Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] OpenID connect client library - eyeing toward deploying keycloak #299

Merged
merged 33 commits into from
Oct 4, 2024
Merged

[WIP] OpenID connect client library - eyeing toward deploying keycloak #299

merged 33 commits into from
Oct 4, 2024

Commits on Jul 26, 2024

  1. OpenID connect client library - eyeing toward deploying keycloak

    @ntai-arxiv
    ntai-arxiv committed Jul 26, 2024
    Configuration menu
    Copy the full SHA
    9d528f7 View commit details
    Browse the repository at this point in the history

Commits on Aug 6, 2024

  1. Work dump

    @ntai-arxiv
    ntai-arxiv committed Aug 6, 2024
    Configuration menu
    Copy the full SHA
    4765e51 View commit details
    Browse the repository at this point in the history

  2. Add JWT token making interface

    @ntai-arxiv
    ntai-arxiv committed Aug 6, 2024
    Configuration menu
    Copy the full SHA
    c1d4037 View commit details
    Browse the repository at this point in the history

Commits on Aug 9, 2024

  1. User claim dictionary slightly smaller. Apprently, nginx default head… 

    …er buffer size is 4k, and the claim == token being bloated is not a good idea.
    @ntai-arxiv
    ntai-arxiv committed Aug 9, 2024
    Configuration menu
    Copy the full SHA
    7ccb479 View commit details
    Browse the repository at this point in the history

  2. Redo - simplify

    @ntai-arxiv
    ntai-arxiv committed Aug 9, 2024
    Configuration menu
    Copy the full SHA
    0a76ef3 View commit details
    Browse the repository at this point in the history

  3. Update Role names - less cryptic.

    @ntai-arxiv
    ntai-arxiv committed Aug 9, 2024
    Configuration menu
    Copy the full SHA
    e4d4bfd View commit details
    Browse the repository at this point in the history

Commits on Aug 11, 2024

  1. Add client secret support.

    @ntai-arxiv
    ntai-arxiv committed Aug 11, 2024
    Configuration menu
    Copy the full SHA
    03df0e9 View commit details
    Browse the repository at this point in the history

Commits on Aug 20, 2024

  1. logout URL is no longer a proprety, it's now a function and you can p… 

    …rovide alternate logout URL.

claims gets id_token property.
    @ntai-arxiv
    ntai-arxiv committed Aug 20, 2024
    Configuration menu
    Copy the full SHA
    5b6c747 View commit details
    Browse the repository at this point in the history

  2. oops.

    @ntai-arxiv
    ntai-arxiv committed Aug 20, 2024
    Configuration menu
    Copy the full SHA
    de6dbcd View commit details
    Browse the repository at this point in the history

  3. naming is hard.

    @ntai-arxiv
    ntai-arxiv committed Aug 20, 2024
    Configuration menu
    Copy the full SHA
    1f0b695 View commit details
    Browse the repository at this point in the history

Commits on Aug 21, 2024

  1. Redo the oidc and user claims - make cookie/claims smaller.

    @ntai-arxiv
    ntai-arxiv committed Aug 21, 2024
    Configuration menu
    Copy the full SHA
    ecfc74c View commit details
    Browse the repository at this point in the history

  2. :(

    @ntai-arxiv
    ntai-arxiv committed Aug 21, 2024
    Configuration menu
    Copy the full SHA
    4934e21 View commit details
    Browse the repository at this point in the history

  3. Start of bridging the oauth2 cookie to legacy.

    @ntai-arxiv
    ntai-arxiv committed Aug 21, 2024
    Configuration menu
    Copy the full SHA
    49a18a8 View commit details
    Browse the repository at this point in the history

Commits on Aug 23, 2024

  1. some progerss made.

    @ntai-arxiv
    ntai-arxiv committed Aug 23, 2024
    Configuration menu
    Copy the full SHA
    cc0597a View commit details
    Browse the repository at this point in the history

Commits on Aug 27, 2024

  1. 1 - Add "aud" checking to pass for oidc_idp.py 

    2 - user_claims.py - token needs more diet. Gave up on including access and id tokens in the secret part. Only encrypt the user's property part. Access token is only needed for talking to Keycloak, and payload is for us.
3. Creating tapir session needs transaction. It is adding the tapir session successfully.
    @ntai-arxiv
    ntai-arxiv committed Aug 27, 2024
    Configuration menu
    Copy the full SHA
    2ee7f64 View commit details
    Browse the repository at this point in the history

Commits on Aug 30, 2024

  1. Ues all but "aud" token verity. 

    I'm not understanding why Keycloak made account has no "aud" while using legacy auth has it. In any rate, I think we don't care where the accounts come from.

Token pack/unpack was totally busted, and now fixed.
    @ntai-arxiv
    ntai-arxiv committed Aug 30, 2024
    Configuration menu
    Copy the full SHA
    190a236 View commit details
    Browse the repository at this point in the history

Commits on Sep 3, 2024

  1. Support refreshing access token. The claims now includes the refresh … 

    …toke for it. The payload size is a bit tight.
    @ntai-arxiv
    ntai-arxiv committed Sep 3, 2024
    Configuration menu
    Copy the full SHA
    f23b810 View commit details
    Browse the repository at this point in the history

Commits on Sep 4, 2024

  1. " " space was a bad choice for the delimiter.

    @ntai-arxiv
    ntai-arxiv committed Sep 4, 2024
    Configuration menu
    Copy the full SHA
    ca287e1 View commit details
    Browse the repository at this point in the history

Commits on Sep 6, 2024

  1. Finish off implementing the token refresh. The refresh is untested fo… 

    …r now.
    @ntai-arxiv
    ntai-arxiv committed Sep 6, 2024
    Configuration menu
    Copy the full SHA
    4c6b9ac View commit details
    Browse the repository at this point in the history

Commits on Sep 13, 2024

  1. Nit fix, and use user_id rather than email for setting up Tapir. user… 

    …_id doesn't change while email may.
    @ntai-arxiv
    ntai-arxiv committed Sep 13, 2024
    Configuration menu
    Copy the full SHA
    80f658c View commit details
    Browse the repository at this point in the history

  2. Merge branch 'develop' into ntai/openid-connect-step-1

    @ntai-arxiv
    ntai-arxiv authored Sep 13, 2024
    Configuration menu
    Copy the full SHA
    44ed197 View commit details
    Browse the repository at this point in the history

  3. Remove the "transaction" thing. It broke. Also fix a stupidity.

    @ntai-arxiv
    ntai-arxiv committed Sep 13, 2024
    Configuration menu
    Copy the full SHA
    df06d5a View commit details
    Browse the repository at this point in the history

Commits on Sep 17, 2024

  1. Change the token format and make it future proof by a version prefix. 

    User claim's user ID "may not be integer" in rare occasion so be defensive.

 Fix the refresh token handling.
    @ntai-arxiv
    ntai-arxiv committed Sep 17, 2024
    Configuration menu
    Copy the full SHA
    bfb93c6 View commit details
    Browse the repository at this point in the history

Commits on Sep 23, 2024

  1. Include the token expiration timestamp in the return value of encode_… 

    …jwt_token
    @ntai-arxiv
    ntai-arxiv committed Sep 23, 2024
    Configuration menu
    Copy the full SHA
    a86117c View commit details
    Browse the repository at this point in the history

  2. refresh token, the function now only need the refresh token only rath… 

    …er than the user claims.
    @ntai-arxiv
    ntai-arxiv committed Sep 23, 2024
    Configuration menu
    Copy the full SHA
    1ca5c01 View commit details
    Browse the repository at this point in the history

  3. Try not using access token (usu payload) instead for the user claims.… 

    … This saves about 1k in size.

validate_access_token may not be RSA key. This isn't implementing the other key types but needs some research that which key type is the smallest.
    @ntai-arxiv
    ntai-arxiv committed Sep 23, 2024
    Configuration menu
    Copy the full SHA
    683177a View commit details
    Browse the repository at this point in the history

Commits on Sep 27, 2024

  1. Just curious what's in the refresh token. it may not work and it's okay.

    @ntai-arxiv
    ntai-arxiv committed Sep 27, 2024
    Configuration menu
    Copy the full SHA
    399fb44 View commit details
    Browse the repository at this point in the history

Commits on Oct 3, 2024

  1. Merge branch 'develop' into ntai/openid-connect-step-1

    @ntai-arxiv
    ntai-arxiv committed Oct 3, 2024
    Configuration menu
    Copy the full SHA
    1c7c86d View commit details
    Browse the repository at this point in the history

Commits on Oct 4, 2024

  1. Fix test_keycloak.py to run in the github action.

    @ntai-arxiv
    ntai-arxiv committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    c71dab8 View commit details
    Browse the repository at this point in the history

  2. no --headless exist for pytest.

    @ntai-arxiv
    ntai-arxiv committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    29e262a View commit details
    Browse the repository at this point in the history

  3. Adjust the binaries for web browser and the driver location.

    @ntai-arxiv
    ntai-arxiv committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    a059b6e View commit details
    Browse the repository at this point in the history

  4. Adjust the binaries for web browser and the driver location.

    @ntai-arxiv
    ntai-arxiv committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    4cbaea3 View commit details
    Browse the repository at this point in the history

  5. library update

    @ntai-arxiv
    ntai-arxiv committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    26ff08b View commit details
    Browse the repository at this point in the history