stackoom
  简体   繁体   中英

FIWARE how to access KeyRock IdM token from Wirecloud widget

 原文  2016-04-29 02:09:36       fiware/ fiware-wirecloud

Question

In the global Wirecloud instance i have a widget which uses the KeystoneAPI mentioned here: https://wirecloud.readthedocs.io/en/stable/development/object_storage_api/

So far so good.

However now i want to move to KeyRock for authentication. I still want to pass tokens from my wirecloud widget to backend services like the Wilma PEP proxy which is not connected to KeyRock as well. But the KeystoneAPI seems to be tied to Keystone (hence the name probably).

Is there a KeyRockAPI accessible from Wirecloud widgets? How can a widget obtain the KeyRock OAuth2 token the user logged in with? I cannot find any documentation on this.

1 answers

solution1
 0 ACCPTED  2016-05-03 16:21:32

WireCloud doesn't allow widgets and operators to read the OAuth2 token assigned to the user, but it provide support for injecting the token into HTTP requests if they go through the WireCloud's proxy. This injection is controlled by several HTTP headers, this is an example: 

MashupPlatform.http.makeRequest(url, {
    requestHeaders: {
        "X-FI-WARE-OAuth-Token": "true",
        "X-FI-WARE-OAuth-Header-Name": "X-Auth-Token"
    },
    ...
});

You can find more info about how to use this feature in the FIWARE Academy course , more specifically in the 3.1.8. Accessing third-party services using IdM tokens 3.1.8. Accessing third-party services using IdM tokens section (take into account that this document is the same you pointed in your comments, but in html format ;) ).

Answers to the others questions formulated as comments:

  • Installed docker containers of KeyRock and Wirecloud, tried out the objectstorage demo widget, which failed to retrieve an authentication token. Traced the problem to %idm_token% not being filled in by the python code, presumably in plugins.py because it looks for an AUTHENTICATION_BACKEND of 'fiware' whereas the documentation states to include 'wirecloud.fiware.social_auth_backend.FIWAREOAuth2'.

    I recommend you to create a new question in StackOverflow to tackle this problem. Please, provide more details on your configuration.

  • So my authentication token from wirecloud will be bound to that application? If so, the token is useless to my own application unless i can get a new token for it. Am i wrong here?

    Yeah, the Mashup portal is the application number 17 in the Account portal and the OAuth2 token obtained by WireCloud is bound to that application. I cannot foresee if that token is useful for your application or not. This token can be used for authenticating users, but the IdM limits the returned information (eg roles) depending on the application bounded to the token. So, evidently, this integration is not perfect, but we are missing some integration features from the IdM to make it more useful.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Integration Wirecloud with IDM Keyrock Fiware IDM-Keyrock: How to check if user has some permission(permission_fiware) using keyrock API How to customize or replace OAuth2 login screen in Fiware IdM Keyrock FIWARE-Lab KeyRock Access Token Request error Fiware - How to integrate Keyrock IdM, Wilma PEP Proxy and Orion Context Broker? Obtain Auth-Token from Keyrock Fiware API How can I configure the X-AUTH-TOKEN in the keyrock FIWARE FIWARE Lab, access to wirecloud log Access SCIM API - Keyrock Fiware Fiware Keyrock how to authenticate from python-keystoneclient
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM