smui
smui copied to clipboard
querqy
WIP: OpenID based authentication for SMUI
This is a spike for me to have SMUI delegate to Keycloak for authentication. I've been working with a branch in Chorus project to manage the setup of Keycloak: https://github.com/querqy/chorus/pull/47
I've definitely been struggling with some of the Play/Scala code, will need some help getting this whipped into shape ;-)
Tasks to be done:
- [ ] Document how to create a
resource_accesskey in the claim JSON to show up. Eric can't get that to work in Keycloak. - [ ] Write up the documentation on how to use this.
- [ ] Figure out how to get the front end to see an unauthenticated person, and redirect to the ODP URL.
Hi @epugh , the feature sounds very interesting , nevertheless , the implementation seems very work in progress (as the title also suggested) with all its "ERIC HERE" log statements ;-)
Do you have a plan to further drive this feature?
It definitely is WIP... I see the future, just not quite there ;-). The immediate client work that was driving this is wrapped up, but I anticipate picking it back up again. I'll mark it as "Draft" in github to make it clear this isn't ready for produciton. And of course, if anyone else wants to move this along, I more then welcome commits to either this PR or a different solution ;-)
One thing that was difficult was having a way of testing the OpenID (OAuth) without running Keycloak (or another solution)....
I saw this: https://github.com/apache/solr/pull/139#issuecomment-848733275 which might be of interest when we pick this back up.
hi @epugh , I dont know much about Keycloak , but SMUI has a testcontainer infrastructure set up for the automatic test cases. AFAIK , you can bootstrap every docker container to execute test case with the depending software. Might be interesting for a auth service + SMUI setup ...