Skip to content

DEICH-6397 - moved local dev to .local domain + some keycloak tweaks

Tom Adam requested to merge DEICH-6397-TK+Euler-keycloak into master

DEICH-6397 - Tjenestekatalog keycloak integration

Added wrapper (KeycloakWrapper.js) around keycloak adapter to make usage more convenient:
-KeycloakWrapper::init function to execute SSO aware login (if the session is already alive, the user is not forced to log in again)
-KeycloakWrapper::roles getter to check assigned realm roles (note, the Spring Security  specific "ROLE_" prefix is not needed!)
-KeycloakWrapper::isAuthenticated getter to check login state
-KeycloakWrapper::scopes getter to fetch scopes
-KeycloakWrapper::sessionEnds getter to get the Date object until en idle session is alive
-KeycloakWrapper::sessionTimeRemaining getter to get time remaining until idle session ends ({ min, sec })
-KeycloakWrapper::token function to get an auto-refreshed token. If refresh fails, the user gets logged out.
-KeycloakWrapper::hasRoles function to check realm roles.
-KeycloakWrapper::logout function to log the user out (with or without confirmation)

utils.js was updated to include the bearer token in all calls, thus always refreshing the keycloak session to avoid idle timeout (updated fetchAndThrow).

Updated api.js: bearer token is not included in any callas, utils::fetchAndThrow takes care of it.

Replaced a verbose assortment of stores (loggedInUser, loggedIn, loggedInUserRoles, loggedInUserEmail, loggedInUserIri) with 2 data source:
-loggedInUser storing a DeichUser object (user details+profile data)
-securityStore storing all authentication related stuff (the KeycloakWrapper instance itself)

Eliminated localStorage for stores. Not much point.

Added session timer to show remaining idle session time.

Eliminated authservice.js - KeycloakWrapper took its place.

Improved notification - scroll is taken care of - sticky was not a satisfactory solution, so HTML scroll event handling was needed.

Some code cleanup...

DEICH-6397 - Added borrower role for testing.

Assign it to a user in the admin console to check if the user gets kicked out by Tjenestekatalog.

DEICH-6397 - Euler - DeichmanUser/DeichmanUserWithProfile cleanup

DeichmanUserWithProfile was removed, profile added to DeichmanUser. Reason is that DeichmanUser is not any longer part of Spring Security - it is a simple DTO. Leaving the class in the auth package, since the class is still derived from the security context/keycloak token. See DeichmanUser.fromSecurityContext for details.

DEICH-6397 - Euler - keycloak bearer only setup + TK keycloak tweaks + Oslo SSO integration

DEICH-6397 - moved local dev to .local domain + some keycloak tweaks

Reason: .localhost causes CORS problems in firefox. After .dev was tried, but there is a default redirect to https protocol in the browsers by default, since goggle owns this domain. Thxs. So, .local was chosen for local development.

I.e.: local domains are login.local, tjenester.local. etc...

Merge request reports