Merge pull request #1471 from virtualcell/vcell-reconnection-failure

VCell Connection Failure Fix

Author: Ezequiel-Valencia

docker/build/build.sh

@@ -112,9 +112,10 @@ build_rest() {
 
 build_webapp_common() {
   config=$1
+  export BUILD_COMMAND="build_$1"
   echo "building $repo/vcell-webapp-${config}:$tag"
-  echo "$SUDO_CMD docker buildx build --platform=linux/amd64 -f ../../webapp-ng/Dockerfile-webapp-${config} --tag $repo/vcell-webapp-${config}:$tag ../../webapp-ng"
-  $SUDO_CMD docker buildx build --platform=linux/amd64 -f ../../webapp-ng/Dockerfile-webapp-${config} --tag $repo/vcell-webapp-${config}:$tag ../../webapp-ng
+  echo "$SUDO_CMD docker buildx build --build-arg BUILD_COMMAND=build_$1 --platform=linux/amd64 -f ../../webapp-ng/Dockerfile-webapp --tag $repo/vcell-webapp-${config}:$tag ../../webapp-ng"
+  $SUDO_CMD docker buildx build --build-arg BUILD_COMMAND=build_$1 --platform=linux/amd64 -f ../../webapp-ng/Dockerfile-webapp --tag $repo/vcell-webapp-${config}:$tag ../../webapp-ng
   if [[ $? -ne 0 ]]; then echo "docker buildx build --platform=linux/amd64 failed"; exit 1; fi
   if [ "$skip_push" == "false" ]; then
     $SUDO_CMD docker push $repo/vcell-webapp-${config}:$tag

vcell-apiclient/src/main/java/org/vcell/api/client/VCellApiClient.java

@@ -75,8 +75,6 @@ public class VCellApiClient implements AutoCloseable {
 	private final static String DEFAULT_CLIENTID = "85133f8d-26f7-4247-8356-d175399fc2e6";
 	private final URL quarkusURL;
 	private ApiClient apiClient = null;
-	private final static String authClientID = "cjoWhd7W8A8znf7Z7vizyvKJCiqTgRtf";
-	private final static String authDomain = "https://dev-dzhx7i2db3x3kkvq.us.auth0.com";
 
 	// Create a custom response handler
 	public static class VCellStringResponseHandler implements ResponseHandler<String> {
@@ -482,7 +480,7 @@ public void createDefaultQuarkusClient(boolean bIgnoreCertProblems){
 	}
 
 	public void authenticate(boolean ignoreSSLCertProblems) throws URISyntaxException, IOException, ParseException, ApiException {
-		apiClient = InteractiveLogin.login(authClientID, new URI(authDomain + "/authorize"),
+		apiClient = InteractiveLogin.login(new URI(InteractiveLogin.authDomain + "/authorize"),
 				this.quarkusURL.toURI(), ignoreSSLCertProblems);
 		apiClient.setScheme(this.quarkusURL.getProtocol());
 	}
@@ -494,7 +492,7 @@ public void logOut(){
 		java.net.http.HttpRequest.Builder httpRequestBuilder = java.net.http.HttpRequest.newBuilder();
 		String postLogoutRedirect = "";
 		String idToken = "";
-		httpRequestBuilder.uri(URI.create(authDomain + "/oidc/logout"));
+		httpRequestBuilder.uri(URI.create(InteractiveLogin.authDomain + "/oidc/logout"));
 		httpRequestBuilder.header("Content-Type", "application/x-www-form-urlencoded");
 //		httpRequestBuilder.method("GET");
 		String logoutPath = "";

vcell-rest/src/main/resources/application.properties

@@ -67,9 +67,11 @@ quarkus.datasource.postgresql.db-kind=postgresql
 ## Auth OIDC Bearer Token
 %dev,prod.quarkus.oidc.auth-server-url=https://dev-dzhx7i2db3x3kkvq.us.auth0.com
 %dev,prod.quarkus.oidc.client-id=ViiDx0tdnXnv6OMiz9nS6MkHyWmlsRlG
-%dev,prod.quarkus.oidc.credentials.secret=
-%dev,prod.quarkus.oidc.application-type=hybrid
-%dev,prod.quarkus.oidc.authentication.scopes=openid,profile,email
+%dev,prod.quarkus.oidc.tenant-id=dev-dzhx7i2db3x3kkvq
+%dev,prod.quarkus.oidc.application-type=service
+#%dev,prod.quarkus.oidc.authentication.scopes=openid,profile,email,offline_access
+%dev,prod.quarkus.oidc.token.allow-jwt-introspection=false
+%dev,prod.quarkus.oidc.token.allow-opaque-token-introspection=false
 
 %test.quarkus.oidc.client-id=backend-service
 %test.quarkus.oidc.credentials.secret=secret

vcell-restclient/src/main/java/org/vcell/restclient/auth/AuthApiClient.java

@@ -60,7 +60,7 @@ public void refreshAccessToken() throws IOException, ParseException {
         // Create the token request
         TokenRequest request = new TokenRequest(
                 oidcProviderTokenEndpoint,
-                new ClientID("your-client-id"),
+                new ClientID(InteractiveLogin.authClientID),
                 new RefreshTokenGrant(refreshToken)
         );
 

vcell-restclient/src/main/java/org/vcell/restclient/auth/InteractiveLogin.java

@@ -3,6 +3,7 @@
 import com.nimbusds.oauth2.sdk.*;
 import com.nimbusds.oauth2.sdk.http.HTTPRequest;
 import com.nimbusds.oauth2.sdk.http.HTTPResponse;
+import com.nimbusds.oauth2.sdk.id.Audience;
 import com.nimbusds.oauth2.sdk.id.ClientID;
 import com.nimbusds.oauth2.sdk.id.State;
 import com.nimbusds.oauth2.sdk.pkce.CodeChallengeMethod;
@@ -27,10 +28,18 @@
 import java.util.concurrent.TimeUnit;
 
 public class InteractiveLogin {
+    public final static String authClientID = "cjoWhd7W8A8znf7Z7vizyvKJCiqTgRtf";
+    public final static String authDomain = "https://dev-dzhx7i2db3x3kkvq.us.auth0.com";
+
+
 
     private InteractiveLogin() {
     }
 
+    public static AuthApiClient login() throws URISyntaxException, IOException, ParseException {
+        return login(new URI(authDomain), new URI("https://vcell.cam.uchc.edu"), false);
+    }
+
     /**
      *  1. Goes to the authorization server, gather metadata about it's OIDC configuration
      *  (ex. Scopes supported, signing methods supported, auth and token endpoint, response types...)
@@ -50,7 +59,6 @@ private InteractiveLogin() {
      *  <br>
      *  P.S: This HTTP client created has an automated refresh capability for the access token, allowing users to stay logged in
      *  for an extended period of time.
-     * @param clientID
      * @param authServerUri
      * @param apiBaseUri
      * @param ignoreSSLCertProblems
@@ -60,7 +68,7 @@ private InteractiveLogin() {
      * @throws ParseException
      */
 
-    public static AuthApiClient login(String clientID, URI authServerUri, URI apiBaseUri, boolean ignoreSSLCertProblems) throws URISyntaxException, IOException, ParseException {
+    public static AuthApiClient login(URI authServerUri, URI apiBaseUri, boolean ignoreSSLCertProblems) throws URISyntaxException, IOException, ParseException {
         URI successRedirectURI = new URI(apiBaseUri+( apiBaseUri.getHost().equals("localhost")?  "" : "/login_success"));
 
         // Retrieve OpenID Provider Metadata
@@ -93,9 +101,10 @@ public static AuthApiClient login(String clientID, URI authServerUri, URI apiBas
         String callback_endpoint_path = "/oidc_test_callback";
 
         URI redirectURI = new URI("http://" + "localhost" + ":" + localHttpServerPort + callback_endpoint_path);
-        Scope scope = new Scope("openid", "email", "profile"); //, "email"); //, "profile", "offline_access");
+        Scope scope = new Scope("openid", "email", "profile", "offline_access"); //, "email"); //, "profile", "offline_access");
+
         CodeVerifier codeVerifier = new CodeVerifier();
-        URI authRequestURI = getAuthRequestURI(oidcProviderMetadata, redirectURI, new ClientID(clientID), scope, state, codeVerifier);
+        URI authRequestURI = getAuthRequestURI(oidcProviderMetadata, redirectURI, new ClientID(authClientID), scope, state, codeVerifier, apiBaseUri);
 
         final AuthorizationResponse authorizationResponse;
         if (Desktop.isDesktopSupported() && Desktop.getDesktop().isSupported(Desktop.Action.BROWSE)) {
@@ -120,13 +129,9 @@ public static AuthApiClient login(String clientID, URI authServerUri, URI apiBas
             authorizationResponse = getAuthorizationResponseManual(authRequestURI);
         }
 
-        OIDCTokens oidcTokens = exchangeCodeForTokens(authorizationResponse, oidcProviderMetadata.getTokenEndpointURI(), new ClientID(clientID), scope, redirectURI, codeVerifier);
-        String accessToken = oidcTokens.getAccessToken().getValue();
-        String idToken = oidcTokens.getIDTokenString();
+        OIDCTokens oidcTokens = exchangeCodeForTokens(authorizationResponse, oidcProviderMetadata.getTokenEndpointURI(), new ClientID(authClientID), scope, redirectURI, codeVerifier);
 
-        AuthApiClient authApiClient = new AuthApiClient(apiBaseUri, oidcProviderMetadata.getTokenEndpointURI(), oidcTokens.getAccessToken(), oidcTokens.getRefreshToken(), ignoreSSLCertProblems);
-        authApiClient.setRequestInterceptor(request -> request.header("Authorization", "Bearer " + idToken));
-        return authApiClient;
+        return new AuthApiClient(apiBaseUri, oidcProviderMetadata.getTokenEndpointURI(), oidcTokens.getAccessToken(), oidcTokens.getRefreshToken(), ignoreSSLCertProblems);
     }
 
     static int findAvailablePort(List<Integer> potentialPorts) {
@@ -275,13 +280,16 @@ private static void pingHttpServer(URL url, String expectedPingResponse) throws
      * @throws IOException
      * @throws ParseException
      */
-    private static URI getAuthRequestURI(OIDCProviderMetadata oidcProviderMetadata, URI redirectURI, ClientID clientID, Scope scope, State state, CodeVerifier codeVerifier) throws URISyntaxException, IOException, ParseException {
+    private static URI getAuthRequestURI(OIDCProviderMetadata oidcProviderMetadata, URI redirectURI, ClientID clientID,
+                                         Scope scope, State state, CodeVerifier codeVerifier, URI audience) throws URISyntaxException, IOException, ParseException {
         // Create the authorization request
         URI authorizationEndpoint = oidcProviderMetadata.getAuthorizationEndpointURI();
 
+        String audiencePort = audience.getHost().equals("localhost") ? ":" + audience.getPort() : "";
         var authorizationRequest = new AuthorizationRequest.Builder(new ResponseType("code"), clientID)
                 .endpointURI(authorizationEndpoint)
                 .redirectionURI(redirectURI)
+                .customParameter("audience", audience.getScheme() + "://" + audience.getHost() + audiencePort)
                 .state(state)
                 .scope(scope) // Add any other required scopes
                 .codeChallenge(codeVerifier, CodeChallengeMethod.S256)

webapp-ng/Dockerfile-webapp-dev webapp-ng/Dockerfile-webappwebapp-ng/Dockerfile-webapp-dev renamed to webapp-ng/Dockerfile-webapp

@@ -1,6 +1,8 @@
 # Build stage
 FROM node:20.11-alpine3.19 AS build
 
+ARG BUILD_COMMAND=build_prod
+
 RUN apk update && apk add git
 
 RUN mkdir -p /app
@@ -14,7 +16,7 @@ RUN npm install --legacy-peer-deps
 
 COPY . .
 
-RUN npm run build_dev
+RUN npm run ${BUILD_COMMAND}
 
 # -----------------