From 482e4d88078051fb0aab9e598ee1fa205f85e854 Mon Sep 17 00:00:00 2001
From: Christoph Reiter <reiter.christoph@gmail.com>
Date: Thu, 18 Nov 2021 12:27:36 +0100
Subject: [PATCH] Clean up the auth bundle config

Remove everything not strictly needed and avoid using "keycloak"
unless required, since we want to support other ODIC servers in the long
run as well.
---
 .env                                | 18 +++++++-----------
 config/packages/dbp_relay_auth.yaml | 14 +++++---------
 2 files changed, 12 insertions(+), 20 deletions(-)

diff --git a/.env b/.env
index 8540d28..aac9733 100644
--- a/.env
+++ b/.env
@@ -16,17 +16,13 @@
 APP_ENV=dev
 APP_SECRET=
 
-# KEYCLOAK
-KEYCLOAK_SERVER_URL=https://auth.your-server/auth
-KEYCLOAK_REALM=your-realm
-KEYCLOAK_FRONTEND_CLIENT_ID=your-client-id
-# If not empty gets used to check if the access token got issued
-# for this audience ('api-gw' for example)
-KEYCLOAK_AUDIENCE=api-gw
-# Set to true to enable remote access token validation
-KEYCLOAK_REMOTE_VALIDATION=false
-KEYCLOAK_CLIENT_ID=
-KEYCLOAK_CLIENT_SECRET=
+# Auth related
+AUTH_SERVER_URL=https://auth.your-server/auth/realms/your-realm
+# (optional) This allows you to log into the auto generated OpenAPI documentation page
+# which you can see when visiting the server with a browser. Leave empty to disable.
+AUTH_APIDOCS_KEYCLOAK_SERVER=https://auth.your-server/auth
+AUTH_APIDOCS_KEYCLOAK_REALM=your-realm
+AUTH_APIDOCS_KEYCLOAK_CLIENT_ID=api-docs-client-id
 
 # Deployment related
 API_BUILDINFO=unknown  # a git hash or something identifying the build
diff --git a/config/packages/dbp_relay_auth.yaml b/config/packages/dbp_relay_auth.yaml
index 457663c..786d7ba 100644
--- a/config/packages/dbp_relay_auth.yaml
+++ b/config/packages/dbp_relay_auth.yaml
@@ -1,10 +1,6 @@
 dbp_relay_auth:
-  server_url: '%env(KEYCLOAK_SERVER_URL)%/realms/%env(KEYCLOAK_REALM)%'
-  # Remote validation
-  remote_validation: '%env(bool:KEYCLOAK_REMOTE_VALIDATION)%'
-  remote_validation_id: '%env(KEYCLOAK_CLIENT_ID)%'
-  remote_validation_secret: '%env(KEYCLOAK_CLIENT_SECRET)%'
-  # Frontend
-  frontend_keycloak_server: '%env(KEYCLOAK_SERVER_URL)%'
-  frontend_keycloak_realm: '%env(KEYCLOAK_REALM)%'
-  frontend_keycloak_client_id: '%env(KEYCLOAK_FRONTEND_CLIENT_ID)%'
+  server_url: '%env(AUTH_SERVER_URL)%'
+  # OpenAPI Docs Keycloak Settings
+  frontend_keycloak_server: '%env(AUTH_APIDOCS_KEYCLOAK_SERVER)%'
+  frontend_keycloak_realm: '%env(AUTH_APIDOCS_KEYCLOAK_REALM)%'
+  frontend_keycloak_client_id: '%env(AUTH_APIDOCS_KEYCLOAK_CLIENT_ID)%'
\ No newline at end of file
-- 
GitLab