main.py](python/main.py) provides a full demo of all flows
that are implemented.
You can use it directly to retrieve tokens and make a test call to the steering
and tank APIs with a token. For that to work, you have to setup your config
first:
## Todo
- change into the _python_ directory
- copy the _config.sample.py_ file to _config.py_ and update any fields in it
that do not yet correspond to your OIDC setup and the user account you want
to use for this
- now call the _main.py_ script with the _-h_ option to get some usage info
- add at least one call to the API including a bearer token in the main demos
- test for invalid credentials and provide error text
- add user-agent header and make it configurable
- make bash functions exit at the end of each stage in case of errors
- add checks for state and nonce
- check, why hybdid flow does not return access code
```bash
$ python3 main.py -h
```
Now you are good to go and facilitate the demo client to retrieve access codes
and tokens. If you are only interested in using the relevant functions from
the steering package, take a look at the few lines in the conditional blocks
in _main.py_ that start with a comment like `# demo of the ... flow`. This
is all you need, when you want to integrate this into your own script.
Make sure to have the config right, that can be imported from _config.py_
(or can also be set directly in your script) and to set the `code` value
in the `parameters` dictionary, depending on what flow you choose (e.g.
`parameters["code"] = "it_token token"` for an implicit flow).
## Planned and upcoming features
- Javascript functions
- Functions to refresh token before it expires
- Make bash functions fully POSIX/dash compliant
- Shell function to retrieve token via AURA tank
- Add at least one call to the API including a bearer token in the main demos
- done for python, still todo for bash
- Test (and provide sensible error message) for
- invalid flow type
- invalid credentials
- For the bash client stub:
- add user-agent header and make it configurable
- make functions exit at the end of each stage in case of errors
- For the python client stub:
- use raise instead of sys.exit in error cases
- Add checks for state and nonce
- Check, why hybrid flow does not return access code
config = {
# The user name which should be used to authenticate
"username": "janedoe",
# The users password
"password": "choose_a_secure_password_here",
# What scopes you want to access. Has to contain at least openid, for
# tank to work you also need aura_shows
"scope": "openid profile email username aura_shows",
# The base URL of AURA steering
"base_url": "http://localhost:8000",
# The OIDC authorize, userinfo and token endpoints
"authorize_endpoint": "/openid/authorize",
"userinfo_endpoint": "/openid/userinfo",
"token_endpoint": "/openid/token",
# The base URL of AURA tank
"tank_base": "http://localhost:8040",
# The session endpoint at tank
"tank_session_endpoint": "/auth/session"
# ID of the OIDC client that is configured in AURA Steering
"client_id": "1234567",
# If an authorization code flow is choosen, a client secret will be needed
"client_secret": "abcdef123456789abcdef123456789abcdef123456789abcdef12345",
# The redirect URI that is configured in AURA steering for this client
"redirect_uri": "http://localhost:8080/oidc_callback.html",
# A string representing your client (optional, but useful for debugging)
"user_agent": "AURA Python Client Stub 0.1",
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment