add support for daa access tokens

.env.example

@@ -38,6 +38,10 @@ AUTHENTICATE=false # either false or oauth2
 # Please keep in mind that, unless specified, a study will be public by default!
 #ALWAYS_SHOW_STUDY_GROUP=PUBLIC
 
+# On instances with authentication it is possible to generate permanent data access tokens.
+# To enable this feature, uncomment this line. By default this feature is disabled.
+#DATA_ACCESS_TOKEN=oauth2
+
 # keycloak for fhirspark
 #KEYCLOAK_CLIENT_FHIRSPARK=
 #KEYCLOAK_SECRET_FHIRSPARK=

compose-dev.yml

@@ -53,6 +53,14 @@ services:
       "-Dspring.security.oauth2.client.provider.keycloak.issuer-uri=${KEYCLOAK_REALM:-}",
       "-Dspring.security.oauth2.client.registration.keycloak.client-id=${KEYCLOAK_CLIENT_CBIOPORTAL:-}",
       "-Dspring.security.oauth2.client.registration.keycloak.client-secret=${KEYCLOAK_SECRET_CBIOPORTAL:-}",
+      "-Ddat.method=${DATA_ACCESS_TOKEN:-none}",
+      "-Ddat.oauth2.clientId=${KEYCLOAK_CLIENT_CBIOPORTAL:-}",
+      "-Ddat.oauth2.clientSecret=${KEYCLOAK_SECRET_CBIOPORTAL:-}",
+      "-Ddat.oauth2.issuer=${KEYCLOAK_REALM:-}",
+      "-Ddat.oauth2.accessTokenUri=${KEYCLOAK_REALM:-}/protocol/openid-connect/token",
+      "-Ddat.oauth2.userAuthorizationUri=${KEYCLOAK_REALM:-}/protocol/openid-connect/auth",
+      "-Ddat.oauth2.jwkUrl=${KEYCLOAK_REALM:-}/protocol/openid-connect/certs",
+      "-Ddat.oauth2.redirectUri=${CBIOPORTAL_URL}/api/data-access-token/oauth2",
       "-Dsecurity.cors.allowed-origins=*",
       "-Dserver.tomcat.remoteip.port-header=X-Forwarded-Port",
       "-Dserver.tomcat.remoteip.protocol-header=X-Forwarded-Proto",

compose-research.yml

@@ -43,6 +43,14 @@ services:
       "-Dspring.security.oauth2.client.provider.keycloak.issuer-uri=${KEYCLOAK_REALM:-}",
       "-Dspring.security.oauth2.client.registration.keycloak.client-id=${KEYCLOAK_CLIENT_CBIOPORTAL:-}",
       "-Dspring.security.oauth2.client.registration.keycloak.client-secret=${KEYCLOAK_SECRET_CBIOPORTAL:-}",
+      "-Ddat.method=${DATA_ACCESS_TOKEN:-none}",
+      "-Ddat.oauth2.clientId=${KEYCLOAK_CLIENT_CBIOPORTAL:-}",
+      "-Ddat.oauth2.clientSecret=${KEYCLOAK_SECRET_CBIOPORTAL:-}",
+      "-Ddat.oauth2.issuer=${KEYCLOAK_REALM:-}",
+      "-Ddat.oauth2.accessTokenUri=${KEYCLOAK_REALM:-}/protocol/openid-connect/token",
+      "-Ddat.oauth2.userAuthorizationUri=${KEYCLOAK_REALM:-}/protocol/openid-connect/auth",
+      "-Ddat.oauth2.jwkUrl=${KEYCLOAK_REALM:-}/protocol/openid-connect/certs",
+      "-Ddat.oauth2.redirectUri=${CBIOPORTAL_URL}/api/data-access-token/oauth2",
       "-Dsecurity.cors.allowed-origins=*",
       "-Dserver.tomcat.remoteip.port-header=X-Forwarded-Port",
       "-Dserver.tomcat.remoteip.protocol-header=X-Forwarded-Proto",

compose.yml

@@ -46,6 +46,14 @@ services:
       "-Dspring.security.oauth2.client.provider.keycloak.issuer-uri=${KEYCLOAK_REALM:-}",
       "-Dspring.security.oauth2.client.registration.keycloak.client-id=${KEYCLOAK_CLIENT_CBIOPORTAL:-}",
       "-Dspring.security.oauth2.client.registration.keycloak.client-secret=${KEYCLOAK_SECRET_CBIOPORTAL:-}",
+      "-Ddat.method=${DATA_ACCESS_TOKEN:-none}",
+      "-Ddat.oauth2.clientId=${KEYCLOAK_CLIENT_CBIOPORTAL:-}",
+      "-Ddat.oauth2.clientSecret=${KEYCLOAK_SECRET_CBIOPORTAL:-}",
+      "-Ddat.oauth2.issuer=${KEYCLOAK_REALM:-}",
+      "-Ddat.oauth2.accessTokenUri=${KEYCLOAK_REALM:-}/protocol/openid-connect/token",
+      "-Ddat.oauth2.userAuthorizationUri=${KEYCLOAK_REALM:-}/protocol/openid-connect/auth",
+      "-Ddat.oauth2.jwkUrl=${KEYCLOAK_REALM:-}/protocol/openid-connect/certs",
+      "-Ddat.oauth2.redirectUri=${CBIOPORTAL_URL}/api/data-access-token/oauth2",
       "-Dsecurity.cors.allowed-origins=*",
       "-Dserver.tomcat.remoteip.port-header=X-Forwarded-Port",
       "-Dserver.tomcat.remoteip.protocol-header=X-Forwarded-Proto",