FIWARE如何从Wirecloud小部件访问KeyRock IdM令牌
[英]FIWARE how to access KeyRock IdM token from Wirecloud widget
问题描述
In the global Wirecloud instance i have a widget which uses the KeystoneAPI mentioned here: https://wirecloud.readthedocs.io/en/stable/development/object_storage_api/ 
在全球的Wirecloud实例中,我有一个使用这里提到的KeystoneAPI的小部件: https ://wirecloud.readthedocs.io/en/stable/development/object_storage_api/
So far so good. 到现在为止还挺好。
However now i want to move to KeyRock for authentication. 但是现在我想转移到KeyRock进行身份验证。 I still want to pass tokens from my wirecloud widget to backend services like the Wilma PEP proxy which is not connected to KeyRock as well. 我仍然想从我的wirecloud小部件传递令牌到后端服务,例如Wilma PEP代理也没有连接到KeyRock。 But the KeystoneAPI seems to be tied to Keystone (hence the name probably). 但是KeystoneAPI似乎与Keystone有关(因此可能就是这个名字)。
Is there a KeyRockAPI accessible from Wirecloud widgets? 是否可以从Wirecloud小部件访问KeyRockAPI? How can a widget obtain the KeyRock OAuth2 token the user logged in with? 小部件如何获取用户登录的KeyRock OAuth2令牌? I cannot find any documentation on this. 我找不到任何关于此的文件。
1 个解决方案
解决方案1
0 已采纳 2016-05-03 16:21:32
WireCloud doesn't allow widgets and operators to read the OAuth2 token assigned to the user, but it provide support for injecting the token into HTTP requests if they go through the WireCloud's proxy. WireCloud不允许小部件和操作员读取分配给用户的OAuth2令牌,但是如果它们通过WireCloud的代理,则它支持将令牌注入HTTP请求。 This injection is controlled by several HTTP headers, this is an example: 这个注入由几个HTTP头控制,这是一个例子:
MashupPlatform.http.makeRequest(url, {
requestHeaders: {
"X-FI-WARE-OAuth-Token": "true",
"X-FI-WARE-OAuth-Header-Name": "X-Auth-Token"
},
...
});
You can find more info about how to use this feature in the FIWARE Academy course , more specifically in the 3.1.8. Accessing third-party services using IdM tokens 您可以在FIWARE学院课程中找到有关如何使用此功能的更多信息,更具体地说,请参阅3.1.8. Accessing third-party services using IdM tokens 3.1.8. Accessing third-party services using IdM tokens section (take into account that this document is the same you pointed in your comments, but in html format ;) ). 3.1.8. Accessing third-party services using IdM tokens部分3.1.8. Accessing third-party services using IdM tokens (考虑到此文档与您在评论中指出的相同,但采用html格式;))。
Answers to the others questions formulated as comments: 对其他问题的答案形成评论:
-
Installed docker containers of KeyRock and Wirecloud, tried out the objectstorage demo widget, which failed to retrieve an authentication token.
安装了KeyRock和Wirecloud的docker容器,尝试了无法检索身份验证令牌的objectstorage demo小部件。 Traced the problem to %idm_token% not being filled in by the python code, presumably in plugins.py because it looks for an AUTHENTICATION_BACKEND of 'fiware' whereas the documentation states to include 'wirecloud.fiware.social_auth_backend.FIWAREOAuth2'. 跟踪问题是%idm_token%没有被python代码填充,可能是在plugins.py中,因为它查找了'fiware'的AUTHENTICATION_BACKEND,而文档声明包含'wirecloud.fiware.social_auth_backend.FIWAREOAuth2'。 I recommend you to create a new question in StackOverflow to tackle this problem.
我建议您在StackOverflow中创建一个新问题来解决此问题。 Please, provide more details on your configuration. 请提供有关配置的更多详细信息。 -
So my authentication token from wirecloud will be bound to that application?
那么我的来自wirecloud的身份验证令牌将绑定到该应用程序? If so, the token is useless to my own application unless i can get a new token for it. 如果是这样,该令牌对我自己的应用程序是无用的,除非我可以获得它的新令牌。 Am i wrong here? 我错了吗? Yeah, the Mashup portal is the application number 17 in the Account portal and the OAuth2 token obtained by WireCloud is bound to that application.
是的,Mashup门户是Account门户中的应用程序编号17,WireCloud获取的OAuth2令牌绑定到该应用程序。 I cannot foresee if that token is useful for your application or not. 我无法预见该令牌是否对您的应用程序有用。 This token can be used for authenticating users, but the IdM limits the returned information (eg roles) depending on the application bounded to the token. 此令牌可用于验证用户,但IdM根据绑定到令牌的应用程序限制返回的信息(例如角色)。 So, evidently, this integration is not perfect, but we are missing some integration features from the IdM to make it more useful. 所以,显然,这种集成并不完美,但我们缺少IdM的一些集成功能,以使其更有用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.