Brighthive Authorization and Authentication Server

An OAuth 2.0 server with added services for providing fine-grain access control to Data Trust assets.

Getting Started

Run the App Locally

Authserver is a Flask app with a REST interface supported by a Postgres database. Follow these steps to run the app locally:

1. (first terminal) Stand up the Postgres database with docker-compose.

docker-compose -f docker-compose-devel.yml up postgres

2. (second terminal) Configure the app. Authserver configures itself with environment variables. Copy .env.development to get started with local development:

cp .env.development .env

3. (second terminal) Install dependencies.

pipenv install --dev

4. (second terminal) Run the Flask app!

# Run migrations
pipenv run flask db upgrade

# Optionally, run the sql file 'run-locally.sql' to allow locally logging in to facet
docker exec -it postgres-authserver psql -U brighthive_admin -d authserver

# Run the app
pipenv run gunicorn -w 4 -b 0.0.0.0:10001 wsgi:app --reload --worker-class gevent --timeout 600

# Conversely, you can run the app with flask
pipenv run flask run -p 10001

Hurrah! Check the app status here: http://0.0.0.0:10001/health

Run tests

APP_ENV=test pipenv run pytest

Machine to machine admin credentials

To give a machine to machine credentials admin rights, you must manually enable it. There are no endpoints. This was done because super admin credentials are dangerous. In the oauth2_clients table you will find a grant_super_admin column. Set this to True.

How to generate a JWT key pair

ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
# Don't add passphrase
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
cat jwtRS256.key
cat jwtRS256.key.pub

Taken from https://gist.github.com/ygotthilf/baa58da5c3dd1f69fae9

Visual Studio Code Configuration

Most Brighthive engineers use Visual Studio Code as their primary IDE. Below is a basic configuration that will work for this application.

{
  "python.pythonPath": "/path/to/python",
  "python.linting.pycodestyleEnabled": true,
  "python.linting.pycodestylePath": "pycodestyle",
  "python.formatting.autopep8Path": "autopep8",
  "python.linting.pycodestyleArgs": ["--ignore=E501,E0239"],
  "python.formatting.autopep8Args": ["--ignore=E501,E0239"],
  "python.linting.pylintEnabled": false,
  "python.linting.enabled": true,
  "python.analysis.disabled": ["inherit-non-class"]
}

Name		Name	Last commit message	Last commit date
Latest commit History 316 Commits
authserver		authserver
docs		docs
migrations		migrations
tests		tests
.coveragec		.coveragec
.dockerignore		.dockerignore
.env.development		.env.development
.gitignore		.gitignore
Dockerfile		Dockerfile
Jenkinsfile		Jenkinsfile
LICENSE		LICENSE
Makefile		Makefile
Pipfile		Pipfile
Pipfile.lock		Pipfile.lock
README.md		README.md
docker-compose-devel.yml		docker-compose-devel.yml
docker-compose.yml		docker-compose.yml
entrypoint.sh		entrypoint.sh
manager.py		manager.py
permission-schema-notes.js		permission-schema-notes.js
pytest.ini		pytest.ini
run-locally.sql		run-locally.sql
swagger.yml		swagger.yml
wsgi.py		wsgi.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Brighthive Authorization and Authentication Server

Getting Started

Run the App Locally

Run tests

Machine to machine admin credentials

How to generate a JWT key pair

Visual Studio Code Configuration

About

Releases 9

Packages

Contributors 8

Languages

License

brighthive/authserver

Folders and files

Latest commit

History

Repository files navigation

Brighthive Authorization and Authentication Server

Getting Started

Run the App Locally

Run tests

Machine to machine admin credentials

How to generate a JWT key pair

Visual Studio Code Configuration

About

Resources

License

Stars

Watchers

Forks

Releases 9

Packages 0

Contributors 8

Languages

Packages