As armadillo user I want to refresh my tokens when they timeout #669
Comments
clemens-tolboom
changed the title
|
Sketchy example: spring:
security:
oauth2:
authorizationserver:
issuer: http://auth-server:9000 # Set the issuer URL for your authorization server
client:
articles-client: # Define your client configuration
registration:
client-id: articles-client
client-secret: "{noop}secret" # Replace with your actual client secret
client-name: Articles Client
client-authentication-methods:
- client_secret_basic
authorization-grant-types:
- authorization_code
- refresh_token # Include refresh token grant typebut path spring.security.oauth2.client.registration.[registrationId].authorization-grant-type is listed |
KeyCloak OIDCWe managed to login through the UI https://dev-armadillo.molgenis.org using KeyCloak config below Described on https://github.com/molgenis/molgenis-r-auth we see KeyCloak is not working from R Fusion Auth# Fusion Auth
endpoint <- discover("https://auth.molgenis.org")does similar curl https://auth.molgenis.org/.well-known/openid-configurationKeyCloakdoes similar curl https://auth1.molgenis.net/realms/Molgenis/.well-known/openid-configurationapplication.ymlThere are some fields added for KeyCloak esp. for resourceserver oauth2:
client:
provider:
molgenis:
issuer-uri: https://auth1.molgenis.net/realms/Molgenis
registration:
molgenis:
redirect-uri: 'https://dev-armadillo.molgenis.org/login/oauth2/code/molgenis'
scope: openid, profile, email <=================
client-id: Dev-Armadillo-Test
client-secret: ...
resourceserver:
jwt:
issuer-uri: https://auth1.molgenis.net/realms/Molgenis
jwk-set-uri: https://auth1.molgenis.net/realms/Molgenis/protocol/openid-connect/certs <=======
opaquetoken:
introspection-url: 'https://auth1.molgenis.net/realms/Molgenis/protocol/openid-connect/token/introspect' <====
client-id: Dev-Armadillo-Test
client-secret: ...Test script usedUsed R scriptThis needs a working release-test.R libs RStudio environment. #!/usr/bin/env Rscript
library(dsBaseClient)
library(purrr)
library(MolgenisArmadillo)
#demo_url <- "https://armadillo-demo.molgenis.net/"
#demo_url <- "http://localhost:8080/"
demo_url <- "https://dev-armadillo.molgenis.org/"
demo_token <- armadillo.get_token(demo_url)
print(demo_token)
builder <- DSI::newDSLoginBuilder()
builder$append(server = "study1", url = demo_url, profile = "xenon", token = demo_token, driver = "ArmadilloDriver",
table = "xenon-tests/2_1-core-1_0/nonrep")
#builder$append(server = "study1", url = demo_url, profile = "default", token = demo_token, driver = "ArmadilloDriver",
# table = "lifecycle/core/nonrep")
logindata <- builder$build()
conns <- DSI::datashield.login(logins = logindata, assign = T, symbol = "nonrep")
1:100000 %>% map(
~{
Sys.sleep(10)
print(.)
print(format(Sys.time(), "%Y-%m-%dT%H:%M:%S"))
ds.rep(x1 = 4, times = 6, length.out = NA, each = 1, source.x1 = "clientside",
source.times = "c", source.length.out = NULL, source.each = "c",
x1.includes.characters = FALSE, newobj = "rep.seq")
}) |
device loginAfter cloning https://github.com/molgenis/molgenis-r-auth and googling and managing KeyCloak checkboxes we tried POST-ing as form and device login works See PR molgenis/molgenis-r-auth#18 |
marikaris
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In #121 we learned that increasing the OICD token lifetime make long R queries finish correctly.
Is seems we should add a refresh token into Armadillo ... the R side takes care of keeping the Armadillo session alive but has no business with JWT token timeout
The text was updated successfully, but these errors were encountered: