You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2020/09/02 18:03:51 UTC

[GitHub] [pulsar] cuzyoucant commented on issue #7952: OAuth2 url .well-known not parsed correctly

cuzyoucant commented on issue #7952:
URL: https://github.com/apache/pulsar/issues/7952#issuecomment-685904145


   Hey.
   
   We ran into the same problem as you described above. The better solution would be to have a config somewhere where we can set what gets appended to the issuerURL.
   
   I implemented a small ghetto fix for myself and build pulsar from source until this gets officially implemented.
   If this is something you want to do, here is what you need to change:
   
   To "fix" your problem you need to change the line 100 in the DefaultMetadataResolver.java
   from this: `return new URL(issuerUrl, "/.well-known/openid-configuration");`
   to this: `return new URL(issuerUrl.toString() + "/.well-known/openid-configuration");`
   
   Now the URL gets appended correctly and it works as expected.
   
   To also get the client(producer/consumer) to work you need to change the following since they also do not work with keycloak URLs:
   1. In the file /pulsar-client-cpp/lib/auth/AuthOauth2.cc in line 187 comment out the line.
   `issuerUrl_.append("/oauth/token");`
   
   2. Now you need to specify the full token endpoint from keycloak as the issuer_url in your client.
   example: `https://example.com/auth/realms/myrealm/protocol/openid-connect/token`
   
   The reason you need to do that is that after the first token expires, it tries to get a new one with the settings from the /.well-known configuration and it appends /oauth/token again to the tokenURL which obviously doesnt work.
   
   I know its kind of a bad fix for now but i am to inexperienced to add a complete feature myself. We just want it to work for now and we will not be using it for production anytime soon. Just want to test features and infrastructure stuff and for that it works fine.
   
   Hope it helps!
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org