oidc completed and working

2025-02-04 14:40:26 +01:00 · 2025-02-04 14:40:26 +01:00 · 1d117dd5f6
commit 1d117dd5f6
parent 08afb4046e
2 changed files with 44 additions and 0 deletions
--- a/deployment/values.yml
+++ b/deployment/values.yml
@ -19,9 +19,28 @@ apiServer:
        secretKeyRef:
          name: dtrack-secrets
          key: db-password
+    - name: ALPINE_OIDC_ENABLED
+      value: "true"
+    - name: ALPINE_OIDC_CLIENT_ID
+      value: "dtrack"
+    - name: ALPINE_OIDC_ISSUER
+      value: "https://auth2.hottis.de/realms/hottis"
+    - name: ALPINE_OIDC_USERNAME_CLAIM
+      value: "preferred_username"
+    - name: ALPINE_OIDC_TEAMS_CLAIM
+      value: "roles"
+    - name: ALPINE_OIDC_USER_PROVISIONING
+      value: "true"
+    - name: ALPINE_OIDC_TEAM_SYNCHRONIZATION
+      value: "true"

 frontend:
  apiBaseUrl: https://dtrack-api.hottis.de
+  extraEnv:
+    - name: OIDC_ISSUER
+      value: "https://auth2.hottis.de/realms/hottis"
+    - name: OIDC_CLIENT_ID
+      value: "dtrack"



--- a/tools/token-test.sh
+++ b/tools/token-test.sh
@ -0,0 +1,25 @@
+#!/bin/bash
+
+echo "If something fails, remember to enable 'Direct access grants' for the client"
+
+USER="..."
+PASSWORD="..."
+CLIENT_ID="..."
+
+ISSUER=https://auth2.hottis.de/realms/hottis
+TOKEN=`curl $ISSUER/protocol/openid-connect/token \
+    -d "scope=openid profile email" \
+    -d "client_id=$CLIENT_ID" \
+    -d "grant_type=password" \
+    -d "username=$USER" \
+    -d "password=$PASSWORD"`
+echo $TOKEN
+ACCESS_TOKEN=`echo $TOKEN | jq -r .access_token`
+echo $ACCESS_TOKEN
+
+echo "userinfo:"
+curl -v $ISSUER/protocol/openid-connect/userinfo \
+    -H "Authorization: Bearer $ACCESS_TOKEN"
+echo
+
+