VCell Connection Failure Fix

docker/build/build.sh

@@ -112,9 +112,10 @@ build_rest() {
 
 build_webapp_common() {
   config=$1
+  export BUILD_COMMAND="build_$1"
   echo "building $repo/vcell-webapp-${config}:$tag"
-  echo "$SUDO_CMD docker buildx build --platform=linux/amd64 -f ../../webapp-ng/Dockerfile-webapp-${config} --tag $repo/vcell-webapp-${config}:$tag ../../webapp-ng"
-  $SUDO_CMD docker buildx build --platform=linux/amd64 -f ../../webapp-ng/Dockerfile-webapp-${config} --tag $repo/vcell-webapp-${config}:$tag ../../webapp-ng
+  echo "$SUDO_CMD docker buildx build --build-arg BUILD_COMMAND=build_$1 --platform=linux/amd64 -f ../../webapp-ng/Dockerfile-webapp --tag $repo/vcell-webapp-${config}:$tag ../../webapp-ng"
+  $SUDO_CMD docker buildx build --build-arg BUILD_COMMAND=build_$1 --platform=linux/amd64 -f ../../webapp-ng/Dockerfile-webapp --tag $repo/vcell-webapp-${config}:$tag ../../webapp-ng
   if [[ $? -ne 0 ]]; then echo "docker buildx build --platform=linux/amd64 failed"; exit 1; fi
   if [ "$skip_push" == "false" ]; then
     $SUDO_CMD docker push $repo/vcell-webapp-${config}:$tag

vcell-apiclient/src/main/java/org/vcell/api/client/VCellApiClient.java

@@ -75,8 +75,6 @@ public class VCellApiClient implements AutoCloseable {
 	private final static String DEFAULT_CLIENTID = "85133f8d-26f7-4247-8356-d175399fc2e6";
 	private final URL quarkusURL;
 	private ApiClient apiClient = null;
-	private final static String authClientID = "cjoWhd7W8A8znf7Z7vizyvKJCiqTgRtf";
-	private final static String authDomain = "https://dev-dzhx7i2db3x3kkvq.us.auth0.com";
 
 	// Create a custom response handler
 	public static class VCellStringResponseHandler implements ResponseHandler<String> {
@@ -482,7 +480,7 @@ public void createDefaultQuarkusClient(boolean bIgnoreCertProblems){
 	}
 
 	public void authenticate(boolean ignoreSSLCertProblems) throws URISyntaxException, IOException, ParseException, ApiException {
-		apiClient = InteractiveLogin.login(authClientID, new URI(authDomain + "/authorize"),
+		apiClient = InteractiveLogin.login(new URI(InteractiveLogin.authDomain + "/authorize"),
 				this.quarkusURL.toURI(), ignoreSSLCertProblems);
 		apiClient.setScheme(this.quarkusURL.getProtocol());
 	}
@@ -494,7 +492,7 @@ public void logOut(){
 		java.net.http.HttpRequest.Builder httpRequestBuilder = java.net.http.HttpRequest.newBuilder();
 		String postLogoutRedirect = "";
 		String idToken = "";
-		httpRequestBuilder.uri(URI.create(authDomain + "/oidc/logout"));
+		httpRequestBuilder.uri(URI.create(InteractiveLogin.authDomain + "/oidc/logout"));
 		httpRequestBuilder.header("Content-Type", "application/x-www-form-urlencoded");
 //		httpRequestBuilder.method("GET");
 		String logoutPath = "";

vcell-rest/src/main/resources/application.properties

@@ -67,9 +67,11 @@ quarkus.datasource.postgresql.db-kind=postgresql
 ## Auth OIDC Bearer Token
 %dev,prod.quarkus.oidc.auth-server-url=https://dev-dzhx7i2db3x3kkvq.us.auth0.com
 %dev,prod.quarkus.oidc.client-id=ViiDx0tdnXnv6OMiz9nS6MkHyWmlsRlG
-%dev,prod.quarkus.oidc.credentials.secret=
-%dev,prod.quarkus.oidc.application-type=hybrid
-%dev,prod.quarkus.oidc.authentication.scopes=openid,profile,email
+%dev,prod.quarkus.oidc.tenant-id=dev-dzhx7i2db3x3kkvq
+%dev,prod.quarkus.oidc.application-type=service
+#%dev,prod.quarkus.oidc.authentication.scopes=openid,profile,email,offline_access
+%dev,prod.quarkus.oidc.token.allow-jwt-introspection=false
+%dev,prod.quarkus.oidc.token.allow-opaque-token-introspection=false
 
 %test.quarkus.oidc.client-id=backend-service
 %test.quarkus.oidc.credentials.secret=secret

vcell-restclient/src/main/java/org/vcell/restclient/auth/AuthApiClient.java

@@ -60,7 +60,7 @@ public void refreshAccessToken() throws IOException, ParseException {
         // Create the token request
         TokenRequest request = new TokenRequest(
                 oidcProviderTokenEndpoint,
-                new ClientID("your-client-id"),
+                new ClientID(InteractiveLogin.authClientID),
                 new RefreshTokenGrant(refreshToken)
         );
 

vcell-restclient/src/main/java/org/vcell/restclient/auth/InteractiveLogin.java

@@ -3,6 +3,7 @@
 import com.nimbusds.oauth2.sdk.*;
 import com.nimbusds.oauth2.sdk.http.HTTPRequest;
 import com.nimbusds.oauth2.sdk.http.HTTPResponse;
+import com.nimbusds.oauth2.sdk.id.Audience;
 import com.nimbusds.oauth2.sdk.id.ClientID;
 import com.nimbusds.oauth2.sdk.id.State;
 import com.nimbusds.oauth2.sdk.pkce.CodeChallengeMethod;
@@ -27,10 +28,18 @@
 import java.util.concurrent.TimeUnit;
 
 public class InteractiveLogin {
+    public final static String authClientID = "cjoWhd7W8A8znf7Z7vizyvKJCiqTgRtf";
+    public final static String authDomain = "https://dev-dzhx7i2db3x3kkvq.us.auth0.com";
+
+
 
     private InteractiveLogin() {
     }
 
+    public static AuthApiClient login() throws URISyntaxException, IOException, ParseException {
+        return login(new URI(authDomain), new URI("https://vcell.cam.uchc.edu"), false);
+    }
+
     /**
      *  1. Goes to the authorization server, gather metadata about it's OIDC configuration
      *  (ex. Scopes supported, signing methods supported, auth and token endpoint, response types...)
@@ -50,7 +59,6 @@ private InteractiveLogin() {
      *  <br>
      *  P.S: This HTTP client created has an automated refresh capability for the access token, allowing users to stay logged in
      *  for an extended period of time.
-     * @param clientID
      * @param authServerUri
      * @param apiBaseUri
      * @param ignoreSSLCertProblems
@@ -60,7 +68,7 @@ private InteractiveLogin() {
      * @throws ParseException
      */
 
-    public static AuthApiClient login(String clientID, URI authServerUri, URI apiBaseUri, boolean ignoreSSLCertProblems) throws URISyntaxException, IOException, ParseException {
+    public static AuthApiClient login(URI authServerUri, URI apiBaseUri, boolean ignoreSSLCertProblems) throws URISyntaxException, IOException, ParseException {
         URI successRedirectURI = new URI(apiBaseUri+( apiBaseUri.getHost().equals("localhost")?  "" : "/login_success"));
 
         // Retrieve OpenID Provider Metadata
@@ -93,9 +101,10 @@ public static AuthApiClient login(String clientID, URI authServerUri, URI apiBas
         String callback_endpoint_path = "/oidc_test_callback";
 
         URI redirectURI = new URI("http://" + "localhost" + ":" + localHttpServerPort + callback_endpoint_path);
-        Scope scope = new Scope("openid", "email", "profile"); //, "email"); //, "profile", "offline_access");
+        Scope scope = new Scope("openid", "email", "profile", "offline_access"); //, "email"); //, "profile", "offline_access");
+
         CodeVerifier codeVerifier = new CodeVerifier();
-        URI authRequestURI = getAuthRequestURI(oidcProviderMetadata, redirectURI, new ClientID(clientID), scope, state, codeVerifier);
+        URI authRequestURI = getAuthRequestURI(oidcProviderMetadata, redirectURI, new ClientID(authClientID), scope, state, codeVerifier, apiBaseUri);
 
         final AuthorizationResponse authorizationResponse;
         if (Desktop.isDesktopSupported() && Desktop.getDesktop().isSupported(Desktop.Action.BROWSE)) {
@@ -120,13 +129,9 @@ public static AuthApiClient login(String clientID, URI authServerUri, URI apiBas
             authorizationResponse = getAuthorizationResponseManual(authRequestURI);
         }
 
-        OIDCTokens oidcTokens = exchangeCodeForTokens(authorizationResponse, oidcProviderMetadata.getTokenEndpointURI(), new ClientID(clientID), scope, redirectURI, codeVerifier);
-        String accessToken = oidcTokens.getAccessToken().getValue();
-        String idToken = oidcTokens.getIDTokenString();
+        OIDCTokens oidcTokens = exchangeCodeForTokens(authorizationResponse, oidcProviderMetadata.getTokenEndpointURI(), new ClientID(authClientID), scope, redirectURI, codeVerifier);
 
-        AuthApiClient authApiClient = new AuthApiClient(apiBaseUri, oidcProviderMetadata.getTokenEndpointURI(), oidcTokens.getAccessToken(), oidcTokens.getRefreshToken(), ignoreSSLCertProblems);
-        authApiClient.setRequestInterceptor(request -> request.header("Authorization", "Bearer " + idToken));
-        return authApiClient;
+        return new AuthApiClient(apiBaseUri, oidcProviderMetadata.getTokenEndpointURI(), oidcTokens.getAccessToken(), oidcTokens.getRefreshToken(), ignoreSSLCertProblems);
     }
 
     static int findAvailablePort(List<Integer> potentialPorts) {
@@ -275,13 +280,16 @@ private static void pingHttpServer(URL url, String expectedPingResponse) throws
      * @throws IOException
      * @throws ParseException
      */
-    private static URI getAuthRequestURI(OIDCProviderMetadata oidcProviderMetadata, URI redirectURI, ClientID clientID, Scope scope, State state, CodeVerifier codeVerifier) throws URISyntaxException, IOException, ParseException {
+    private static URI getAuthRequestURI(OIDCProviderMetadata oidcProviderMetadata, URI redirectURI, ClientID clientID,
+                                         Scope scope, State state, CodeVerifier codeVerifier, URI audience) throws URISyntaxException, IOException, ParseException {
         // Create the authorization request
         URI authorizationEndpoint = oidcProviderMetadata.getAuthorizationEndpointURI();
 
+        String audiencePort = audience.getHost().equals("localhost") ? ":" + audience.getPort() : "";
         var authorizationRequest = new AuthorizationRequest.Builder(new ResponseType("code"), clientID)
                 .endpointURI(authorizationEndpoint)
                 .redirectionURI(redirectURI)
+                .customParameter("audience", audience.getScheme() + "://" + audience.getHost() + audiencePort)
                 .state(state)
                 .scope(scope) // Add any other required scopes
                 .codeChallenge(codeVerifier, CodeChallengeMethod.S256)

webapp-ng/Dockerfile-webapp-dev → webapp-ng/Dockerfile-webapp

@@ -1,6 +1,8 @@
 # Build stage
 FROM node:20.11-alpine3.19 AS build
 
+ARG BUILD_COMMAND=build_prod
+
 RUN apk update && apk add git
 
 RUN mkdir -p /app
@@ -14,7 +16,7 @@ RUN npm install --legacy-peer-deps
 
 COPY . .
 
-RUN npm run build_dev
+RUN npm run ${BUILD_COMMAND}
 
 # -----------------
 

webapp-ng/angular.json

@@ -165,9 +165,34 @@
                   "maximumWarning": "6kb"
                 }
               ]
+            },
+            "configuration_ide": {
+              "fileReplacements": [
+                {
+                  "replace": "src/environments/environment.ts",
+                  "with": "src/environments/environment.ide.ts"
+                }
+              ],
+              "optimization": false,
+              "outputHashing": "all",
+              "sourceMap": true,
+              "namedChunks": false,
+              "extractLicenses": true,
+              "vendorChunk": false,
+              "buildOptimizer": true,
+              "budgets": [
+                {
+                  "type": "initial",
+                  "maximumWarning": "2mb",
+                  "maximumError": "5mb"
+                },
+                {
+                  "type": "anyComponentStyle",
+                  "maximumWarning": "6kb"
+                }
+              ]
             }
-
-          },
+        },
           "defaultConfiguration": ""
         },
         "serve": {
@@ -190,6 +215,9 @@
             },
             "configuration_remote": {
               "buildTarget": "login-demo:build:configuration_remote"
+            },
+            "configuration_ide": {
+              "buildTarget": "login-demo:build:configuration_ide"
             }
           }
         },

webapp-ng/auth_config.json

@@ -1,9 +1,5 @@
 {
   "domain": "dev-dzhx7i2db3x3kkvq.us.auth0.com",
   "clientId": "vlqdkd4MYoJz8nmcJD37MMA7UTEtLeTc",
-  "authorizationParams": {
-    "audience": "https://vcellapi.cam.uchc.edu"
-  },
-  "apiUri": "https://vcell-stage.cam.uchc.edu",
   "errorPath": "/error"
 }

webapp-ng/package.json

@@ -10,6 +10,7 @@
     "build_stage": "ng build -c configuration_stage",
     "build_island": "ng build -c configuration_island",
     "build_remote": "ng build -c configuration_remote",
+    "start_ide": "ng serve -c configuration_ide",
     "test": "ng test",
     "test:ci": "ng test --no-watch --no-progress --browsers=ChromeHeadlessCI",
     "lint": "ng lint",