Setup a Test Environment

1. Register an account and download from Red Hat OpenShift Portal

2. As on 13-November-2023 you can also use the developer sandbox, since all components are not directly needed to run (example: Kafka / AMQ operator is not available on Sandbox)

3. Download latest container releases at:

   1. https://hub.docker.com/repositories/godwinpinto

   2. https://quay.io/coauth

4. Please follow below steps in order

Login to your cluster

oc login -u <USERNAME> <URL> 

If running on your local machine then you can also (Setup a new project dedicated for Co-Auth) below

oc new-project coauth
oc project coauth

Postgres Setup

This is where your persistent data resides

1. Login to OpenShift console and navigate to developer -> +Add->Database->postgres (persistent)

Configure as below

Configurations: 
Service name: postgresql
POSTGRESQL_USER: postgres
POSTGRESQL_PASSWORD: postgres
POSTGRESQL_DATABASE: coauth

Creating the database

1. Once started head over to terminal in the pod and execute the following

oc get pods
oc rsh <POD_NAME_OF_POSTGRES>
psql
\list
CREATE DATABASE coauth;
\c coauth 

Copy the script from https://github.com/coauth/coauth-core/blob/main/scripts/init.sql and paste to execute in this terminal

#Verify if the script was successful
\dt
#this is display 7 rows
select * from core_app_auth_mstr;
#This will display 1 row
#Now Quit psql
\quit
#Now exit terminal of pod
exit

Your database is now setup

Data-Grid / Infinispan Setup

This component is used to reduce load on the database calls. With Infinispan you have in-memory data across your pods as they scale up and down with request traffic.

For manual setup from web console follow below steps

1. Login to OpenShift web console

2. Go to developer -> +Add -> Container Images

Container image: quay.io/infinispan/server:14.0
Application name: infinispan-db
Name: infinispan-db
Port: 1122
Environment variable: USER: admin
Environment variable: PASS: password

OR for running using OC CLI

oc new-app --image=quay.io/infinispan/server:14.0 \
--name=infinispan-db \
--env=USER=admin \
--env=PASS=password

Your Infinispan Setup is now complete

Kafka / OpenShift AMQ

Mock Co-Auth Management UI

This microservice demonstrates an example features and configuration that would be available Co-Auth ecosystem.

oc new-app --image=godwinpinto/coauth-management-ui:1.0.0-SNAPSHOT \
--name=coauth-management-ui

oc expose service/coauth-management-ui

API Gateway

Responsible for routing of all requests. Injecting App details into request body retrieved from the auth guard microservice

oc new-app --image=docker.io/godwinpinto/coauth-core-api-gateway:0.0.1-SNAPSHOT \
--name=coauth-core-api-gateway \
--env=MODULE_REGISTRY_SERVICE=http://coauth-core-module-registry:8080 \
--env=AUTH_GUARD_SERVICE=http://coauth-core-auth-guard:8080/core/auth-guard  \
--env=MODULE_TOTP_SERVICE=http://coauth-module-totp:8080 \
--env=MODULE_RECONFIRM_SERVICE=http://coauth-module-reconfirm:8080 \
--env=UI_PLUGIN_SERVICE=http://coauth-plugin-web:8080 \
--env=EXAMPLE_APP_SERVICE=http://coauth-example-quarkus-vue:8080

Now expose your API gateway, so that you have a URL to access

oc expose service/coauth-core-api-gateway

Auth Guard

Responsible for validating the register and verify endpoints with API-KEY for requests that include generate and status

oc new-app --name=coauth-core-auth-guard \
--image=godwinpinto/coauth-core-auth-guard:1.0.0-SNAPSHOT \
--env=POSTGRESQL_USER=postgres \
--env=POSTGRESQL_PASSWORD=postgres

Module Registry

This microservice hold the meta data if the user is registered for a module against a registered application

oc new-app --image=docker.io/godwinpinto/coauth-core-module-registry:1.0.0-SNAPSHOT \
--name=coauth-core-module-registry \
--env=POSTGRESQL_USER=postgres \
--env=POSTGRESQL_PASSWORD=postgres \
--env=INFINISPAN_USER=admin \
--env=INFINISPAN_PASSWORD=password \
--env=COAUTH_MODULE_TOTP=http://coauth-module-totp:8080 \
--env=COAUTH_MODULE_RECONFIRM=http://coauth-module-reconfirm:8080

Module TOTP

Microservice responsible to store, verify secrets related to TOTP

oc new-app --image=docker.io/godwinpinto/coauth-module-totp:1.0.0-SNAPSHOT \
--name=coauth-module-totp \
--env=POSTGRESQL_USER=postgres \
--env=POSTGRESQL_PASSWORD=postgres \
--env=INFINISPAN_USER=admin \
--env=INFINISPAN_PASSWORD=password \
--env=COAUTH_MODULE_REGISTRY=http://coauth-core-module-registry:8080

Module Reconfirm

Microservice to verify the text re-entered by user

oc new-app --image=docker.io/godwinpinto/coauth-module-reconfirm:1.0.0-SNAPSHOT \
--name=coauth-module-reconfirm \
--env=POSTGRESQL_USER=postgres \
--env=POSTGRESQL_PASSWORD=postgres \
--env=INFINISPAN_USER=admin \
--env=INFINISPAN_PASSWORD=password \
--env=COAUTH_MODULE_REGISTRY=http://coauth-core-module-registry:8080

Web Plugin

Responsible for UI of the embeded IFrame which example app will call

oc new-app --image=docker.io/godwinpinto/coauth-plugin-web:1.0.0-SNAPSHOT \
--name=coauth-plugin-web

Example App

A sample application developed in Quarkus and Vuejs to demonstrate how to integrate Co-Auth with third party applications

Installation

oc new-app \
--image=docker.io/godwinpinto/coauth-example-quarkus-vue:1.0.0-SNAPSHOT \
--name=coauth-example-quarkus-vue \
--env=COAUTH_GATEWAY_URL=http://coauth-core-api-gateway:8080

Demo

Now from web console, navigate to the route URL provided at API gateway

Example application

https://coauth-core-api-gateway-XXXXXXX-dev.apps.sandbox-XXXXX.XXXXX.openshiftapps.com/example/

Example Mock Administration UI

You can access the mock UI of how one can expect the administration panel will be available at

https://coauth-management-ui-XXXXXXX-dev.apps.sandbox-XXXXX.XXXXX.openshiftapps.com/