updated bb conf; login

bbconf/broker-config.toml

@@ -47,7 +47,7 @@ scope = "openid profile email"
 
 # Optional base URL for OAuth2 URLs, e.g. "https://domain.tld/auth"
 # If omitted, it will be derived from the fields in the [server] section.
-# base_url = "http://localhost:8080"
+# base_url = "http://127.0.0.1:8080"
 
 # Will be appended to `base_url` to form the OAuth2 callback URL
 redirect_path = "/oauth/callback"
@@ -59,7 +59,18 @@ user_info_additional_claims_required = true
 # be redirected to the application URL.
 # If this is unset, the browser gets an empty 200 response on successful
 # authorization code flow completion.
-client_app_url = "http://127.0.0.1:8080/_test/ping"
+client_app_url = "http://127.0.0.1:5173/"
+
+# Path to the browser login URL.
+# This path is where the basebox broker returns a 302 response that redirects the browser to
+# the IdP login page; the target URL will contain all query parms needed to initiate an
+# auth code flow login procedure, incl. CSRF protection tokens etc.
+login_path = "/oauth/login"
+
+# Logout path that allows explicit, immediate logouts.
+# Simply POST to this URL with the session cookie or bearer token.
+logout_path = "/oauth/logout"
+
 
 [business_logic_layer]
 business_logic_layer_enabled = false

bbconf/dbproxy-config.toml

@@ -1,6 +1,6 @@
 [generic]
 # log level; can be error, warn, info, debug, trace
-log_level = "debug"
+log_level = "trace"
 
 [idp_config]
 # URL of IdP's discovery endpoint. If not set, the URL is made up by appending
@@ -9,12 +9,14 @@ discovery_url = "https://kcdev.basebox.health:8443/realms/todo/.well-known/openi
 # URL of IdP's public keystore. If set, the discovery endpoint is not used at all.
 jwks_url = "https://kcdev.basebox.health:8443/realms/todo/protocol/openid-connect/certs"
 
-[id_token_validation]
+[openid_token_validation]
 # Incoming ID tokens are validated using, among other, the following fields.
 # Contents of 'iss' field, usually the URL of the authetnication realm
 iss = "https://kcdev.basebox.health:8443/realms/todo"
-# Contents of 'aud' field, aka the OpenID connect client ID
-aud = "todo-app"
+# ID token audience field, usually OpenID Connect client ID
+id_aud = "todo-app"
+# Access token audience field
+acc_aud = "account"
 
 [graphql]
 # path and file name to GraphQL schema file

src/store.js

@@ -12,9 +12,9 @@ export const store = reactive({
   /** true if a user is currently logged in */
   loggedIn: ref(false),
 
-  /** Username of the currently logged in user */
+  /** Username of the currently logged-in user */
   userName: ref("stranger"),
 
   /** The host that runs basebox and waits for GraphQL requests */
-  baseboxHost: "http://127.0.0.1:8000",
+  baseboxHost: "http://127.0.0.1:8080",
 })

src/views/HomeView.vue

@@ -1,11 +1,36 @@
 <script setup>
-import TheWelcome from '../components/TheAbout.vue'
 import { store } from "../store";
 
+
+/**
+ * Perform a login.
+ */
+function login() {
+  location.href = `${store.baseboxHost}/oauth/login`;
+}
+
 </script>
 
 <template>
   <main>
-
+    <!-- Force user to log in before he/she can see tasks. -->
+    <div v-if="!store.loggedIn" id="login-prompt">
+      <p>Your are currently not logged in.</p>
+      <button class="btn btn-primary" @click="login" type="button">Login</button>
+    </div>
   </main>
 </template>
+
+<style lang="scss" scoped>
+  #login-prompt {
+    margin: 5rem 0;
+    border: 1px solid var(--color-border);
+    border-radius: .5rem;
+    padding: 2rem;
+    text-align: center;
+    .btn {
+      margin: 3rem 0 0 0;
+    }
+  }
+
+</style>