unable to validate token, when the flask app is running inside container.
preethamgali opened this issue · 2 comments
from functools import wraps
from flask_oidc import OpenIDConnect
class Authentication:
oidc = OpenIDConnect()
use_oidc = True
token_based_auth = False
@staticmethod
def validate_scope(scope):
"""
Decorator used for authentication and authorization the endpoint.
Parameters
----------
oidc: Oidc instance
for authentication
scope: str
for authorization
"""
oidc = Authentication.oidc
use_oidc = Authentication.use_oidc
token_based_auth = Authentication.token_based_auth
def wrapper(view_fun):
"""
Decorator wrapper function.
"""
@wraps(view_fun)
def oidc_decorated(*args, **kwargs):
"""
Decorator inner function authenticate using access token and authorize using scope.
"""
acc_tkn = oidc.get_access_token()
##this is failing, {"error": "invalid_token", "error_description": "Token required but invalid"}
flag= oidc.validate_token(acc_tkn, [scope])
if flag is True:
return view_fun(*args, **kwargs)
return acc_tkn, 300
@wraps(view_fun)
def decorated(*args, **kwargs):
"""
Decorator inner function for open endpoint.
"""
return view_fun(*args, **kwargs)
if use_oidc:
return oidc.accept_token(True, [scope])(decorated) if token_based_auth \
else oidc.require_login(oidc_decorated)
print("inside the AUTH deco")
return decorated
return wrapper
from flask import Flask
from auth import Authentication
from flask import redirect, request
from flask_oidc import OpenIDConnect
app = Flask(__name__)
app_config= {
"OIDC_CLIENT_SECRETS":"ks.json",
"SECRET_KEY": "SomethingNotEntirelySecret",
"TESTING": True,
"DEBUG": True,
"OIDC_ID_TOKEN_COOKIE_SECURE": False,
"OIDC_REQUIRE_VERIFIED_EMAIL": False,
"OIDC_USER_INFO_ENABLED": True,
"OIDC_OPENID_REALM": "ChatBotStudio",
"OIDC_INTROSPECTION_AUTH_METHOD": "client_secret_post"
}
app.config.update(app_config)
oidc= Authentication.oidc
oidc.init_app(app)
@app.route('/user')
@Authentication.validate_scope(scope='user_scope')
def user():
print("inside user method")
return "inside user method"
The keycloak client secret file is
{
"web": {
"issuer": "http://{keycloak-ip address}:8080/auth/realms/relam1",
"auth_uri": "http://{keycloak-ip address}:8080/auth/realms/relam1/protocol/openid-connect/auth",
"client_id": "RCP",
"client_secret": "e681876c-afd9-4c3b-9f8c-3e5266706ee4",
"userinfo_uri": "http://{keycloak-ip address}:8080/auth/realms/relam1/protocol/openid-connect/userinfo",
"token_uri": "http://{keycloak-tag}:8080/auth/realms/relam1/protocol/openid-connect/token",
"token_introspection_uri": "http://keycloak-tag:8080/auth/realms/relam1/protocol/openid-connect/token/introspect"
}
}
creating a common bridge
docker network create -d bridge keycloak
running keycloak on docker
docker run -tid -p 8080:8080 -p 8443:8443 --network keycloak -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin --name keycloak-tag jboss/keycloak
building and running the sample app
#docker -file
FROM python:3
ADD ks.json /
ADD auth.py /
ADD app.py /
RUN pip install flask
RUN pip install flask_oidc
CMD [ "python", "./app.py" ]
docker build -t testing -f docker-file .
docker run -p 8090:8090 --network keycloak testing```
Have you got the solution? Because I am stuck in same situation
Please if you check solution write there