Make Keycloak URL protocol configurable

SebaDro · SebaDro · commit f037c59df331 · 2025-12-19T09:40:55.000+01:00
diff --git a/README.md b/README.md
@@ -81,17 +81,18 @@ pip install .
 
 The application is packaged as an executable `app.py` script. Configuration is based on the following environment variables which should be set accordingly prior to starting:
 
-| name                           | description                                          |
-|--------------------------------|------------------------------------------------------|
-| KC_CLIENT_ID                   | Identifier of pygeopai client in Keycloak            |
-| KC_CLIENT_SECRET               | Secret of pygeopai client in Keycloak                |
-| KC_TARGET_CLIENT_ID            | Identifier of Data Management API client in Keycloak |
-| KC_HOSTNAME                    | Hostname of Keycloak Server (e.g. `keycloak:8080`)   |
-| KC_HOSTNAME_PATH               | Subpath of Keycloak Hostname (e.g. `/keycloak`)      |
-| KC_REALM_NAME                  | Name of the Keycloak realm                           |
-| KOMMONITOR_DATA_MANAGEMENT_URL | URL of the KomMonitor Data Management API            |
-| PROCESS_RESULTS_DIR            | Directory to store process results                   |
-| PREFECT_API_URL                | URL of the Prefect server                            |
+| name                           | description                                                     |
+|--------------------------------|-----------------------------------------------------------------|
+| KC_CLIENT_ID                   | Identifier of pygeopai client in Keycloak                       |
+| KC_CLIENT_SECRET               | Secret of pygeopai client in Keycloak                           |
+| KC_TARGET_CLIENT_ID            | Identifier of Data Management API client in Keycloak            |
+| KC_HOSTNAME                    | Hostname of Keycloak Server (e.g. `keycloak:8080`)              |
+| KC_HOSTNAME_PATH               | Subpath of Keycloak Hostname (e.g. `/keycloak`)                 |
+| KC_URL_PROTOCOL                | Whether to use 'http' (only for development purpose) or 'https' |
+| KC_REALM_NAME                  | Name of the Keycloak realm                                      |
+| KOMMONITOR_DATA_MANAGEMENT_URL | URL of the KomMonitor Data Management API                       |
+| PROCESS_RESULTS_DIR            | Directory to store process results                              |
+| PREFECT_API_URL                | URL of the Prefect server                                       |
 
 After these variables are set run the app via
 ```commandline
diff --git a/docker/dev.env b/docker/dev.env
@@ -1,5 +1,6 @@
 KC_HOSTNAME=demo.kommonitor.de
 KC_HOSTNAME_PATH=/keycloak
+KC_URL_PROTOCOL=https
 KC_REALM_NAME=kommonitor-demo
 KC_CLIENT_ID=kommonitor-processor
 KC_CLIENT_SECRET=demo.kommonitor.de
diff --git a/processor/auth.py b/processor/auth.py
@@ -12,11 +12,12 @@
 KC_HOSTNAME = os.getenv('KC_HOSTNAME', "keycloak:8443")
 KC_REALM_NAME = os.getenv('KC_REALM_NAME', "kommonitor-demo")
 KC_HOSTNAME_PATH = os.getenv('KC_HOSTNAME_PATH', "")
+KC_URL_PROTOCOL = os.getenv('KC_PROTOCOL', "https")
 
 
 class KomMonitorIntrospectTokenValidator(IntrospectTokenValidator):
     def introspect_token(self, token_string):
-        url = f"https://{KC_HOSTNAME}{KC_HOSTNAME_PATH}/realms/{KC_REALM_NAME}/protocol/openid-connect/token/introspect"
+        url = f"{KC_URL_PROTOCOL}://{KC_HOSTNAME}{KC_HOSTNAME_PATH}/realms/{KC_REALM_NAME}/protocol/openid-connect/token/introspect"
         data = {'token': token_string[7:], 'token_type_hint': 'access_token'}\
             if token_string.startswith('Bearer')\
             else {'token': token_string, 'token_type_hint': 'access_token'}
diff --git a/processor/process/base.py b/processor/process/base.py
@@ -34,6 +34,7 @@ class KommonitorProcessConfig:
 KC_CLIENT_SECRET = os.getenv('KC_CLIENT_SECRET', "processor-secret")
 KC_TARGET_CLIENT_ID = os.getenv('KC_TARGET_CLIENT_ID', "kommonitor-data-management")
 KC_HOSTNAME = os.getenv('KC_HOSTNAME', "keycloak:8443")
+KC_URL_PROTOCOL = os.getenv('KC_PROTOCOL', "https")
 KC_REALM_NAME = os.getenv('KC_REALM_NAME', "kommonitor-demo")
 KC_HOSTNAME_PATH = os.getenv('KC_HOSTNAME_PATH', "")
 KOMMONITOR_DATA_MANAGEMENT_URL = os.getenv('KOMMONITOR_DATA_MANAGEMENT_URL', "http://localhost:8085/management/")
@@ -54,7 +55,7 @@ def data_management_client(logger: Logger, execute_request: schemas.ExecuteReque
 
         logger.info(f"Requesting token for user with ID: {execute_request.properties.get('user_id', '')}")
 
-        http = f"https://{KC_HOSTNAME}{KC_HOSTNAME_PATH}/realms/{KC_REALM_NAME}/protocol/openid-connect/token"
+        http = f"{KC_URL_PROTOCOL}://{KC_HOSTNAME}{KC_HOSTNAME_PATH}/realms/{KC_REALM_NAME}/protocol/openid-connect/token"
         a = requests.post(http, data=payload)
         a = a.json()
         token = a['access_token']
