Merge pull request #21 from icebreakerone/preprod

Preprod

README.md

@@ -83,7 +83,7 @@ https://vigorous-heyrovsky-1trvv0ikx9.projects.oryapis.com/oauth2/auth?client_id
 By default the client will use the local docker environment and expects a local instance of the FAPI api to be running on localhost:8020. Testing against the deployed API can be achieved by setting the `AUTHENTICATION_API` and `RESOURCE_API` environment variables, and optionally the FAPI_API environment variable.
 
 ```bash
-FAPI_API=https://perseus-demo-fapi.ib1.org AUTHENTICATION_API="https://perseus-demo-authentication.ib1.org" RESOURCE_API=https://perseus-demo-energy.ib1.org python -W ignore  client.py
+FAPI_API=https://perseus-demo-fapi.ib1.org AUTHENTICATION_API="https://perseus-demo-authentication.ib1.org" RESOURCE_API=https://perseus-demo-energy.ib1.org python -W ignore  client.py auth
 ```
 
 Opening the redirect url will present you with the default Ory Hydra log in/ sign up screen, followed by a consent screen:
@@ -114,6 +114,12 @@ python -W ignore  client.py id-token --token <token>
 
 with token being the `id_token` value obtained from authorisation code flow
 
+### Retrieve data from protected endpoint
+
+```bash
+python -W ignore  client.py resource --token <token>
+```
+
 ## Ory Hydra
 
 Please contact IB1 for the Client ID and secret if you would like to test against our demo Ory account. Alternatively you can set up a free developer account and create an Oauth2 client with your own details. The client should have:

authentication/api/conf.py

@@ -19,17 +19,16 @@
 CLIENT_SECRET = os.environ.get(
     "CLIENT_SECRET", "uE4NgqeIpuSV_XejQ7Ds3jsgA1yXhjR1MXJ1LbPuyls"
 )
+OAUTH_URL = os.environ.get(
+    "OAUTH_URL", "https://musing-kirch-t48np94ikp.projects.oryapis.com"
+)
 AUTHORIZATION_ENDPOINT = os.environ.get(
     "AUTHORIZATION_ENDPOINT",
-    "https://musing-kirch-t48np94ikp.projects.oryapis.com/oauth2/auth",
+    f"{OAUTH_URL}/oauth2/auth",
 )
 TOKEN_ENDPOINT = os.environ.get(
     "TOKEN_ENDPOINT",
-    "https://musing-kirch-t48np94ikp.projects.oryapis.com/oauth2/token",
-)
-INTROSPECTION_ENDPOINT = os.environ.get(
-    "INTROSPECTION_ENDPOINT",
-    "https://musing-kirch-t48np94ikp.projects.oryapis.com/admin/oauth2/introspect",
+    f"{OAUTH_URL}/oauth2/token",
 )
 REDIRECT_URI = os.environ.get(
     "REDIRECT_URI", "https://perseus-demo-accounting.ib1.org/callback"

authentication/copilot/backend/manifest.yml

@@ -36,14 +36,25 @@ network:
 # Optional fields for more advanced use-cases.
 #
 variables:                    # Pass environment variables as key value pairs.
-  FAPI_API: "https://perseus-demo-fapi.ib1.org"
-  CLIENT_ID: 21653835348762
-  CLIENT_SECRET: "uE4NgqeIpuSV_XejQ7Ds3jsgA1yXhjR1MXJ1LbPuyls"
+  CLIENT_ID: f67916ce-de33-4e2f-a8e3-cbd5f6459c30
+  REDIS_HOST: redis.${COPILOT_ENVIRONMENT_NAME}.${COPILOT_APPLICATION_NAME}.local
+  OAUTH_URL: https://vigorous-heyrovsky-1trvv0ikx9.projects.oryapis.com
+
+
 
 environments:
     prod:
       http:
         # Requests to this path will be forwarded to your service.
         # To match all requests you can use the "/" path.
         alias: perseus-demo-authentication.ib1.org
-        hosted_zone: Z080590727V6ALTWMJ7N5
+        hosted_zone: Z080590727V6ALTWMJ7N5
+      secrets: 
+        SERVER_KEY: /copilot/perseus-demo-fapi/prod/secrets/server_key
+        SERVER_CERT: /copilot/perseus-demo-fapi/prod/secrets/server_cert
+        CLIENT_SECRET: /copilot/perseus-demo-authentication/prod/secrets/client_secret
+    dev:
+      secrets: 
+        SERVER_KEY: /copilot/perseus-demo-fapi/dev/secrets/server_key
+        SERVER_CERT: /copilot/perseus-demo-fapi/dev/secrets/server_cert
+        CLIENT_SECRET: /copilot/perseus-demo-authentication/dev/secrets/client_secret

client.py

@@ -164,6 +164,18 @@ def id_token(token):
     print(client_side_decoding(token))
 
 
+@click.option("--token", help="Authorisation token")
+@cli.command()
+def resource(token):
+    result = requests.get(
+        f"{RESOURCE_API}/api/v1/consumption",
+        verify=False,
+        headers={"Authorization": f"Bearer {token}"},
+        cert=(CLIENT_CERTIFICATE, CLIENT_PRIVATE_KEY),
+    )
+    return result.json()
+
+
 @cli.command()
 def auth():
     code_verifier, par_response = pushed_authorization_request()
@@ -187,18 +199,3 @@ def auth():
 
 if __name__ == "__main__":
     cli()
-    # Initiate flow with PAR
-
-    # Generate PKCE code verifier and challenge
-
-    # The following two tests will use the values returned after login and consent has been given
-    # print(
-    #     introspect_token(
-    #         "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOltdLCJjbGllbnRfaWQiOiJmNjc5MTZjZS1kZTMzLTRlMmYtYThlMy1jYmQ1ZjY0NTljMzAiLCJleHAiOjE3MTMyODU5MjUsImV4dCI6e30sImlhdCI6MTcxMzI4MjMyNSwiaXNzIjoiaHR0cHM6Ly92aWdvcm91cy1oZXlyb3Zza3ktMXRydnYwaWt4OS5wcm9qZWN0cy5vcnlhcGlzLmNvbSIsImp0aSI6ImNjYTQ5N2Y1LWYzYjAtNGM4MS1iODczLTdmOTdhNzRjZmNkYSIsIm5iZiI6MTcxMzI4MjMyNSwic2NwIjpbInByb2ZpbGUiLCJvZmZsaW5lX2FjY2VzcyJdLCJzdWIiOiJkNmZkNmUxYy1hMTBlLTQwZDgtYWEyYi05NjA2ZjNkMzRkM2MiLCJjbmYiOnsieDV0I1MyNTYiOiJrNkpvY19UYlJJbV92SVF5cldjTVRJVnpfUVptUjBKUmVHQVNXUmNMZG5RIn19.SxM9YvqE-vvXwemHNbLHNey7xbyLGsGu4T6bSmmhXNP2-nk8GMcmoHCLXhgYhQFJ3HcuLx7P9kQCqEUrY68xGQ"
-    #     )
-    # )
-    # print(
-    #     client_side_decoding(
-    #         "eyJhbGciOiJFUzI1NiIsImtpZCI6IjEiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL3BlcnNldXMtZGVtby1lbmVyZ3kuaWIxLm9yZyIsInN1YiI6ImQ2ZmQ2ZTFjLWExMGUtNDBkOC1hYTJiLTk2MDZmM2QzNGQzYyIsImF1ZCI6ImY2NzkxNmNlLWRlMzMtNGUyZi1hOGUzLWNiZDVmNjQ1OWMzMCIsImV4cCI6MTcxMzI3OTgxMiwiaWF0IjoxNzEzMjc2MjEyLCJraWQiOjF9.SHpel4gQyrIS6RNM4VTZgsepgR-g-g5zQWeLwBVUzapeusDU2tsfT4yCczN6XMNYq9xCuL2WmIVEWKJBonp2Gw"
-    #     )
-    # )