Changes for authentication with Open ID using Keycloak

Author: saraJimenezB

.env.example

@@ -40,3 +40,9 @@ PDF_SERVICES_CLIENT_SECRET=
 
 # settings for PDF.js
 PDFJS_VERSION_DIST="pdfjs-4.0.379-dist"
+
+# settings for keycloak
+KEYCLOAK_SERVER_URL=
+KEYCLOAK_CLIENT_ID=
+KEYCLOAK_REALM=
+KEYCLOAK_CLIENT_SECRET=

sso_app.py

@@ -13,10 +13,15 @@
     GRADIO_TEMP_DIR = os.path.join(KH_APP_DATA_DIR, "gradio_tmp")
     os.environ["GRADIO_TEMP_DIR"] = GRADIO_TEMP_DIR
 
+# for authentication with Google
+# GOOGLE_CLIENT_ID = config("GOOGLE_CLIENT_ID", default="")
+# GOOGLE_CLIENT_SECRET = config("GOOGLE_CLIENT_SECRET", default="")
 
-GOOGLE_CLIENT_ID = config("GOOGLE_CLIENT_ID", default="")
-GOOGLE_CLIENT_SECRET = config("GOOGLE_CLIENT_SECRET", default="")
-
+# for authentication with Open ID by keycloak
+KEYCLOAK_SERVER_URL = config("KEYCLOAK_SERVER_URL")
+KEYCLOAK_REALM = config("KEYCLOAK_REALM")
+KEYCLOAK_CLIENT_ID = config("KEYCLOAK_CLIENT_ID")
+KEYCLOAK_CLIENT_SECRET = config("KEYCLOAK_CLIENT_SECRET")
 
 from ktem.main import App  # noqa
 
@@ -25,10 +30,19 @@
 
 app = FastAPI()
 grlogin.register(
-    name="google",
-    server_metadata_url="https://accounts.google.com/.well-known/openid-configuration",
-    client_id=GOOGLE_CLIENT_ID,
-    client_secret=GOOGLE_CLIENT_SECRET,
+    # for authentication with Google
+    # name="google",
+    # server_metadata_url="https://accounts.google.com/.well-known/openid-configuration",
+    # client_id=GOOGLE_CLIENT_ID,
+    # client_secret=GOOGLE_CLIENT_SECRET,
+    # for authentication with Open ID by keycloak
+    name="keycloak",
+    server_metadata_url=(
+        f"{KEYCLOAK_SERVER_URL}/realms/{KEYCLOAK_REALM}/"
+        ".well-known/openid-configuration"
+    ),
+    client_id=KEYCLOAK_CLIENT_ID,
+    client_secret=KEYCLOAK_CLIENT_SECRET,
     client_kwargs={
         "scope": "openid email profile",
     },