keycloak: Add web origins to swh-web client in staging realm
It enables CORS between Software Heritage web applications (GraphiQL client for instance) and Keycloak server when using the swh-web client.
octo-diff kelvingrove
(swh) ✔ ~/swh/puppet-environment [master|✔] 11:11 $ ./bin/octocatalog-diff --to staging kelvingrove.internal.softwareheritage.org Found host kelvingrove.internal.softwareheritage.org Cloning into '/tmp/swh-ocd.ZRvdgWg4/environments/production/data/private'... done. Cloning into '/tmp/swh-ocd.ZRvdgWg4/environments/staging/data/private'... done. *** Running octocatalog-diff on host kelvingrove.internal.softwareheritage.org I, [2023-03-15T11:12:02.285259 #1652235] INFO -- : Catalogs compiled for kelvingrove.internal.softwareheritage.org I, [2023-03-15T11:12:02.685991 #1652235] INFO -- : Diffs computed for kelvingrove.internal.softwareheritage.org diff origin/production/kelvingrove.internal.softwareheritage.org current/kelvingrove.internal.softwareheritage.org ******************************************* Keycloak_client[swh-web on SoftwareHeritageStaging] => parameters => web_origins => + ["https://webapp.staging.swh.network", "https://webapp.internal.staging.swh.network"] ******************************************* *** End octocatalog-diff on kelvingrove.internal.softwareheritage.org
Related to swh/devel/swh-graphql#4652, swh/devel/swh-graphql!128 (merged)
On a related note, would it be an issue to also add development server URLs (http://localhost:5004
, http://localhost:5013
)
as redirect_uris
and web_origins
for the client in the staging realm to ease authentication testing ?
Merge request reports
Activity
I believe i need to do the same for webapp1 instance [1] in the SoftwareHeritage realm, right? (regarding the link to connect in keycloak in that webapp instance which currently does not work).
Edited by Antoine R. Dumont
added 4 commits
-
81db9c47...f9ed4b10 - 3 commits from branch
swh/infra/puppet:production
- b91f8103 - keycloak: Add web origins to swh-web client in staging realm
-
81db9c47...f9ed4b10 - 3 commits from branch
On a related note, would it be an issue to also add development server URLs (http://localhost:5004, http://localhost:5013) as redirect_uris and web_origins for the client in the staging realm to ease authentication testing ?
After discussing it a bit, we decided best to create another, separate keycloak client on the staging realm for swh-web development, which will avoid the (narrow) possibility of hijacking sessions from the real swh-web client.