Skip to content

Commit

Permalink
Configure local oidc server
Browse files Browse the repository at this point in the history 
Remove duplicate import
  • Loading branch information
@daniel-va
daniel-va committed May 22, 2024
1 parent 4401fd8 commit 2ed6ac2
Show file tree
Hide file tree
Showing 5 changed files with 56 additions and 41 deletions.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ To do so, use the following commands.
Be aware that you need to manually insert the `{DB_*}` values beforehand.
```bash
cd development
docker compose exec db sh -c 'pg_dump --dbname=postgresql://{DB_USERNAME}:{DB_PASSWORD}@{DB_HOST}:5432/{DB_DATABASE} --data-only --exclude-table asset_user -n public > /dump.sql'
docker compose exec db sh -c 'pg_dump --dbname=postgresql://{DB_USERNAME}:{DB_PASSWORD}@{DB_HOST}:5432/{DB_DATABASE} --data-only --exclude-table asset_user _prisma_migrations -n public > /dump.sql'
```
> The export will output warnings related to circular foreign-key constraints.
> These can be safely ignored.
Expand Down
5 changes: 4 additions & 1 deletion apps/server-asset-sg/src/app/jwt/jwt-middleware.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,9 +117,12 @@ export class JwtMiddleware implements NestMiddleware {
}

private getJwkTE(): TE.TaskEither<Error, JwksKey[]> {
const jwksPath = environment.production
? '/.well-known/jwks.json'
: '/.well-known/openid-configuration/jwks';
return pipe(
TE.tryCatch(
() => axios.get(`${process.env.OAUTH_ISSUER}/.well-known/jwks.json`),
() => axios.get(`${process.env.OAUTH_ISSUER}${jwksPath}`),
reason => new Error(`${reason}`),
),
TE.map(response => response.data.keys),
Expand Down
32 changes: 19 additions & 13 deletions development/docker-compose.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,24 +119,25 @@ services:
environment:
- ServerOptions__HostName=smtp4dev

oidc-server:
oidc:
container_name: swissgeol-assets-oidc
image: soluto/oidc-server-mock
image: ghcr.io/soluto/oidc-server-mock
restart: unless-stopped
ports:
- "4011:80"
- "4011:8080"
environment:
CLIENTS_CONFIGURATION_PATH: /tmp/config/clients-config.json
USERS_CONFIGURATION_PATH: /tmp/config/users-config.json
IDENTITY_RESOURCES_INLINE: |
[
{
"Name": "local_groups_scope",
"ClaimTypes": [
"local_groups_claim"
]
}
]
API_SCOPES_INLINE: |
[
{
"Name": "cognito",
"UserClaims": [
"cognito:groups",
"username"
]
}
]
SERVER_OPTIONS_INLINE: |
{
"IssuerUri": "http://localhost:4011",
Expand All @@ -147,8 +148,13 @@ services:
"Authentication": {
"CookieSameSiteMode": "Lax",
"CheckSessionCookieSameSiteMode": "Lax"
},
"KeyManagement": {
"Enabled": true,
"KeyPath": "/tmp/data/keys"
}
}
volumes:
- ./init/oidc/oidc-mock-clients.json:/tmp/config/clients-config.json:ro
- ./init/oidc/oidc-mock-users.json:/tmp/config/users-config.json:ro
- ./init/oidc/oidc-mock-users.json:/tmp/config/users-config.json:ro
- ./volumes/oidc/keys:/tmp/data/keys
14 changes: 5 additions & 9 deletions development/init/oidc/oidc-mock-clients.json
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,11 @@
[{
"ClientId": "assets-client",
"Description": "Client for Authorization Code flow with PKCE",
"ClientId": "assets",
"Description": "swisstopo assets",
"RequireClientSecret": false,
"AlwaysIncludeUserClaimsInIdToken": true,
"AllowedGrantTypes": [
"authorization_code"
],
"AllowedResponseTypes": [
"code",
"id_token"
],
"AllowAccessTokensViaBrowser": true,
"RedirectUris": [
"http://localhost:4200"
Expand All @@ -20,10 +16,10 @@
"AllowedScopes": [
"openid",
"profile",
"local_groups_scope"
"email",
"cognito"
],
"AccessTokenType": "JWT",
"IdentityTokenLifetime": 3600,
"AccessTokenLifetime": 3600
}
]
}]
44 changes: 27 additions & 17 deletions development/init/oidc/oidc-mock-users.json
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
[
{
"SubjectId":"10f95aa3-fb95-41eb-b754-5f729a092e30",
"Username":"admin@swissgeol.assets",
"Password":"swissgeol_assets",
"SubjectId":"379a20e6-6a5d-4390-93ca-d408613e854d",
"Username":"admin",
"Password":"admin",
"Claims": [
{
"Type": "name",
"Value": "Admin User",
"Value": "Admin",
"ValueType": "string"
},
{
"Type": "family_name",
"Value": "User",
"Value": "Admin",
"ValueType": "string"
},
{
Expand All @@ -21,7 +21,7 @@
},
{
"Type": "email",
"Value": "admin[email protected]",
"Value": "admin@assets.swissgeol.ch",
"ValueType": "string"
},
{
Expand All @@ -30,35 +30,40 @@
"ValueType": "boolean"
},
{
"Type": "local_groups_claim",
"Value": "[\"boreholes_dev_group\"]",
"Type": "cognito:groups",
"Value": "[\"assets.swissgeol\"]",
"ValueType": "json"
},
{
"Type": "username",
"Value": "[email protected]",
"ValueType": "string"
}
]
},
{
"SubjectId":"sub_editor",
"Username":"editor",
"Password":"swissforages",
"SubjectId":"e06ad465-3adc-4ad7-bee5-ff0605a4b928",
"Username":"viewer",
"Password":"viewer",
"Claims": [
{
"Type": "name",
"Value": "Editor User",
"Value": "Viewer",
"ValueType": "string"
},
{
"Type": "family_name",
"Value": "User",
"Value": "Viewer",
"ValueType": "string"
},
{
"Type": "given_name",
"Value": "Editor",
"Value": "Viewer",
"ValueType": "string"
},
{
"Type": "email",
"Value": "[email protected]",
"Value": "[email protected]",
"ValueType": "string"
},
{
Expand All @@ -67,9 +72,14 @@
"ValueType": "boolean"
},
{
"Type": "local_groups_claim",
"Value": "[\"boreholes_dev_group\"]",
"Type": "cognito:groups",
"Value": "[\"assets.swissgeol\"]",
"ValueType": "json"
},
{
"Type": "username",
"Value": "[email protected]",
"ValueType": "string"
}
]
}
Expand Down

0 comments on commit 2ed6ac2

Please sign in to comment.