Skip to content

datalayer-experiments/tornado-keycloak

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
dev
dev
 
 
pages
pages
 
 
tornado_oidc
tornado_oidc
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
environment.yml
environment.yml
 
 
main.py
main.py
 
 
setup.cfg
setup.cfg
 
 
setup.py
setup.py
 
 

Repository files navigation

Datalayer

Datalayer Experiments with Tornado Keycloak

status

DISCLAIMER This is experimental work - Do NOT use this in production.

This folder contains an OpenID Connect (OIDC) authentication handler for the Python Tornado Web server (read more on Tornado authentication).

We use here Keycloak as OIDC provider. If you face issue with another OIDC provider (Google...), please open an issue.

Environment

To develop on the source code, we recommend using Miniconda and run the following to get you started.

# Clone, install and browse the storybook.
git clone https://github.com/datalayer-experiments/tornado-keycloak.git &&
  cd tornado-keycloak && \
  make conda \
       install

You also need Docker to launch a Keycloak (OIDC provider) server.

Setup Keycloak OIDC Provider

The following command starts a Keycloak server in a Docker container and get the needed settings (OIDC client and secret).

# Start Keycloak in Docker.
make keycloak-start

Check the logs and ensure Keycloak server is correctly started (it can take 1 minute depending on your system). Upon successful start, the server should print a message similar to the following.

[org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 6.0.1 (WildFly Core 8.0.0.Final) started in ...ms - Started 672 of 937 services (652 services are lazy, passive or on-demand)

If everything is fine, type CTRL-C to stop the log tail (the docker container will still be alive) and initialize Keycloak.

# Create OIDC realm, client and user.
make keycloak-init

Keycloak is now configured with a Realm datalayer, a Client datalayer and a User charlie (password is 123).

You can change those values in the init-keycloak.sh file.

Check you can authenticate on the Keycloak server with username=charlie and password=123.

open http://localhost:8092/auth/realms/datalayer/account

Copy the printed export variables and paste them in your terminal so that the Tornado Web server can read them.

export OIDC_CLIENT_ID=datalayer
export OIDC_REALM=master
export OIDC_SECRET=<secret>
export OIDC_SERVER=http://localhost:8092

Tornado

You can now start the Tornado Web server and authenticate with OIDC.

# open http://localhost:8080
make start

Open http://localhost:8080 in your favorite browser and authenticate with username charlie (password 123).

You can add more users and change the Keycloak settings via the Keycloak administration pages on http://localhost:8092 (username admin, password admin).

Stop

CTRL-C to stop Tornado and run the following.

make keycloak-rm

TODO

  • Logout: Call OIDC API on Logout.

License

MIT License

About

Tornado with Keycloak (OpenID Connect)

Topics

keycloak tornado openid-connect

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

5 stars

Watchers

3 watching

Forks

2 forks
Report repository

Contributors 2

  •  
  •  

Languages