From a9b9876820344b0b1cd9630d859900b5fc37e3ba Mon Sep 17 00:00:00 2001
From: cs4alhaider <cs.alhaider@gmail.com>
Date: Sat, 9 Nov 2024 22:01:53 +0300
Subject: [PATCH 1/4] Clarify OpenID base URL usage in Docker environments
---
fastapi_keycloak_middleware/setup.py | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/fastapi_keycloak_middleware/setup.py b/fastapi_keycloak_middleware/setup.py
index 3926947..547ddb3 100644
--- a/fastapi_keycloak_middleware/setup.py
+++ b/fastapi_keycloak_middleware/setup.py
@@ -30,6 +30,7 @@ def setup_keycloak_middleware( # pylint: disable=too-many-arguments
| None = None,
add_exception_response: bool = True,
add_swagger_auth: bool = False,
+ openId_base_url: str | None = None,
swagger_auth_scopes: typing.List[str] | None = None,
swagger_auth_pkce: bool = True,
swagger_scheme_name: str = "keycloak-openid",
@@ -66,6 +67,22 @@ def setup_keycloak_middleware( # pylint: disable=too-many-arguments
:param add_swagger_auth: Whether to add OpenID Connect authentication to the OpenAPI
schema. Defaults to False.
:type add_swagger_auth: bool, optional
+ :param openId_base_url: Base URL for the OpenID Connect configuration that will be used
+ by the Swagger UI. This parameter allows you to specify a different base URL than
+ the one in keycloak_configuration.url. This is particularly useful in Docker
+ container scenarios where the internal and external URLs differ.
+
+ For example, inside a Docker container network, Keycloak's OpenID configuration
+ endpoint might be available at:
+ http://host.docker.internal:8080/auth/realms/master/.well-known/openid-configuration
+
+ However, external clients like Swagger UI cannot resolve host.docker.internal.
+ In this case, you would set:
+ - keycloak_configuration.url = "http://host.docker.internal:8080" (for internal communication)
+ - openId_base_url = "http://localhost:8080" (for Swagger UI access)
+
+ If not specified, defaults to using keycloak_configuration.url.
+ :type openId_base_url: str, optional
:param swagger_auth_scopes: Scopes to use for the Swagger UI authentication.
Defaults to ['openid', 'profile'].
:type swagger_auth_scopes: typing.List[str], optional
@@ -117,7 +134,7 @@ def setup_keycloak_middleware( # pylint: disable=too-many-arguments
if add_swagger_auth:
suffix = "/.well-known/openid-configuration"
security_scheme = OpenIdConnect(
- openIdConnectUrl=f"{keycloak_configuration.url}realms/{keycloak_configuration.realm}{suffix}",
+ openIdConnectUrl=f"{openId_base_url or keycloak_configuration.url}/realms/{keycloak_configuration.realm}{suffix}",
scheme_name=swagger_scheme_name,
auto_error=False,
)
From d3392dc4becd2be94a30318056bd9fbbf2c9d75d Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
<66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Sat, 9 Nov 2024 19:19:39 +0000
Subject: [PATCH 2/4] [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
---
fastapi_keycloak_middleware/setup.py | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/fastapi_keycloak_middleware/setup.py b/fastapi_keycloak_middleware/setup.py
index 547ddb3..fed5e7d 100644
--- a/fastapi_keycloak_middleware/setup.py
+++ b/fastapi_keycloak_middleware/setup.py
@@ -67,22 +67,22 @@ def setup_keycloak_middleware( # pylint: disable=too-many-arguments
:param add_swagger_auth: Whether to add OpenID Connect authentication to the OpenAPI
schema. Defaults to False.
:type add_swagger_auth: bool, optional
- :param openId_base_url: Base URL for the OpenID Connect configuration that will be used
- by the Swagger UI. This parameter allows you to specify a different base URL than
- the one in keycloak_configuration.url. This is particularly useful in Docker
+ :param openId_base_url: Base URL for the OpenID Connect configuration that will be used
+ by the Swagger UI. This parameter allows you to specify a different base URL than
+ the one in keycloak_configuration.url. This is particularly useful in Docker
container scenarios where the internal and external URLs differ.
- For example, inside a Docker container network, Keycloak's OpenID configuration
+ For example, inside a Docker container network, Keycloak's OpenID configuration
endpoint might be available at:
http://host.docker.internal:8080/auth/realms/master/.well-known/openid-configuration
- However, external clients like Swagger UI cannot resolve host.docker.internal.
+ However, external clients like Swagger UI cannot resolve host.docker.internal.
In this case, you would set:
- keycloak_configuration.url = "http://host.docker.internal:8080" (for internal communication)
- openId_base_url = "http://localhost:8080" (for Swagger UI access)
If not specified, defaults to using keycloak_configuration.url.
- :type openId_base_url: str, optional
+ :type openId_base_url: str, optional
:param swagger_auth_scopes: Scopes to use for the Swagger UI authentication.
Defaults to ['openid', 'profile'].
:type swagger_auth_scopes: typing.List[str], optional
From 96278225eb17eb691cd207b68a50ea4e03781f78 Mon Sep 17 00:00:00 2001
From: cs4alhaider <cs.alhaider@gmail.com>
Date: Sat, 9 Nov 2024 22:36:20 +0300
Subject: [PATCH 3/4] adding docs
---
docs/usage.rst | 3 ++-
fastapi_keycloak_middleware/setup.py | 17 ++++++++++-------
2 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/docs/usage.rst b/docs/usage.rst
index ea66300..917e4ae 100644
--- a/docs/usage.rst
+++ b/docs/usage.rst
@@ -220,8 +220,9 @@ separate client is then configured using the :code:`swagger_client_id` paramete
add_swagger_auth=True
)
-There are three more parameters that can be used to customize the Swagger UI integration:
+There are four more parameters that can be used to customize the Swagger UI integration:
+* :code:`swagger_openId_base_url` - The base URL for the OpenID Connect configuration that will be used by the Swagger UI. It is explained in this :issue:`65`. This parameter allows you to specify a different base URL than the one in keycloak_configuration.url. This is particularly useful in Docker container scenarios where the internal and external URLs differ. Defaults to using the keycloak_configuration.url.
* :code:`swagger_auth_scopes` - The scopes that should be selected by default when hitting the Authorize button in Swagger UI. Defaults to :code:`['openid', 'profile']`
* :code:`swagger_auth_pkce` - Whether to use PKCE for the Swagger UI client. Defaults to :code:`True`. It is recommended to use Authorization Code Flow with PKCE for public clients instead of implicit flow. In Keycloak, this flow is called "Standard flow"
* :code:`swagger_scheme_name` - The name of the OpenAPI security scheme. Usually there is no need to change this.
diff --git a/fastapi_keycloak_middleware/setup.py b/fastapi_keycloak_middleware/setup.py
index 547ddb3..97740f4 100644
--- a/fastapi_keycloak_middleware/setup.py
+++ b/fastapi_keycloak_middleware/setup.py
@@ -30,7 +30,7 @@ def setup_keycloak_middleware( # pylint: disable=too-many-arguments
| None = None,
add_exception_response: bool = True,
add_swagger_auth: bool = False,
- openId_base_url: str | None = None,
+ swagger_openId_base_url: str | None = None,
swagger_auth_scopes: typing.List[str] | None = None,
swagger_auth_pkce: bool = True,
swagger_scheme_name: str = "keycloak-openid",
@@ -67,7 +67,7 @@ def setup_keycloak_middleware( # pylint: disable=too-many-arguments
:param add_swagger_auth: Whether to add OpenID Connect authentication to the OpenAPI
schema. Defaults to False.
:type add_swagger_auth: bool, optional
- :param openId_base_url: Base URL for the OpenID Connect configuration that will be used
+ :param swagger_openId_base_url: Base URL for the OpenID Connect configuration that will be used
by the Swagger UI. This parameter allows you to specify a different base URL than
the one in keycloak_configuration.url. This is particularly useful in Docker
container scenarios where the internal and external URLs differ.
@@ -78,11 +78,13 @@ def setup_keycloak_middleware( # pylint: disable=too-many-arguments
However, external clients like Swagger UI cannot resolve host.docker.internal.
In this case, you would set:
- - keycloak_configuration.url = "http://host.docker.internal:8080" (for internal communication)
- - openId_base_url = "http://localhost:8080" (for Swagger UI access)
+ - keycloak_configuration.url:
+ -- "http://host.docker.internal:8080" (for internal communication)
+ - swagger_openId_base_url:
+ -- "http://localhost:8080" (for Swagger UI access)
If not specified, defaults to using keycloak_configuration.url.
- :type openId_base_url: str, optional
+ :type swagger_openId_base_url: str, optional
:param swagger_auth_scopes: Scopes to use for the Swagger UI authentication.
Defaults to ['openid', 'profile'].
:type swagger_auth_scopes: typing.List[str], optional
@@ -132,9 +134,10 @@ def setup_keycloak_middleware( # pylint: disable=too-many-arguments
# Add OpenAPI schema
if add_swagger_auth:
- suffix = "/.well-known/openid-configuration"
+ suffix = ".well-known/openid-configuration"
+ openId_base_url = swagger_openId_base_url or keycloak_configuration.url
security_scheme = OpenIdConnect(
- openIdConnectUrl=f"{openId_base_url or keycloak_configuration.url}/realms/{keycloak_configuration.realm}{suffix}",
+ openIdConnectUrl=f"{openId_base_url}/realms/{keycloak_configuration.realm}/{suffix}",
scheme_name=swagger_scheme_name,
auto_error=False,
)
From e5c5768cff7e25cd2388845610798591632d2a92 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
<66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Sat, 9 Nov 2024 19:38:54 +0000
Subject: [PATCH 4/4] [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
---
fastapi_keycloak_middleware/setup.py | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/fastapi_keycloak_middleware/setup.py b/fastapi_keycloak_middleware/setup.py
index 5174b7c..c68912d 100644
--- a/fastapi_keycloak_middleware/setup.py
+++ b/fastapi_keycloak_middleware/setup.py
@@ -67,9 +67,9 @@ def setup_keycloak_middleware( # pylint: disable=too-many-arguments
:param add_swagger_auth: Whether to add OpenID Connect authentication to the OpenAPI
schema. Defaults to False.
:type add_swagger_auth: bool, optional
- :param swagger_openId_base_url: Base URL for the OpenID Connect configuration that will be used
- by the Swagger UI. This parameter allows you to specify a different base URL than
- the one in keycloak_configuration.url. This is particularly useful in Docker
+ :param swagger_openId_base_url: Base URL for the OpenID Connect configuration that will be used
+ by the Swagger UI. This parameter allows you to specify a different base URL than
+ the one in keycloak_configuration.url. This is particularly useful in Docker
container scenarios where the internal and external URLs differ.
For example, inside a Docker container network, Keycloak's OpenID configuration
@@ -78,13 +78,13 @@ def setup_keycloak_middleware( # pylint: disable=too-many-arguments
However, external clients like Swagger UI cannot resolve host.docker.internal.
In this case, you would set:
- - keycloak_configuration.url:
+ - keycloak_configuration.url:
-- "http://host.docker.internal:8080" (for internal communication)
- - swagger_openId_base_url:
+ - swagger_openId_base_url:
-- "http://localhost:8080" (for Swagger UI access)
If not specified, defaults to using keycloak_configuration.url.
- :type swagger_openId_base_url: str, optional
+ :type swagger_openId_base_url: str, optional
:param swagger_auth_scopes: Scopes to use for the Swagger UI authentication.
Defaults to ['openid', 'profile'].
:type swagger_auth_scopes: typing.List[str], optional