WIP

Gemfile

@@ -9,7 +9,5 @@ gem 'triple_eye_effable', git: 'https://github.com/performant-software/triple-ey
 gem 'user_defined_fields', git: 'https://github.com/performant-software/user-defined-fields.git', tag: 'v0.1.12'
 gem 'sqlite3'
 
-gem 'keycloak', '~> 3.3'
-
 # Specify your gem's dependencies in core_data_connector.gemspec.
 gemspec

Gemfile.lock

@@ -53,7 +53,6 @@ PATH
       fuzzy_dates
       jwt (~> 2.7.1)
       jwt_auth
-      keycloak (~> 3.3)
       rack-cors (~> 2.0.1)
       rails (>= 6.0.3.2, < 8)
       resource_api
@@ -140,7 +139,6 @@ GEM
     concurrent-ruby (1.2.2)
     crass (1.0.6)
     date (3.3.3)
-    domain_name (0.6.20240107)
     erubi (1.12.0)
     ethon (0.16.0)
       ffi (>= 1.15.0)
@@ -149,20 +147,12 @@ GEM
     ffi (1.15.5)
     globalid (1.1.0)
       activesupport (>= 5.0)
-    http-accept (1.7.0)
-    http-cookie (1.0.8)
-      domain_name (~> 0.5)
     httparty (0.20.0)
       mime-types (~> 3.0)
       multi_xml (>= 0.5.2)
     i18n (1.14.1)
       concurrent-ruby (~> 1.0)
-    json (2.9.1)
     jwt (2.7.1)
-    keycloak (3.3.0)
-      json (~> 2.6)
-      jwt (~> 2.4)
-      rest-client (~> 2.1)
     loofah (2.21.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
@@ -188,7 +178,6 @@ GEM
       timeout
     net-smtp (0.3.3)
       net-protocol
-    netrc (0.11.0)
     nio4r (2.5.9)
     nokogiri (1.15.3-arm64-darwin)
       racc (~> 1.4)
@@ -234,11 +223,6 @@ GEM
       thor (~> 1.0)
       zeitwerk (~> 2.5)
     rake (13.0.6)
-    rest-client (2.1.0)
-      http-accept (>= 1.7.0, < 2.0)
-      http-cookie (>= 1.0.2, < 2.0)
-      mime-types (>= 1.16, < 4.0)
-      netrc (~> 0.8)
     rexml (3.2.6)
     rgeo (3.0.0)
     rgeo-activerecord (7.0.1)
@@ -265,14 +249,14 @@ GEM
 
 PLATFORMS
   arm64-darwin-22
+  arm64-darwin-24
   x86_64-darwin-19
 
 DEPENDENCIES
   core_data_connector!
   faker (~> 3.2.1)
   fuzzy_dates!
   jwt_auth!
-  keycloak (~> 3.3)
   resource_api!
   sqlite3
   triple_eye_effable!

app/controllers/core_data_connector/authentication_controller.rb

@@ -1,13 +1,33 @@
+require 'typhoeus'
+
 module CoreDataConnector
   class AuthenticationController < ApplicationController
-    # No user authentication
-    skip_before_action :authenticate_request
-    before_action :bypass_authorization
+    def login
+      base_url = 'https://keycloak.archivengine.com/realms/core-data/protocol/openid-connect/token'
 
-    puts 'hi'
+      form_data = {
+        code: request.params['code'],
+        client_id: ENV['SSO_CLIENT_ID'],
+        client_secret: ENV['SSO_CLIENT_SECRET'],
+        grant_type: 'authorization_code',
+        redirect_uri: request.original_url.split('?')[0]
+      }
 
-    def login
-      render json: { motd: 'hello' }
+      token_req = Typhoeus::Request.new(
+        base_url,
+        headers: {'Content-Type'=> "application/x-www-form-urlencoded"},
+        method: :post,
+        body: form_data
+      )
+
+      token_res = token_req.run
+
+      puts token_res.body
+
+      # backend authentication logic goes here
+
+      # redirect_to ENV['SSO_REDIRECT_URL']
+      render json: token_res.body
     end
   end
 end

config/routes.rb

@@ -7,6 +7,5 @@
   extend Public::V0
   extend Public::V1
 
-  post 'auth/login', to: 'authentication#login'
-  post 'auth/sso', to: 'authentication#sso'
+  get 'auth/sso/callback', to: 'authentication#login'
 end

core_data_connector.gemspec

@@ -32,5 +32,4 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'triple_eye_effable'
   spec.add_dependency 'typesense', '~> 0.14'
   spec.add_dependency 'typhoeus', '~> 1.4'
-  spec.add_dependency 'keycloak', '~> 3.3'
 end

lib/core_data_connector/engine.rb

@@ -1,5 +1,3 @@
-require 'keycloak'
-
 module CoreDataConnector
   class Engine < ::Rails::Engine
     isolate_namespace CoreDataConnector
@@ -29,22 +27,5 @@ class Engine < ::Rails::Engine
         config.project_id = ENV['IIIF_CLOUD_PROJECT_ID']
       end
     end
-
-    initializer :keycloak do
-      # If true, then all request exception will explode in application (this is the default value)
-      Keycloak.generate_request_exception = true
-      # controller that manage the user session
-      Keycloak.keycloak_controller = 'session'
-      # realm name (only if the installation file is not present)
-      Keycloak.realm = ENV['KEYCLOAK_REALM_ID']
-      # realm url (only if the installation file is not present)
-      Keycloak.auth_server_url = ENV['KEYCLOAK_SERVER_URL']
-      # The introspect of the token will be executed every time the Keycloak::Client.has_role? method is invoked, if this setting is set to true.
-      Keycloak.validate_token_when_call_has_role = false
-      # secret (only if  the installation file is not present)
-      Keycloak.secret = ENV['KEYCLOAK_SECRET']
-      # resource (client_id, only if the installation file is not present)
-      Keycloak.resource = ENV['KEYCLOAK_CLIENT_ID']
-    end
   end
 end