Merge pull request #19 from dciangot/main

edit refresh token for oidc
interTwin-eu · Jul 18, 2023 · 829c93c · 829c93c
2 parents 466e754 + 0243467
commit 829c93c
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 7 deletions.
diff --git a/kustomizations/deployment.yaml b/kustomizations/deployment.yaml
@@ -18,7 +18,7 @@ spec:
     spec:
       containers:
       - name: inttw-vk
-        image: ghcr.io/intertwin-eu/virtual-kubelet-inttw:0.0.1-pre9
+        image: ghcr.io/intertwin-eu/virtual-kubelet-inttw:0.0.1-pre11
         imagePullPolicy: Always
         args:
         - --nodename
@@ -64,7 +64,7 @@ spec:
             cpu: 2000m
             memory: 2Gi
       - name: refresh-token
-        image: ghcr.io/intertwin-eu/virtual-kubelet-inttw-refresh:0.0.1-pre9
+        image: ghcr.io/intertwin-eu/virtual-kubelet-inttw-refresh:0.0.1-pre11
         imagePullPolicy: Always
         env:
         - name: IAM_SERVER
@@ -74,6 +74,8 @@ spec:
           value: "DUMMY"
         - name: IAM_CLIENT_SECRET
           value: "DUMMY"
+        - name: IAM_REFRESH_TOKEN
+          value: "DUMMY"
         - name: IAM_VK_AUD
           value: intertw-vk
         - name: TOKEN_PATH

diff --git a/scripts/refresh.py b/scripts/refresh.py
@@ -18,6 +18,7 @@
             "IAM_SERVER", "https://cms-auth.web.cern.ch/")
         iam_client_id = os.environ.get("IAM_CLIENT_ID")
         iam_client_secret = os.environ.get("IAM_CLIENT_SECRET")
+        iam_refresh_token = os.environ.get("IAM_REFRESH_TOKEN")
         audience = os.environ.get("IAM_VK_AUD")
         output_file = os.environ.get("TOKEN_PATH", "/opt/interlink/token")
     except Exception as ex:
@@ -31,11 +32,11 @@
             request_data = {
                 "client_id": iam_client_id,
                 "client_secret": iam_client_secret,
-                "grant_type": "client_credentials",
-                "username": "not_needed",
-                "password": "not_needed",
-                "scope": "openid profile email iam groups groups:intw",
-                "aud": audience
+                "grant_type": "refresh_token",
+                "username": iam_client_id,
+                "password": iam_client_secret,
+                "refresh_token": iam_refresh_token,
+                "scope": "openid profile email address phone offline_access"
             }
             r = requests.post(iam_server+"token", data=request_data)
             response = json.loads(r.text)