Skip to content
/ authserver Public

An OAuth 2.0 server with added services for providing fine-grain access control to Data Trust assets.

License

MIT license
4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

brighthive/authserver

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

317 Commits
.github/workflows
.github/workflows
 
 
authserver
authserver
 
 
docs
docs
 
 
migrations
migrations
 
 
tests
tests
 
 
.coveragec
.coveragec
 
 
.dockerignore
.dockerignore
 
 
.env.development
.env.development
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
Jenkinsfile
Jenkinsfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
Pipfile
Pipfile
 
 
Pipfile.lock
Pipfile.lock
 
 
README.md
README.md
 
 
docker-compose-devel.yml
docker-compose-devel.yml
 
 
docker-compose.yml
docker-compose.yml
 
 
entrypoint.sh
entrypoint.sh
 
 
manager.py
manager.py
 
 
permission-schema-notes.js
permission-schema-notes.js
 
 
pytest.ini
pytest.ini
 
 
run-locally.sql
run-locally.sql
 
 
swagger.yml
swagger.yml
 
 
wsgi.py
wsgi.py
 
 

Repository files navigation

Brighthive Authorization and Authentication Server Documentation Status

An OAuth 2.0 server with added services for providing fine-grain access control to Data Trust assets.

Getting Started

Run the App Locally

Authserver is a Flask app with a REST interface supported by a Postgres database. Follow these steps to run the app locally:

1. (first terminal) Stand up the Postgres database with docker-compose.

docker-compose -f docker-compose-devel.yml up postgres

2. (second terminal) Configure the app. Authserver configures itself with environment variables. Copy .env.development to get started with local development:

cp .env.development .env

3. (second terminal) Install dependencies.

pipenv install --dev

4. (second terminal) Run the Flask app!

# Run migrations
pipenv run flask db upgrade

# Optionally, run the sql file 'run-locally.sql' to allow locally logging in to facet
docker exec -it postgres-authserver psql -U brighthive_admin -d authserver

# Run the app
pipenv run gunicorn -w 4 -b 0.0.0.0:10001 wsgi:app --reload --worker-class gevent --timeout 600

# Conversely, you can run the app with flask
pipenv run flask run -p 10001

Hurrah! Check the app status here: http://0.0.0.0:10001/health

Run tests

APP_ENV=test pipenv run pytest

Machine to machine admin credentials

To give a machine to machine credentials admin rights, you must manually enable it. There are no endpoints. This was done because super admin credentials are dangerous. In the oauth2_clients table you will find a grant_super_admin column. Set this to True.

How to generate a JWT key pair

ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
# Don't add passphrase
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
cat jwtRS256.key
cat jwtRS256.key.pub

Visual Studio Code Configuration

Most Brighthive engineers use Visual Studio Code as their primary IDE. Below is a basic configuration that will work for this application.

{
  "python.pythonPath": "/path/to/python",
  "python.linting.pycodestyleEnabled": true,
  "python.linting.pycodestylePath": "pycodestyle",
  "python.formatting.autopep8Path": "autopep8",
  "python.linting.pycodestyleArgs": ["--ignore=E501,E0239"],
  "python.formatting.autopep8Args": ["--ignore=E501,E0239"],
  "python.linting.pylintEnabled": false,
  "python.linting.enabled": true,
  "python.analysis.disabled": ["inherit-non-class"]
}

About

An OAuth 2.0 server with added services for providing fine-grain access control to Data Trust assets.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

4 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases 9

v1.5.3 Latest
Apr 30, 2021
+ 8 releases

Packages

No packages published

Contributors 9

Languages