From ec8170b14b7bebfe7be92d2a1316b66f2f5e0bdd Mon Sep 17 00:00:00 2001 From: inimaz <93inigo93@gmail.com> Date: Mon, 16 Feb 2026 18:33:43 +0100 Subject: [PATCH 1/2] tmp --- .../auth_providers/oidc_auth_provider.py | 10 ++++++- .../carbonserver/api/services/auth_service.py | 1 + carbonserver/carbonserver/config.py | 28 ++++++++----------- 3 files changed, 21 insertions(+), 18 deletions(-) diff --git a/carbonserver/carbonserver/api/services/auth_providers/oidc_auth_provider.py b/carbonserver/carbonserver/api/services/auth_providers/oidc_auth_provider.py index 923513d16..ac9eb6b4a 100644 --- a/carbonserver/carbonserver/api/services/auth_providers/oidc_auth_provider.py +++ b/carbonserver/carbonserver/api/services/auth_providers/oidc_auth_provider.py @@ -53,15 +53,23 @@ def get_client_credentials(self) -> Tuple[str, str]: async def _decode_token(self, token: str) -> Dict[str, Any]: try: + print(f"Jwks_data: {token}") + print(f"Base url: {fief.base_url}") + print(f"Client id: {fief.client_id}") + print(f"User info: {await fief.userinfo(token)}") access_token_info = await fief.validate_access_token(token) return access_token_info - except Exception: + except Exception as e: + print(f"Error validating access token: {e}") ... jwks_data = await self.client.fetch_jwk_set() + print(f"Jwks_data: {jwks_data}") keyset = JsonWebKey.import_key_set(jwks_data) claims = jose_jwt.decode(token, keyset) claims.validate() + print(f"Decoded claims: {claims}") + print(f"Claims validate: {claims.validate()}") return dict(claims) async def validate_access_token(self, token: str) -> bool: diff --git a/carbonserver/carbonserver/api/services/auth_service.py b/carbonserver/carbonserver/api/services/auth_service.py index adeaec0e8..948b3fcbd 100644 --- a/carbonserver/carbonserver/api/services/auth_service.py +++ b/carbonserver/carbonserver/api/services/auth_service.py @@ -60,6 +60,7 @@ async def __call__( ) elif bearer_token is not None: if settings.environment != "develop" and auth_provider is not None: + print(f"Validating token with auth provider. Token: {bearer_token}") try: await auth_provider.validate_access_token(bearer_token.credentials) except Exception: diff --git a/carbonserver/carbonserver/config.py b/carbonserver/carbonserver/config.py index aadbf27da..1389e9692 100644 --- a/carbonserver/carbonserver/config.py +++ b/carbonserver/carbonserver/config.py @@ -16,32 +16,26 @@ class Settings(BaseSettings): oidc_client_secret: str = "" oidc_issuer_url: str = "https://auth.codecarbon.io/codecarbon-dev" oidc_well_known_url: str = "" - - # Deprecated: Old Fief-specific settings (use OIDC settings instead) - @property - def fief_client_id(self) -> str: - return self.oidc_client_id - - @property - def fief_client_secret(self) -> str: - return self.oidc_client_secret - - @property - def fief_url(self) -> str: - return self.oidc_issuer_url - frontend_url: str = Field("", env="FRONTEND_URL") environment: str = Field("production") jwt_key: str = Field("", env="JWT_KEY") api_port: int = Field(8080, env="API_PORT") server_host: str = Field("0.0.0.0", env="SERVER_HOST") + # Fief settings (deprecated) + fief_client_id: str = "" + fief_client_secret: str = "" + fief_url: str = "" + class Config: # Define alternative environment variable names for backward compatibility fields = { - "oidc_client_id": {"env": ["OIDC_CLIENT_ID", "FIEF_CLIENT_ID"]}, - "oidc_client_secret": {"env": ["OIDC_CLIENT_SECRET", "FIEF_CLIENT_SECRET"]}, - "oidc_issuer_url": {"env": ["OIDC_ISSUER_URL", "FIEF_URL"]}, + "oidc_client_id": {"env": ["OIDC_CLIENT_ID"]}, + "oidc_client_secret": {"env": ["OIDC_CLIENT_SECRET"]}, + "oidc_issuer_url": {"env": ["OIDC_ISSUER_URL"]}, + "fief_client_id": {"env": ["FIEF_CLIENT_ID"]}, + "fief_client_secret": {"env": ["FIEF_CLIENT_SECRET"]}, + "fief_url": {"env": ["FIEF_URL"]}, "oidc_well_known_url": { "env": [ "OIDC_WELL_KNOWN_URL", From dc087717c5b8045328a2b04bc72b2fb153a7108b Mon Sep 17 00:00:00 2001 From: inimaz <93inigo93@gmail.com> Date: Mon, 16 Feb 2026 19:53:45 +0100 Subject: [PATCH 2/2] fix: get fief config from env var --- .../auth_providers/oidc_auth_provider.py | 18 ++++++++++-------- .../carbonserver/api/services/auth_service.py | 6 +++++- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/carbonserver/carbonserver/api/services/auth_providers/oidc_auth_provider.py b/carbonserver/carbonserver/api/services/auth_providers/oidc_auth_provider.py index ac9eb6b4a..0df95f99d 100644 --- a/carbonserver/carbonserver/api/services/auth_providers/oidc_auth_provider.py +++ b/carbonserver/carbonserver/api/services/auth_providers/oidc_auth_provider.py @@ -5,6 +5,7 @@ It can work with any OIDC-compliant provider (Fief, Keycloak, Auth0, etc.). """ +import logging from typing import Any, Dict, Optional, Tuple from authlib.integrations.starlette_client import OAuth @@ -16,6 +17,7 @@ DEFAULT_SIGNATURE_CACHE_TTL = 3600 # seconds OAUTH_SCOPES = ["openid", "email", "profile"] +LOGGER = logging.getLogger(__name__) fief = FiefAsync( settings.fief_url, settings.fief_client_id, settings.fief_client_secret @@ -53,23 +55,23 @@ def get_client_credentials(self) -> Tuple[str, str]: async def _decode_token(self, token: str) -> Dict[str, Any]: try: - print(f"Jwks_data: {token}") - print(f"Base url: {fief.base_url}") - print(f"Client id: {fief.client_id}") - print(f"User info: {await fief.userinfo(token)}") + LOGGER.debug(f"Jwks_data: {token}") + LOGGER.debug(f"Base url: {fief.base_url}") + LOGGER.debug(f"Client id: {fief.client_id}") + LOGGER.debug(f"User info: {await fief.userinfo(token)}") access_token_info = await fief.validate_access_token(token) return access_token_info except Exception as e: - print(f"Error validating access token: {e}") + LOGGER.error(f"Error validating access token: {e}") ... jwks_data = await self.client.fetch_jwk_set() - print(f"Jwks_data: {jwks_data}") + LOGGER.debug(f"Jwks_data: {jwks_data}") keyset = JsonWebKey.import_key_set(jwks_data) claims = jose_jwt.decode(token, keyset) claims.validate() - print(f"Decoded claims: {claims}") - print(f"Claims validate: {claims.validate()}") + LOGGER.debug(f"Decoded claims: {claims}") + LOGGER.debug(f"Claims validate: {claims.validate()}") return dict(claims) async def validate_access_token(self, token: str) -> bool: diff --git a/carbonserver/carbonserver/api/services/auth_service.py b/carbonserver/carbonserver/api/services/auth_service.py index 948b3fcbd..163d3cdfd 100644 --- a/carbonserver/carbonserver/api/services/auth_service.py +++ b/carbonserver/carbonserver/api/services/auth_service.py @@ -1,3 +1,4 @@ +import logging from dataclasses import dataclass from typing import Optional @@ -14,6 +15,7 @@ from carbonserver.container import ServerContainer OAUTH_SCOPES = ["openid", "email", "profile"] +LOGGER = logging.getLogger(__name__) @dataclass @@ -60,7 +62,9 @@ async def __call__( ) elif bearer_token is not None: if settings.environment != "develop" and auth_provider is not None: - print(f"Validating token with auth provider. Token: {bearer_token}") + LOGGER.debug( + f"Validating token with auth provider. Token: {bearer_token}" + ) try: await auth_provider.validate_access_token(bearer_token.credentials) except Exception: