I have a Flask rest api that I'm calling from a Javascript client. Trying to integrate Keycloak as an authentication server I had no success with flask (using flask_oidc) so I went for authenticating first from the javascript client (which works), and then usen the token to talk to the flask rest api.
However whenever I try to call a rest service with the token I get this error:
ERROR:flask_oidc:ERROR: Unable to get token info
ERROR:flask_oidc:'token_introspection_uri'
Traceback (most recent call last):
File "/app/env/lib/python3.6/site-packages/flask/app.py", line 2295, in wsgi_app
response = self.handle_exception(e)
File "/app/env/lib/python3.6/site-packages/flask_cors/extension.py", line 161, in wrapped_function
return cors_after_request(app.make_response(f(*args, **kwargs)))
File "/app/env/lib/python3.6/site-packages/flask/app.py", line 1741, in handle_exception
reraise(exc_type, exc_value, tb)
File "/app/env/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
raise value
File "/app/env/lib/python3.6/site-packages/flask/app.py", line 2292, in wsgi_app
response = self.full_dispatch_request()
File "/app/env/lib/python3.6/site-packages/flask/app.py", line 1815, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/app/env/lib/python3.6/site-packages/flask_cors/extension.py", line 161, in wrapped_function
return cors_after_request(app.make_response(f(*args, **kwargs)))
File "/app/env/lib/python3.6/site-packages/flask/app.py", line 1718, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/app/env/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
raise value
File "/app/env/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request
rv = self.dispatch_request()
File "/app/env/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/app/env/lib/python3.6/site-packages/flask_oidc/__init__.py", line 860, in decorated
return view_func(*args, **kwargs)
File "/app/controller/engine.py", line 111, in welcome
return json.dumps('Welcome %s' % g.oidc_token_info['sub'])
File "/app/env/lib/python3.6/site-packages/werkzeug/local.py", line 347, in __getattr__
return getattr(self._get_current_object(), name)
AttributeError: '_AppCtxGlobals' object has no attribute 'oidc_token_info'
This is my code, settings and keycloak.json in flask:
OIDC_CLIENT_SECRETS='/app/keycloak.json',
OIDC_RESOURCE_SERVER_ONLY='true',
OIDC_INTROSPECTION_AUTH_METHOD='bearer'
...
{
"web": {
"client_id": "MyClient",
"client_secret": "xxxxxx-xxxxx-xxxxx-xxxx-xxxxxxxxxxx",
"token_introspection_uri": "http://myservice_auth/auth/realms/myservice/protocol/openid-connect/token/introspect",
"token_uri": "http://myservice_auth/auth/realms/myservice/protocol/openid-connect/token",
"auth_uri": "http://myservice_auth/auth",
"realm": "myservice",
"ssl-required": "external",
"resource": "MyClient",
"public-client": true,
"use-resource-role-mappings": true,
"confidential-port": 0
}
}
...
oidc = OpenIDConnect(app)
@app.route('/welcome', methods=['GET'])
@oidc.accept_token()
def welcome():
return json.dumps('Welcome %s' % g.oidc_token_info['sub'])
Any ideas?
UPDATE I downgraded httplib2 to 0.11.3 and now the error is:
ERROR:flask_oidc:ERROR: Unable to get token info
ERROR:flask_oidc:[Errno 111] ECONNREFUSED
Also added (require_token=True) to the @oidc.accept_token decorator when defining the rest entrypoint, then in postman when I try to perform a get request to the service with the same token I got in the javascript client (successfully authenticated), I get this error:
{"error": "invalid_token", "error_description": "Token required but invalid"}