Skip to content

CanDIG/pcgl-authz

1 Branch0 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

daisiehdaisieh
add endpoints for create/verify
Mar 25, 2025
31b9b12 · Mar 25, 2025

History

42 Commits
app
app
Mar 25, 2025
.gitignore
.gitignore
Feb 26, 2025
Dockerfile
Dockerfile
Mar 4, 2025
README.md
README.md
Mar 11, 2025
clean.sh
clean.sh
Mar 4, 2025
create_service_store.sh
create_service_store.sh
Mar 25, 2025
docker-compose.yml
docker-compose.yml
Mar 4, 2025
make_backup.sh
make_backup.sh
Mar 4, 2025
opa_setup.sh
opa_setup.sh
Mar 4, 2025
run.sh
run.sh
Mar 4, 2025
secrets.sh.example
secrets.sh.example
Mar 11, 2025
vault_preflight.sh
vault_preflight.sh
Mar 4, 2025
vault_setup.sh
vault_setup.sh
Mar 21, 2025

Repository files navigation

An initial specification and implementation of an authorization service for the Pan-Canadian Genome Library.

OpenAPI spec in authz_openapi.yaml

View spec in swagger: https://editor.swagger.io/?url=https://raw.githubusercontent.com/CanDIG/pcgl-authz/refs/heads/main/app/src/authz_openapi.yaml

Running the test implementation

You can run the test implementation of the service via Docker.

Before running the run.sh script, open the file secrets.sh.example and rename it to secrets.sh. Fill in the values for the secrets, based on the PCGL CILogon test configuration. Ask Daisie on Slack if you need directions on obtaining the secrets.

The run.sh script will use the environment variables listed in secrets.sh and launch three docker containers. The API server will be available at http://localhost:1235.

In order to access any of the REST API endpoints, you will need to get an access code from CILogon and exchange it for an access token:

  1. In a browser, go to the authorization endpoint: https://cilogon.org/authorize?response_type=code&client_id=cilogon%3A%2Fclient_id%2F234088ba9c4226f6883f38d7f6af69d6&redirect_uri=http%3A%2F%2Flocalhost%3A1235&scope=openid%2Bprofile%2Bemail%2Borg.cilogon.userinfo. You will probably get an error message, but the URL in the browser bar will look something like https://localhost/?code=NB2HI4D.... Save that as an environment variable, export code=NB2HI4D...

  2. Exchange that value for an access token:

curl -X "POST" "https://cilogon.org/oauth2/token" \
     -H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \
     --data-urlencode "client_id=$PCGL_CLIENT_ID" \
     --data-urlencode "client_secret=$PCGL_CLIENT_SECRET" \
     --data-urlencode "grant_type=authorization_code" \
     --data-urlencode "redirect_uri=http://localhost" \
     --data-urlencode "code=$code"
  1. Use the access token in an Authorization header for any of the API calls:
curl "http://localhost:1235/authz/group/admin" \
 -H 'Authorization: Bearer <token>'

Pytest

There is a basic pytest suite that is primarily designed to test the Opa functionality. Tests to exercise the API calls are still being developed.

Cleanup

Running the clean.sh script will tear down all of the Docker containers.

About

PCGL authorization framework

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages