Implement keycloak OIDC/OAuth security scheme #87
Description
Keycloak provides a JWT after following the OAuth flow.
The python module (called keycloak) can verify this JWT against the keycloak instance. This verification must be carried out on the HTTP server, while accepting some OIDC configuration.
Rough Steps:
- Define a security scheme called
KeycloakOIDCSecurityScheme. AcceptOIDC_CLIENT_ID,OIDC_SERVER_URL,OIDC_CLIENT_SECRET(usually optional as a valid JWT on its own is authorized),OIDC_REALM_NAMEas configuration parameters. - call the keycloak async JWT verification method. If a user information is returned, execute the request. If not, respond with 401. This should be in the
has_access_controlmethod of theBaseHandler. (We will refactor authentication into a middleware later, the current implementation is not optimal) - integrate it in security definitions of Thing Description. Some information is here: https://www.w3.org/TR/wot-thing-description11/#oauth2securityscheme
- add tests and documentation. One will need a test deployment of keycloak for this. Contact for more information.