This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/sling-whiteboard.git
commit 9ce0d72128ab04aaf99c432ed548b515db366f69 Author: Robert Munteanu <[email protected]> AuthorDate: Mon Jul 3 19:18:25 2023 +0300 oidc-rp: update TODOs, add simplified getting started --- org.apache.sling.servlets.oidc-rp/README.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/org.apache.sling.servlets.oidc-rp/README.md b/org.apache.sling.servlets.oidc-rp/README.md index 83fc4d62..341aba99 100644 --- a/org.apache.sling.servlets.oidc-rp/README.md +++ b/org.apache.sling.servlets.oidc-rp/README.md @@ -14,6 +14,7 @@ objective is to simplify access to user and access tokens in a secure manner. - bundle/package should probably be org.apache.sling.extensions.oidc, as the primary entry point is the Java API - clarify Java API and allow extracting both id and access tokens - make use of refresh tokens +- `mvn clean install` does not find the bundle generated in the current reactor build. - document usage for the supported OIDC providers; make sure to explain this is _not_ an authentication handler - provide a sample content package and instructions how to use - review to see if we can use more of the Nimbus SDK, e.g. enpodints discovery, token parsing @@ -49,6 +50,32 @@ At this point you can navigate to /home/users/${USERNAME}/oidc-tokens/${CONNECTI ### Local development setup +#### tl;dr + +- run the keycloak container using the instructions for 'use existing test files' +- build the bundle once with `mvn clean install` +- run Sling with `mvn feature-launcher:start feature-launcher:stop -Dfeature-launcher.waitForInput` +- create OSGi config with + +``` +export CLIENT_SECRET=$(cat src/test/resources/keycloak-import/sling.json | jq --raw-output '.clients[] | select (.clientId == "oidc-test") | .secret') + +$ curl -u admin:admin -X POST -d "apply=true" -d "propertylist=name,baseUrl,clientId,clientSecret,scopes" \ + -d "name=keycloak-dev" \ + -d "baseUrl=http://localhost:8081/realms/sling"; \ + -d "clientId=oidc-test"\ + -d "clientSecret=$CLIENT_SECRET" \ + -d "scopes=openid" \ + -d "factoryPid=org.apache.sling.servlets.oidc_rp.impl.OidcConnectionImpl" \ + http://localhost:8080/system/console/configMgr/org.apache.sling.servlets.oidc_rp.impl.OidcConnectionImpl~keycloak-dev +``` + +Now you can + +- access KeyCloak on http://localhost:8081 +- access Sling on http://localhost:8080 +- start the OIDC login process on http://localhost:8080/system/sling/oidc/entry-point?c=keycloak-dev + #### Keycloak ##### Use existing test files
