Re: [I] [Improvement] Support login with grant_type=authorization_code, when Gravitino use OAuth as authenticator [gravitino]

Mon, 10 Mar 2025 23:32:45 -0700 


danhuawang commented on issue #5875:
URL: https://github.com/apache/gravitino/issues/5875#issuecomment-2712824449

   > > Any updates on this? I'd like to be able to use Keycloak with Gravitino.
   > 
   > This isn't a blocker for using Keycloak with Gravitino. 
[@danhuawang](https://github.com/danhuawang) can share some experience about 
Keycloak.
   
   Currently we can use Keycloak with Gravitino on API level, the following 
configuration items are required in gravitino.conf file:
   ```
   gravitino.authenticators = {{ .Values.authenticators }}
   gravitino.authenticator.oauth.serviceAudience = {{ 
.Values.authenticator.oauth.serviceAudience }}
   gravitino.authenticator.oauth.defaultSignKey = {{ 
.Values.authenticator.oauth.defaultSignKey }}
   gravitino.authenticator.oauth.serverUri = {{ 
.Values.authenticator.oauth.serverUri }}
   gravitino.authenticator.oauth.tokenPath = {{ 
.Values.authenticator.oauth.tokenPath }}
   ```
   
   The grant_type "password" is supported, I checked get token by the following 
way:
   
   ```
     public static String getAccessToken(String username, String password) {
       // Define the Keycloak token endpoint URL
       String url = BASE_URL + TOKEN_ENDPOINT;
   
       // Create a map of form parameters
       Map<String, String> formParams = new HashMap<>();
       formParams.put("grant_type", "password");
       formParams.put("client_id", CLIENT_ID);
       formParams.put("client_secret", CLIENT_SECRET); // Remove if not using a 
confidential client
       formParams.put("username", username);
       formParams.put("password", password);
       formParams.put("scope", SCOPE);
   
       // Make the POST request
       Response response =
           SerenityRest.given()
               .relaxedHTTPSValidation() // Skip SSL validation if needed
               .contentType("application/x-www-form-urlencoded")
               .formParams(formParams)
               .post(url.replace("{realm}", REALM));
   
       // Validate response and extract token
       if (response.statusCode() == 200) {
         return response.jsonPath().getString("access_token");
       } else {
         throw new RuntimeException(
             "Failed to get access token for user " + username + ". Response: " 
+ response.asString());
       }
     }
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@gravitino.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to