RADAR-base · nivemaham · Jun 3, 2020
diff --git a/dcompose-stack/radar-cp-hadoop-stack/etc/env.template b/dcompose-stack/radar-cp-hadoop-stack/etc/env.template
@@ -37,4 +37,5 @@ ENABLE_OPTIONAL_SERVICES=false
 FITBIT_API_CLIENT_ID=fitbit-client
 FITBIT_API_CLIENT_SECRET=fitbit-secret
 NGINX_PROXIES=
-RADAR_SCHEMAS_VERSION=0.5.1
+RADAR_SCHEMAS_VERSION=0.5.8
+REST_AUTHORIZER_BACKEND_SECRET=secret
diff --git a/...stack/radar-cp-hadoop-stack/etc/managementportal/config/oauth_client_details.csv.template b/...stack/radar-cp-hadoop-stack/etc/managementportal/config/oauth_client_details.csv.template
@@ -5,3 +5,5 @@ THINC-IT;res_ManagementPortal,res_gateway;;MEASUREMENT.CREATE,SUBJECT.UPDATE,SUB
 radar_restapi;res_ManagementPortal;secret;SUBJECT.READ,PROJECT.READ,SOURCE.READ,SOURCETYPE.READ,SOURCEDATA.READ;client_credentials;;;43200;259200;{};
 radar_redcap_integrator;res_ManagementPortal;secret;PROJECT.READ,SUBJECT.CREATE,SUBJECT.READ,SUBJECT.UPDATE;client_credentials;;;43200;259200;{};
 radar_dashboard;res_ManagementPortal,res_RestApi;;SUBJECT.READ,PROJECT.READ,SOURCE.READ,SOURCETYPE.READ,MEASUREMENT.READ;refresh_token,authorization_code;;;43200;259200;{};
+radar_rest_sources_auth_backend;res_ManagementPortal;REST_AUTHORIZER_BACKEND_SECRET;SUBJECT.READ,PROJECT.READ;client_credentials;;;43200;259200;{};
+radar_rest_sources_authorizer;res_ManagementPortal;;SOURCE.READ,SOURCE.UPDATE,SUBJECT.UPDATE,PROJECT.READ,SUBJECT.READ;authorization_code;https://server-url/rest-sources/authorizer/login;3600;78000;;
diff --git a/dcompose-stack/radar-cp-hadoop-stack/optional-services.yml b/dcompose-stack/radar-cp-hadoop-stack/optional-services.yml
@@ -74,7 +74,7 @@ services:
       retries: 3
 
   radar-rest-sources-backend:
-    image: radarbase/radar-rest-source-auth-backend:1.0.0
+    image: radarbase/radar-rest-source-auth-backend:1.3.0
     depends_on:
       - radarbase-postgresql
     networks:
@@ -86,6 +86,10 @@ services:
       - SPRING_DATASOURCE_USERNAME=${POSTGRES_USER}
       - SPRING_DATASOURCE_PASSWORD=${POSTGRES_PASSWORD}
       - REST_SOURCE_AUTHORIZER_SOURCE_CLIENTS_FILE_PATH=app-includes/rest_source_clients_configs.yml
+      - REST_SOURCE_AUTHORIZER_VALIDATOR=managementportal
+      - REST_SOURCE_AUTHORIZER_MANAGEMENT_PORTAL_BASE_URL=http://managementportal-app:8080/managementportal/
+      - REST_SOURCE_AUTHORIZER_MANAGEMENT_PORTAL_OAUTH_CLIENT_ID=radar_rest_sources_auth_backend
+      - REST_SOURCE_AUTHORIZER_MANAGEMENT_PORTAL_OAUTH_CLIENT_SECRET=${REST_AUTHORIZER_BACKEND_SECRET}
       - APP_SLEEP=10 # gives time for the database to boot before the application
     volumes:
       - ./etc/rest-source-authorizer/:/app-includes/
@@ -96,12 +100,21 @@ services:
       retries: 3
 
   radar-rest-sources-authorizer:
-      image: radarbase/radar-rest-source-authorizer:1.0.0
+      image: radarbase/radar-rest-source-authorizer:1.3.0
       networks:
         - api
       depends_on:
         - radar-rest-sources-backend
         - radarbase-postgresql
+      environment:
+        BASE_HREF: "/rest-sources/authorizer/"
+        BACKEND_BASE_URL: https://${SERVER_NAME}/rest-sources/backend
+        VALIDATE: "true"
+        AUTH_GRANT_TYPE: "authorization_code"
+        AUTH_CLIENT_ID: "radar_rest_sources_authorizer"
+        AUTH_CLIENT_SECRET: ""
+        AUTH_CALLBACK_URL: https://${SERVER_NAME}/rest-sources/authorizer/login
+        AUTH_URI: https://${SERVER_NAME}/managementportal/oauth
       healthcheck:
         test: ["CMD", "wget", "--spider", "http://localhost:80"]
         interval: 1m30s