Add client_secret to oidc requests #7263

fm3 · 2023-08-14T12:51:57Z

Set up keycloak via docker-compose as described in Add OIDC authentication #6534 (comment) (Note that the admin user in keycloak needs first name, last name, email, which was missing by default when I tried this)
Adapt the client config in the keycloak UI to use Client authentication. A new tab “credentials” appears. Copy the client secret and add it in the application.conf
Also double-check the other values, especially publicKey, take that from Realm Settings → Keys in the keycloak UI
Also set features.openIdConnectEnabled = true in application.conf
Sign up/log in in webknossos using the OIDC button
Should work if client secret is correct, not work otherwise
Should also work if client secret is disabled in keycloak (set to emptystring in application.conf)

normanrz

Nice stuff!

WIP: add client_secret to oidc requests

60ede3f

fm3 self-assigned this Aug 14, 2023

fm3 changed the title ~~WIP: add client_secret to oidc requests~~ Add client_secret to oidc requests Aug 14, 2023

changelog

2d36aa4

fm3 added enhancement backend labels Aug 14, 2023

fm3 marked this pull request as ready for review August 14, 2023 13:18

fm3 requested a review from normanrz August 14, 2023 13:18

normanrz approved these changes Aug 14, 2023

View reviewed changes

fm3 enabled auto-merge (squash) August 14, 2023 13:24

fm3 merged commit 84887cd into master Aug 14, 2023

fm3 deleted the oidc-client-secret branch August 14, 2023 13:31

fm3 mentioned this pull request Aug 16, 2023

Fetch server public key during OIDC auth #7267

Merged

2 tasks

Provide feedback