Skip to content

Commit ac34907

Browse files
Wenqi Heclaude
andcommitted
refactor: simplify token endpoint to accept optional redirect_uri
Drop /token/external — the same Keycloak client supports multiple redirect URIs, so only redirect_uri needs to vary per caller. get_token now takes only redirect_uri as an override, using the module-level keycloak_openid instance directly. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent f8be082 commit ac34907

4 files changed

Lines changed: 7 additions & 151 deletions

File tree

backend/app/routers/keycloak.py

Lines changed: 2 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -124,26 +124,9 @@ async def auth(code: str) -> RedirectResponse:
124124

125125

126126
@router.get("/token")
127-
async def token(code: str):
128-
return await get_token(code)
129-
130-
131-
@router.get("/token/external")
132-
async def token_external(
133-
code: str,
134-
server_url: Optional[str] = None,
135-
client_id: Optional[str] = None,
136-
realm_name: Optional[str] = None,
137-
client_secret_key: Optional[str] = None,
138-
redirect_uri: Optional[str] = None,
139-
):
127+
async def token(code: str, redirect_uri: Optional[str] = None):
140128
return await get_token(
141-
code,
142-
server_url=server_url,
143-
client_id=client_id,
144-
realm_name=realm_name,
145-
client_secret_key=client_secret_key,
146-
redirect_uri=redirect_uri,
129+
code, redirect_uri=redirect_uri or settings.auth_redirect_uri
147130
)
148131

149132

backend/app/routers/utils.py

Lines changed: 3 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,8 @@
11
import mimetypes
22
from typing import Optional
33

4-
from keycloak import KeycloakOpenID
5-
64
from app.config import settings
5+
from app.keycloak_auth import keycloak_openid
76
from app.models.files import ContentType
87
from app.models.tokens import TokenDB
98
from app.models.users import UserDB
@@ -41,29 +40,12 @@ async def save_refresh_token(refresh_token: str, email: str):
4140
await token_created.insert()
4241

4342

44-
async def get_token(
45-
code: str,
46-
*,
47-
server_url=None,
48-
client_id=None,
49-
realm_name=None,
50-
client_secret_key=None,
51-
redirect_uri=None,
52-
verify=True,
53-
):
54-
keycloak_openid = KeycloakOpenID(
55-
server_url=server_url or settings.auth_server_url,
56-
client_id=client_id or settings.auth_client_id,
57-
realm_name=realm_name or settings.auth_realm,
58-
client_secret_key=client_secret_key or settings.auth_client_secret,
59-
verify=verify,
60-
)
61-
43+
async def get_token(code: str, *, redirect_uri: str = settings.auth_redirect_uri):
6244
# get token from Keycloak
6345
token_body = keycloak_openid.token(
6446
grant_type="authorization_code",
6547
code=code,
66-
redirect_uri=redirect_uri or settings.auth_redirect_uri,
48+
redirect_uri=redirect_uri,
6749
)
6850

6951
access_token = token_body["access_token"]

frontend/src/openapi/v2/services/AuthService.ts

Lines changed: 2 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -91,52 +91,19 @@ export class AuthService {
9191
/**
9292
* Token
9393
* @param code
94-
* @returns any Successful Response
95-
* @throws ApiError
96-
*/
97-
public static tokenApiV2AuthTokenGet(
98-
code: string,
99-
): CancelablePromise<any> {
100-
return __request({
101-
method: 'GET',
102-
path: `/api/v2/auth/token`,
103-
query: {
104-
'code': code,
105-
},
106-
errors: {
107-
422: `Validation Error`,
108-
},
109-
});
110-
}
111-
112-
/**
113-
* Token External
114-
* @param code
115-
* @param serverUrl
116-
* @param clientId
117-
* @param realmName
118-
* @param clientSecretKey
11994
* @param redirectUri
12095
* @returns any Successful Response
12196
* @throws ApiError
12297
*/
123-
public static tokenExternalApiV2AuthTokenExternalGet(
98+
public static tokenApiV2AuthTokenGet(
12499
code: string,
125-
serverUrl?: string,
126-
clientId?: string,
127-
realmName?: string,
128-
clientSecretKey?: string,
129100
redirectUri?: string,
130101
): CancelablePromise<any> {
131102
return __request({
132103
method: 'GET',
133-
path: `/api/v2/auth/token/external`,
104+
path: `/api/v2/auth/token`,
134105
query: {
135106
'code': code,
136-
'server_url': serverUrl,
137-
'client_id': clientId,
138-
'realm_name': realmName,
139-
'client_secret_key': clientSecretKey,
140107
'redirect_uri': redirectUri,
141108
},
142109
errors: {

openapi.json

Lines changed: 0 additions & 76 deletions
Original file line numberDiff line numberDiff line change
@@ -12074,82 +12074,6 @@
1207412074
},
1207512075
"name": "code",
1207612076
"in": "query"
12077-
}
12078-
],
12079-
"responses": {
12080-
"200": {
12081-
"description": "Successful Response",
12082-
"content": {
12083-
"application/json": {
12084-
"schema": {}
12085-
}
12086-
}
12087-
},
12088-
"422": {
12089-
"description": "Validation Error",
12090-
"content": {
12091-
"application/json": {
12092-
"schema": {
12093-
"$ref": "#/components/schemas/HTTPValidationError"
12094-
}
12095-
}
12096-
}
12097-
}
12098-
}
12099-
}
12100-
},
12101-
"/api/v2/auth/token/external": {
12102-
"get": {
12103-
"tags": [
12104-
"auth"
12105-
],
12106-
"summary": "Token External",
12107-
"operationId": "token_external_api_v2_auth_token_external_get",
12108-
"parameters": [
12109-
{
12110-
"required": true,
12111-
"schema": {
12112-
"title": "Code",
12113-
"type": "string"
12114-
},
12115-
"name": "code",
12116-
"in": "query"
12117-
},
12118-
{
12119-
"required": false,
12120-
"schema": {
12121-
"title": "Server Url",
12122-
"type": "string"
12123-
},
12124-
"name": "server_url",
12125-
"in": "query"
12126-
},
12127-
{
12128-
"required": false,
12129-
"schema": {
12130-
"title": "Client Id",
12131-
"type": "string"
12132-
},
12133-
"name": "client_id",
12134-
"in": "query"
12135-
},
12136-
{
12137-
"required": false,
12138-
"schema": {
12139-
"title": "Realm Name",
12140-
"type": "string"
12141-
},
12142-
"name": "realm_name",
12143-
"in": "query"
12144-
},
12145-
{
12146-
"required": false,
12147-
"schema": {
12148-
"title": "Client Secret Key",
12149-
"type": "string"
12150-
},
12151-
"name": "client_secret_key",
12152-
"in": "query"
1215312077
},
1215412078
{
1215512079
"required": false,

0 commit comments

Comments
 (0)