commit bd4d1ae126c3c5bee81ecad4db1eff1d1189dd26
Author: haskal <haskal@bepis.xyz>
Date:   Mon Jun 3 01:04:29 2019 -0400

    Initial commit

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..2d5887e
--- /dev/null
+++ b/README.md
@@ -0,0 +1,19 @@
+# OAuth2 authentication mechanism for INN2/nnrpd #
+
+## Keycloak setup ##
+
+Create a new client, type openid-connect
+
+- Standard flow, implicit flow enabled: off
+- Direct access grants: on
+- Access type: confidential
+
+Insert details into script:
+ - client_id: the client ID you created
+ - client_secret: from credentials tab in keycloak
+ - token_url: https://<yourinstance.tld>/auth/realms/<your-realm>/protocol/openid-connect/token
+
+## Install to INN2 ##
+Ensure requirements are installed.
+
+Copy nnrpd_oauth.py to _pathbin_/auth/passwd/
diff --git a/nnrpd_oauth.py b/nnrpd_oauth.py
new file mode 100755
index 0000000..5ed4e32
--- /dev/null
+++ b/nnrpd_oauth.py
@@ -0,0 +1,40 @@
+#!/usr/bin/env python3
+
+# OAuth2 (OpenID Connect / Keycloak) authentication mechanism for INN2/nnrpd.
+
+import sys
+from oauthlib.oauth2 import LegacyApplicationClient
+from requests_oauthlib import OAuth2Session
+
+CLIENT_AUTHNAME = "ClientAuthname: "
+CLIENT_PASSWORD = "ClientPassword: "
+
+client_id = ""
+client_secret = ""
+token_url = ""
+
+username = None
+password = None
+
+while username is None or password is None:
+    line = sys.stdin.readline()
+    while len(line) > 0 and line[-1] in "\r\n":
+        line = line[:-1]
+    if line[0:len(CLIENT_AUTHNAME)] == CLIENT_AUTHNAME:
+        username = line[len(CLIENT_AUTHNAME):]
+    elif line[0:len(CLIENT_PASSWORD)] == CLIENT_PASSWORD:
+        password = line[len(CLIENT_PASSWORD):]
+
+try:
+    oauth = OAuth2Session(client=LegacyApplicationClient(client_id=client_id))
+    token = oauth.fetch_token(token_url=token_url,
+                              username=username,
+                              password=password,
+                              client_id=client_id,
+                              client_secret=client_secret)
+    # Success!
+    sys.stdout.write(f"User:{username}@lain.faith\r\n")
+    sys.exit(0)
+except:
+    # Auth error
+    sys.exit(1)
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..6f89856
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1 @@
+requests-oauthlib