simplified config in 1 docker compose

.env.example

@@ -1 +1,2 @@
+VITE_DATAVERSE_AUTHN_URL=http://localhost:4180
 STORYBOOK_CHROMATIC_BUILD=false

dev-env/add-oidc.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+curl -X POST -H 'Content-type: application/json' --upload-file oidc.json http://localhost:8080/api/admin/authenticationProviders

dev-env/docker-compose-dev.yml

@@ -1,7 +1,43 @@
 services:
+  oauth2-proxy:
+    container_name: oauth2-proxy
+    image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
+    command: --config /oauth2-proxy.cfg
+    hostname: oauth2-proxy
+    volumes:
+      - "./oauth2-proxy-keycloak.cfg:/oauth2-proxy.cfg"
+    restart: unless-stopped
+    ports:
+      - 4180:4180
+    networks:
+      - dataverse
+    depends_on:
+      - dev_nginx
+      - keycloak
+
+  keycloak:
+    container_name: keycloak
+    image: keycloak/keycloak:25.0
+    hostname: keycloak
+    command:
+      - 'start-dev'
+      - '--http-port=8000'
+      - '--import-realm'
+    volumes:
+      - ./keycloak:/opt/keycloak/data/import
+    environment:
+      KC_HTTP_PORT: 8000
+      KEYCLOAK_ADMIN: [email protected]
+      KEYCLOAK_ADMIN_PASSWORD: password
+    ports:
+      - 9080:8000
+    networks:
+      - dataverse
+
   dev_nginx:
     container_name: 'dev_nginx_proxy'
     image: nginx:stable
+    hostname: dev_nginx
     ports:
       - '8000:80'
     networks:

dev-authn-env/keycloak/oauth2-proxy-realm.json → dev-env/keycloak/oauth2-proxy-realm.json

@@ -661,7 +661,7 @@
       "clientAuthenticatorType": "client-secret",
       "secret": "72341b6d-7065-4518-a0e4-50ee15025608",
       "redirectUris": [
-        "http://oauth2-proxy.localhost:4180/oauth2/callback"
+        "http://localhost:4180/oauth2/callback"
       ],
       "webOrigins": [],
       "notBefore": 0,

dev-authn-env/oauth2-proxy-keycloak.cfg → dev-env/oauth2-proxy-keycloak.cfg

@@ -2,8 +2,8 @@ http_address="0.0.0.0:4180"
 cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
 email_domains="mailinator.com"
 cookie_secure="false"
-upstreams="http://dataverse-public"
-cookie_domains=["oauth2-proxy.localhost:4080", "dataverse-public.localhost:8000", "keycloak.localhost:9080"] # Required so cookie can be read on all subdomains.
+upstreams="http://dev_nginx"
+cookie_domains=["localhost:4180", "localhost:8000", "localhost:9080"] # Required so cookie can be read on all subdomains.
 whitelist_domains=[".localhost"] # Required to allow redirection back to original requested target.
 skip_jwt_bearer_tokens="true" # will skip requests that have verified JWT bearer tokens (the token must have aud that matches this client id or one of the extras from extra-jwt-issuers)
 pass_access_token="true"
@@ -13,7 +13,7 @@ pass_authorization_header="true"
 # keycloak provider
 client_secret="72341b6d-7065-4518-a0e4-50ee15025608"
 client_id="oauth2-proxy"
-redirect_url="http://oauth2-proxy.localhost:4180/oauth2/callback"
+redirect_url="http://localhost:4180/oauth2/callback"
 
 # in this case oauth2-proxy is going to visit
 # http://keycloak.localhost:9080/realms/oauth2-proxy/.well-known/openid-configuration for configuration