wip: Add a Keycloak provider for OAuth (#407)

kalisio · Dec 20, 2024 · aab6574 · aab6574
1 parent 203bc65
commit aab6574
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 4 deletions.
diff --git a/api/config/default.cjs b/api/config/default.cjs
@@ -66,6 +66,8 @@ if (process.env.SUBDOMAIN) {
 }
 // On a developer machine will do domain = gateway = localhost
 const gateway = (process.env.API_GATEWAY_URL ? process.env.API_GATEWAY_URL : domain.replace('kano', 'api'))
+// Keycloak base url
+const keycloakBaseUrl = `${process.env.KEYCLOAK_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect`
 
 // Just used for testing purpose now
 apiLimiter = null
@@ -189,7 +191,17 @@ module.exports = {
       redirect: domain + '/',
       defaults: {
         origin: domain
-      }
+      },
+      keycloak: (process.env.KEYCLOAK_CLIENT_ID ? {
+        key: process.env.KEYCLOAK_CLIENT_ID,
+        secret: process.env.KEYCLOAK_CLIENT_SECRET,
+        oauth: 2,
+        scope: ['openid'],
+        authorize_url: `${keycloakBaseUrl}/auth`,
+        access_url: `${keycloakBaseUrl}/token`,
+        profile_url: `${keycloakBaseUrl}/userinfo`,
+        nonce: true
+      } : undefined)
     },
     passwordPolicy: {
       minLength: 8,

diff --git a/src/App.vue b/src/App.vue
@@ -41,7 +41,7 @@ function showError (error) {
     logger.error(error)
     return
   }
-  const notification = { type: 'negative', message: error.message || error.error_message, html: true }
+  const notification = { type: 'negative', message: error.message || error.error_message || error.error, html: true }
   // Check if user can retry to avoid this error
   if (error.retryHandler) {
     notification.actions = [{
@@ -55,9 +55,14 @@ function showError (error) {
 }
 function showRouteError (route) {
   // We handle error on any page with query string
-  if (route.query && route.query.error_message) {
+  if (route.query && (route.query.error_message || route.query.error)) {
     showError(route.query)
   }
+  // OAuth login is using token set as route param like 'access_token=jwt'.
+  // However in case of error it will be like 'error=message' instead.
+  else if (route.params && route.params.token && route.params.token.startsWith('error=')) {
+    showError({ message: route.params.token.split('=')[1] })
+  }
 }
 function addRequest (hook) {
   // Check if this request is a quiet one or not

diff --git a/src/i18n/app_en.json b/src/i18n/app_en.json
@@ -40,6 +40,7 @@
     }
   },
   "screen": {
+    "LOGIN_WITH_KEYCLOAK": "Login with Keycloak",
     "ABOUT_KALISIO": "About",
     "CONTACT": "Contact",
     "TERMS_AND_POLICIES": "Terms and Policies"

diff --git a/src/i18n/app_fr.json b/src/i18n/app_fr.json
@@ -40,6 +40,7 @@
     }
   },
   "screen": {
+    "LOGIN_WITH_KEYCLOAK": "Se connecter avec Keycloak",
     "ABOUT_KALISIO": "A propos",
     "CONTACT": "Contact",
     "TERMS_AND_POLICIES": "Conditions générales"

diff --git a/src/router/routes.js b/src/router/routes.js
@@ -1,7 +1,7 @@
 const tours = require('../tours')
 
 module.exports = [{
-  path: '/',
+  path: '/:token?',
   name: 'index',
   component: 'Index',
   meta: { unauthenticated: true },