Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apply web application that can make authentication requests with user token #16488

Merged
merged 12 commits into from
Apr 8, 2020
Merged

Apply web application that can make authentication requests with user token #16488

merged 12 commits into from
Apr 8, 2020

Conversation

vinokurig
Copy link
Contributor

@vinokurig vinokurig commented Mar 30, 2020
edited
Loading

What does this PR do?

Currently oAuth requests are not allowed to use machine token, so this web app loads a keycloak token on start and opens the oauth authenticate popup with the help of the keycloak token. If we need to get the oauth provider's token the web app send a user token to the window which opened the app. Then the client that opened the app will receive a user token which can be used for other oAuth requests like getToken().

How to test:

  1. Setup a github oauth client: https://developer.github.com/apps/building-oauth-apps/creating-an-oauth-app
  2. Setup a github identity in the keycloak admin page.
  • Paste the client id and client secret from the gihub oauth app.
  • Paste the redirect url to the github oauth app.

screenshot-keycloak-che 192 168 99 254 nip io-2020 03 30-15_16_25
2. open the web app by url <che-url>/_app/oauth.html?oauth_provider=github

What issues does this PR fix or reference?

#15261

Release Notes

Docs PR

@vinokurig
Apply web application that can make authentication requests with user…
f6c41d0 
… token

Signed-off-by: Igor Vinokur <ivinokur@redhat.com>
@che-bot che-bot added status/code-review This issue has a pull request posted for it and is awaiting code review completion by the community. kind/enhancement A feature request - must adhere to the feature request template. labels Mar 30, 2020
@che-bot
Copy link
Contributor

che-bot commented Mar 30, 2020

✅ E2E Happy path tests succeed 🎉

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)

@che-bot
Copy link
Contributor

che-bot commented Mar 31, 2020

❌ E2E Happy path tests failed ❗

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)

⚠️ https://github.com/orgs/eclipse/teams/eclipse-che-qa please check this report.

ℹ️ Use comment "crw-ci-test" to rerun happy path E2E test.

skabashnyuk
skabashnyuk reviewed Mar 31, 2020
View reviewed changes
assembly/assembly-root-war/src/main/webapp/_app/oauthLoader.js
}

function sendToken(token) {
if (window.opener) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it would be reasonable to check if window.opener points to the workspace that belongs to the current user.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't read the opener's url. It is blocked by browser restrictions:

Exception: DOMException: Blocked a frame with origin "http://che-che.192.168.99.253.nip.io" from accessing a cross-origin frame. at sendToken (http://che-che.192.168.99.253.nip.io/_app/oauthLoader.js:86:26)<error: SecurityError: Blocked a frame with origin "http://che-che.192.168.99.253.nip.io" from accessing a cross-origin frame.<error> at http://che-che.192.168.99.253.nip.io/_app/oauthLoader.js:132:13]

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a check that compares machine token received from parent window and the keycloak token: https://github.com/eclipse/che/blob/2e31d1208863509be770d0ce8cee91dcedf18025/assembly/assembly-root-war/src/main/webapp/_app/oauthLoader.js#L123-L143

@che-bot
Copy link
Contributor

che-bot commented Apr 1, 2020

✅ E2E Happy path tests succeed 🎉

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)

@vinokurig vinokurig mentioned this pull request Apr 1, 2020
Merged
@ericwill ericwill mentioned this pull request Apr 1, 2020
Closed
47 tasks
This was referenced Apr 2, 2020
Closed
Merged
@che-bot
Copy link
Contributor

che-bot commented Apr 2, 2020

✅ E2E Happy path tests succeed 🎉

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)

@che-bot
Copy link
Contributor

che-bot commented Apr 3, 2020

✅ E2E Happy path tests succeed 🎉

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)

@che-bot
Copy link
Contributor

che-bot commented Apr 8, 2020

❌ E2E Happy path tests failed ❗

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)

⚠️ https://github.com/orgs/eclipse/teams/eclipse-che-qa please check this report.

ℹ️ Use comment "crw-ci-test" to rerun happy path E2E test.

@vinokurig
Copy link
Contributor Author

crw-ci-test

@che-bot
Copy link
Contributor

che-bot commented Apr 8, 2020

❌ E2E Happy path tests failed ❗

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)

⚠️ https://github.com/orgs/eclipse/teams/eclipse-che-qa please check this report.

ℹ️ Use comment "crw-ci-test" to rerun happy path E2E test.

@che-bot
Copy link
Contributor

che-bot commented Apr 8, 2020

❌ E2E Happy path tests failed ❗

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)

⚠️ https://github.com/orgs/eclipse/teams/eclipse-che-qa please check this report.

ℹ️ Use comment "crw-ci-test" to rerun happy path E2E test.

@vinokurig vinokurig merged commit 5c20e0e into master Apr 8, 2020
@vinokurig vinokurig deleted the che-15261 branch April 8, 2020 08:48
@che-bot che-bot removed the status/code-review This issue has a pull request posted for it and is awaiting code review completion by the community. label Apr 8, 2020
@vinokurig vinokurig mentioned this pull request Apr 17, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skabashnyuk skabashnyuk skabashnyuk approved these changes

@ibuziuk ibuziuk Awaiting requested review from ibuziuk

@l0rd l0rd Awaiting requested review from l0rd

@mshaposhnik mshaposhnik Awaiting requested review from mshaposhnik

@nickboldt nickboldt Awaiting requested review from nickboldt

@rhopp rhopp Awaiting requested review from rhopp

@sleshchenko sleshchenko Awaiting requested review from sleshchenko

Assignees
No one assigned
Labels
kind/enhancement A feature request - must adhere to the feature request template.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vinokurig @che-bot @skabashnyuk