redirect_url in the "test" branch
Currently you have in https://git.scc.kit.edu/synergy.o3as/o3webapp-be/-/blob/test/o3webapp_be/userManager.py#L50 :
egi_token_url = os.getenv('EGI_TOKEN_URL')
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
data = {'grant_type':'authorization_code', 'code': auth_code,
'redirect_uri': 'http://localhost:3000/redirect_url'}##o3web.test.fedcloud.eu
auth = ('o3webapp', os.getenv('SECRET'))
egi_auth = requests.post(egi_token_url, headers=headers, data=data, auth=auth).json()
access_token = egi_auth['access_token']
userinfo_url= os.getenv('EGI_USERINFO_URL')
headers = {"Authorization": "Bearer " + access_token}
egi_userinfo = requests.get(userinfo_url, headers=headers).json()
username = egi_userinfo['name']
sub = egi_userinfo['sub']
return jsonify({'sub': sub, 'name': username})
However, to my understanding:
EGI_TOKEN_URL = `https://aai-dev.egi.eu/oidc/token`
EGI_USERINFO_URL = `https://aai-dev.egi.eu/oidc/userinfo`
i.e. not much different. You can use one e.g. EGI_OIDC_URL = https://aai-dev.egi.eu/oidc
and have e.g.
egi_oidc_url = os.getenv('EGI_OIDC_URL', 'https://aai-dev.egi.eu/oidc')
egi_token_url = os.path.join(egi_oidc_url, 'token')
userinfo_url = os.path.join(egi_oidc_url, 'userinfo')
Next, most important: redirect_uri
is fixed to 'http://localhost:3000/redirect_url' while it has to be reconfigurable, as e.g.
server_url = os.getenv('FRONTEND_SERVER_URL', 'http://localhost:3000')
redirect_url = os.path.join(server_url, 'redirect_url')
data = {'grant_type':'authorization_code', 'code': auth_code,
'redirect_uri': redirect_url}
Also, you do not read the "auth" from a docker secret but as the environment setting, SECRET
. I think, the docker-secret way is safer, but this should work too. Only one request: could you, please, rename to EGI_SECRET
?