XQuery scripts to create d4science OIDC clients on keycloak
This commit is contained in:
vcestone
commit
42a4fa05d6
|
|
@ -0,0 +1,33 @@
|
|||
|
||||
import module namespace c = 'urn:nubisware:keycloak:clients' at 'keycloak-clients.xqm';
|
||||
import module namespace gw = 'urn:nubisware:d4science:gateways' at 'd4s-gateways.xqm';
|
||||
|
||||
|
||||
declare function local:build-clientId($gateway) {
|
||||
replace($gateway, 'https://', '')
|
||||
};
|
||||
|
||||
declare function local:build-client-def($gateway) {
|
||||
let $clientId := local:build-clientId($gateway)
|
||||
let $baseUrl := $gateway || '/'
|
||||
let $redirectUri := $gateway || '/*'
|
||||
let $login_theme := "d4science"
|
||||
return map {
|
||||
"clientId" : $clientId,
|
||||
"baseUrl" : $baseUrl,
|
||||
"redirectUri" : $redirectUri,
|
||||
"login_theme" : $login_theme
|
||||
}
|
||||
};
|
||||
|
||||
let $dummy := ''
|
||||
|
||||
(: delete all clients
|
||||
gw:list() ! c:delete-client(local:build-clientId(.))
|
||||
:)
|
||||
|
||||
(: add all clients
|
||||
gw:list() ! c:create-client(local:build-client-def(.))
|
||||
:)
|
||||
|
||||
return gw:list() ! c:create-client(local:build-client-def(.))
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
module namespace gw = 'urn:nubisware:d4science:gateways';
|
||||
|
||||
declare variable $gw:url := 'https://services.d4science.org/thematic-gateways';
|
||||
|
||||
|
||||
declare function gw:list() {
|
||||
let $req := <http:request method="get" />
|
||||
return http:send-request($req, $gw:url)//a[@class='entry-link']/@href/data() ! replace(., '/explore', '')
|
||||
};
|
||||
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
|
||||
http:send-request(<http:request href="https://services.d4science.org/thematic-gateways" method="get" />)//a[@class='entry-link']/@href/data() ! replace(., '/explore', '')
|
||||
|
|
@ -0,0 +1,91 @@
|
|||
module namespace c = 'urn:nubisware:keycloak:clients';
|
||||
|
||||
declare variable $c:keycloak-url := 'http://localhost:8080';
|
||||
declare variable $c:token-url := '/auth/realms/master/protocol/openid-connect/token';
|
||||
declare variable $c:clients-url := '/auth/admin/realms/test/clients';
|
||||
|
||||
|
||||
declare function c:get-token() {
|
||||
let $url := $c:keycloak-url || $c:token-url
|
||||
|
||||
let $form-params := map {
|
||||
'grant_type': 'password',
|
||||
'client_id': 'admin-cli',
|
||||
'username': 'admin',
|
||||
'password': 'admin'
|
||||
}
|
||||
|
||||
let $body := substring(web:create-url('', $form-params), 2)
|
||||
|
||||
let $http-req :=
|
||||
<http:request method="GET">
|
||||
<http:body media-type="application/x-www-form-urlencoded"/>
|
||||
</http:request>
|
||||
|
||||
let $token := http:send-request($http-req, $url, $body)[2]//access__token/data()
|
||||
return $token
|
||||
};
|
||||
|
||||
|
||||
declare function c:create-client($params) {
|
||||
let $client-def := ``[
|
||||
{
|
||||
"clientId": "`{$params?clientId}`",
|
||||
"baseUrl": "`{$params?baseUrl}`",
|
||||
"enabled": true,
|
||||
"clientAuthenticatorType": "client-secret",
|
||||
"redirectUris": [
|
||||
"`{$params?redirectUri}`"
|
||||
],
|
||||
"webOrigins": [
|
||||
"/*"
|
||||
],
|
||||
"standardFlowEnabled": true,
|
||||
"directAccessGrantsEnabled": true,
|
||||
"publicClient": true,
|
||||
"protocol": "openid-connect",
|
||||
"attributes": {
|
||||
"login_theme": "`{$params?login_theme}`"
|
||||
},
|
||||
"fullScopeAllowed": true
|
||||
}
|
||||
]``
|
||||
|
||||
let $token := c:get-token()
|
||||
let $url := $c:keycloak-url || $c:clients-url
|
||||
|
||||
let $http-req :=
|
||||
<http:request method="POST">
|
||||
<http:header name="Authorization" value="Bearer {$token}"/>
|
||||
<http:body media-type="application/json"/>
|
||||
</http:request>
|
||||
|
||||
let $resp := http:send-request($http-req, $url, $client-def)
|
||||
|
||||
return $params?clientId || ' : ' || $resp[1]/@status/data() || ' ' || $resp[1]/@message/data()
|
||||
};
|
||||
|
||||
|
||||
declare function c:delete-client($clientId) {
|
||||
let $token := c:get-token()
|
||||
let $url := $c:keycloak-url || $c:clients-url
|
||||
|
||||
let $geturl := web:create-url($url, map { "clientId" : $clientId })
|
||||
let $http-req :=
|
||||
<http:request method="GET">
|
||||
<http:header name="Authorization" value="Bearer {$token}"/>
|
||||
</http:request>
|
||||
|
||||
let $resp := http:send-request($http-req, $geturl)
|
||||
let $id := $resp[2]/json/_[clientId=$clientId]/id/data()
|
||||
|
||||
return if ($id) then
|
||||
let $delurl := $url || '/' || $id
|
||||
let $http-req :=
|
||||
<http:request method="DELETE">
|
||||
<http:header name="Authorization" value="Bearer {$token}"/>
|
||||
</http:request>
|
||||
|
||||
let $resp := http:send-request($http-req, $delurl)
|
||||
return $clientId || ' : ' || $resp[1]/@status/data() || ' ' || $resp[1]/@message/data()
|
||||
};
|
||||
Loading…
Reference in New Issue