Initial commit

README.md

@@ -0,0 +1,19 @@
+# OAuth2 authentication mechanism for INN2/nnrpd #
+
+## Keycloak setup ##
+
+Create a new client, type openid-connect
+
+- Standard flow, implicit flow enabled: off
+- Direct access grants: on
+- Access type: confidential
+
+Insert details into script:
+ - client_id: the client ID you created
+ - client_secret: from credentials tab in keycloak
+ - token_url: https://<yourinstance.tld>/auth/realms/<your-realm>/protocol/openid-connect/token
+
+## Install to INN2 ##
+Ensure requirements are installed.
+
+Copy nnrpd_oauth.py to _pathbin_/auth/passwd/

nnrpd_oauth.py

@@ -0,0 +1,40 @@
+#!/usr/bin/env python3
+
+# OAuth2 (OpenID Connect / Keycloak) authentication mechanism for INN2/nnrpd.
+
+import sys
+from oauthlib.oauth2 import LegacyApplicationClient
+from requests_oauthlib import OAuth2Session
+
+CLIENT_AUTHNAME = "ClientAuthname: "
+CLIENT_PASSWORD = "ClientPassword: "
+
+client_id = ""
+client_secret = ""
+token_url = ""
+
+username = None
+password = None
+
+while username is None or password is None:
+    line = sys.stdin.readline()
+    while len(line) > 0 and line[-1] in "\r\n":
+        line = line[:-1]
+    if line[0:len(CLIENT_AUTHNAME)] == CLIENT_AUTHNAME:
+        username = line[len(CLIENT_AUTHNAME):]
+    elif line[0:len(CLIENT_PASSWORD)] == CLIENT_PASSWORD:
+        password = line[len(CLIENT_PASSWORD):]
+
+try:
+    oauth = OAuth2Session(client=LegacyApplicationClient(client_id=client_id))
+    token = oauth.fetch_token(token_url=token_url,
+                              username=username,
+                              password=password,
+                              client_id=client_id,
+                              client_secret=client_secret)
+    # Success!
+    sys.stdout.write(f"User:{username}@lain.faith\r\n")
+    sys.exit(0)
+except:
+    # Auth error
+    sys.exit(1)

requirements.txt

@@ -0,0 +1 @@
+requests-oauthlib