upd backend for request access dialog signed jwt

bcgov · May 12, 2023 · 8d463de · 8d463de
1 parent 522cb37
commit 8d463de
Show file tree

Hide file tree

Showing 5 changed files with 78 additions and 9 deletions.
diff --git a/src/authz/graphql-whitelist/httplocalhost4180devportalapidirectorypreviewfalse-f0c654.gql b/src/authz/graphql-whitelist/httplocalhost4180devportalapidirectorypreviewfalse-f0c654.gql
@@ -0,0 +1,63 @@
+
+  query GetAccessRequestForm($id: ID!) {
+    allProductsByNamespace(where: { id: $id }) {
+      id
+      name
+      environments {
+        id
+        approval
+        name
+        active
+        flow
+        additionalDetailsToRequest
+        legal {
+          title
+          description
+          link
+          reference
+        }
+        credentialIssuer {
+          clientAuthenticator
+        }
+      }
+    }
+    allDiscoverableProducts(where: { id: $id }) {
+      id
+      name
+      environments {
+        id
+        approval
+        name
+        active
+        flow
+        additionalDetailsToRequest
+        legal {
+          title
+          description
+          link
+          reference
+        }
+        credentialIssuer {
+          clientAuthenticator
+        }
+      }
+    }
+    myApplications {
+      id
+      appId
+      name
+      owner {
+        name
+      }
+    }
+    mySelf {
+      legalsAgreed
+    }
+    allTemporaryIdentities {
+      id
+      userId
+      name
+      providerUsername
+      email
+    }
+  }
diff --git a/src/nextapp/components/access-request-form/access-request-dialog.tsx b/src/nextapp/components/access-request-form/access-request-dialog.tsx
@@ -95,6 +95,10 @@ const AccessRequestDialog: React.FC<AccessRequestDialogProps> = ({
                 formData.get('clientAuthenticator') === 'client-jwt-jwks-url'
                   ? formData.get('jwksUrl')
                   : '',
+              clientCertificate:
+                formData.get('clientAuthenticator') === 'client-jwt-jwks-url'
+                  ? formData.get('clientCertificate')
+                  : '',
             }),
             requestor: formData.get('requestor'),
             applicationId: formData.get('applicationId'),

diff --git a/src/nextapp/components/access-request-form/access-request-form.tsx b/src/nextapp/components/access-request-form/access-request-form.tsx
@@ -156,7 +156,7 @@ const AccessRequestForm: React.FC<AccessRequestFormProps> = ({
                 <Textarea
                   isRequired
                   height="64px"
-                  name="publicKey"
+                  name="clientCertificate"
                   variant="bc-input"
                 />
               </Box>
@@ -211,8 +211,9 @@ const AccessRequestForm: React.FC<AccessRequestFormProps> = ({
       <input
         type="hidden"
         name="name"
-        value={`${dataset.name} FOR ${requestor.name ?? requestor.providerUsername
-          }`}
+        value={`${dataset.name} FOR ${
+          requestor.name ?? requestor.providerUsername
+        }`}
       />
       <input
         type="hidden"

diff --git a/src/services/keycloak/client-registration-service.ts b/src/services/keycloak/client-registration-service.ts
@@ -116,9 +116,9 @@ export class KeycloakClientRegistrationService {
           enabled,
           clientId,
           attributes: {
-            'jwt.credential.public.key': '',
-            'jwks.url': jwksUrl,
-            'use.jwks.url': 'true',
+            'jwt.credential.public.key': certificate ?? '',
+            'jwks.url': jwksUrl ?? '',
+            'use.jwks.url': jwksUrl ? "'true'" : "'false'",
           },
         });
         break;

diff --git a/src/services/workflow/generate-credential.ts b/src/services/workflow/generate-credential.ts
@@ -124,8 +124,6 @@ export const generateCredential = async (
       clientSigning.publicKey = publicKey;
       clientSigning.privateKey = privateKey;
       controls.clientCertificate = clientSigning.publicKey;
-    } else {
-      controls.clientCertificate = null;
     }
     const newClient = await registerClient(
       context,
@@ -180,7 +178,10 @@ export const generateCredential = async (
       clientSecret: controls.clientGenCertificate
         ? null
         : newClient.client.clientSecret,
-      issuer: controls.jwksUrl ? newClient.openid.issuer : null,
+      issuer:
+        controls.jwksUrl || controls.clientCertificate
+          ? newClient.openid.issuer
+          : null,
       tokenEndpoint: newClient.openid.token_endpoint,
       clientPublicKey: clientSigning.publicKey,
       clientPrivateKey: clientSigning.privateKey,