Public/kotaemon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: support authentication with Open ID using Keycloak (#669) #none

Browse Source 
* Changes for authentication with Open ID using Keycloak

* Select authentication method

* fix: missing params

* fix: minor update

---------

Co-authored-by: Sara <sara.jimenez@nuvu.cc>
This commit is contained in:
Tuan Anh Nguyen Dang (Tadashi_Cin) 2025-02-14 21:26:37 +07:00 committed by GitHub
parent e3921f7704
commit 647d0a4afe
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 50 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.env.example
View File

@ -40,3 +40,16 @@ PDF_SERVICES_CLIENT_SECRET=
# settings for PDF.js # settings for PDF.js
PDFJS_VERSION_DIST="pdfjs-4.0.379-dist" PDFJS_VERSION_DIST="pdfjs-4.0.379-dist"
# variable for authentication method selection
# for authentication with google leave empty
# for authentication with keycloak :
# AUTHENTICATION_METHOD="KEYCLOAK"
AUTHENTICATION_METHOD=
# settings for keycloak
KEYCLOAK_SERVER_URL=
KEYCLOAK_CLIENT_ID=
KEYCLOAK_REALM=
KEYCLOAK_CLIENT_SECRET=

35
sso_app.py
View File

@ -8,15 +8,22 @@ from theflow.settings import settings as flowsettings
KH_APP_DATA_DIR = getattr(flowsettings, "KH_APP_DATA_DIR", ".") KH_APP_DATA_DIR = getattr(flowsettings, "KH_APP_DATA_DIR", ".")
GRADIO_TEMP_DIR = os.getenv("GRADIO_TEMP_DIR", None) GRADIO_TEMP_DIR = os.getenv("GRADIO_TEMP_DIR", None)
AUTHENTICATION_METHOD = config("AUTHENTICATION_METHOD")
# override GRADIO_TEMP_DIR if it's not set # override GRADIO_TEMP_DIR if it's not set
if GRADIO_TEMP_DIR is None: if GRADIO_TEMP_DIR is None:
GRADIO_TEMP_DIR = os.path.join(KH_APP_DATA_DIR, "gradio_tmp") GRADIO_TEMP_DIR = os.path.join(KH_APP_DATA_DIR, "gradio_tmp")
os.environ["GRADIO_TEMP_DIR"] = GRADIO_TEMP_DIR os.environ["GRADIO_TEMP_DIR"] = GRADIO_TEMP_DIR
# for authentication with Google
GOOGLE_CLIENT_ID = config("GOOGLE_CLIENT_ID", default="") GOOGLE_CLIENT_ID = config("GOOGLE_CLIENT_ID", default="")
GOOGLE_CLIENT_SECRET = config("GOOGLE_CLIENT_SECRET", default="") GOOGLE_CLIENT_SECRET = config("GOOGLE_CLIENT_SECRET", default="")
# for authentication with Open ID by keycloak
KEYCLOAK_SERVER_URL = config("KEYCLOAK_SERVER_URL")
KEYCLOAK_REALM = config("KEYCLOAK_REALM")
KEYCLOAK_CLIENT_ID = config("KEYCLOAK_CLIENT_ID")
KEYCLOAK_CLIENT_SECRET = config("KEYCLOAK_CLIENT_SECRET")
from ktem.main import App # noqa from ktem.main import App # noqa
@ -24,15 +31,35 @@ gradio_app = App()
demo = gradio_app.make() demo = gradio_app.make()
app = FastAPI() app = FastAPI()
grlogin.register(
if AUTHENTICATION_METHOD == "KEYCLOAK":
# for authentication with Open ID by keycloak
grlogin.register(
name="keycloak",
server_metadata_url=(
f"{KEYCLOAK_SERVER_URL}/realms/{KEYCLOAK_REALM}/"
".well-known/openid-configuration"
),
client_id=KEYCLOAK_CLIENT_ID,
client_secret=KEYCLOAK_CLIENT_SECRET,
client_kwargs={
"scope": "openid email profile",
},
)
else:
# for authentication with Google
grlogin.register(
name="google", name="google",
server_metadata_url="https://accounts.google.com/.well-known/openid-configuration", server_metadata_url=(
"https://accounts.google.com/.well-known/openid-configuration"
),
client_id=GOOGLE_CLIENT_ID, client_id=GOOGLE_CLIENT_ID,
client_secret=GOOGLE_CLIENT_SECRET, client_secret=GOOGLE_CLIENT_SECRET,
client_kwargs={ client_kwargs={
"scope": "openid email profile", "scope": "openid email profile",
}, },
) )
@app.get("/favicon.ico", include_in_schema=False) @app.get("/favicon.ico", include_in_schema=False)