👽 Remove reliance on gemma-zds-client

src/nrc/api/admin.py

@@ -3,7 +3,8 @@
 from django.utils.translation import gettext_lazy as _
 
 from vng_api_common.models import JWTSecret
-from zds_client import ClientAuth
+
+from nrc.utils.auth import generate_jwt
 
 admin.site.unregister(JWTSecret)
 
@@ -18,8 +19,9 @@ class JWTSecretAdmin(admin.ModelAdmin):
     @admin.display(description="jwt")
     def get_jwt(self, obj):
         if obj.identifier and obj.secret:
-            auth = ClientAuth(obj.identifier, obj.secret)
-            jwt = auth.credentials()["Authorization"]
+            jwt = generate_jwt(
+                obj.identifier, obj.secret, obj.identifier, obj.identifier
+            )
             return format_html(
                 '<code class="jwt">{val}</code><p>{hint}</p>',
                 val=jwt,

src/nrc/config/authorization.py

@@ -10,11 +10,11 @@
 from notifications_api_common.models import NotificationsConfig
 from vng_api_common.authorizations.models import AuthorizationsConfig, ComponentTypes
 from vng_api_common.models import APICredential, JWTSecret
-from zds_client import ClientAuth
 from zgw_consumers.constants import APITypes, AuthTypes
 from zgw_consumers.models import Service
 
 from nrc.utils import build_absolute_url
+from nrc.utils.auth import generate_jwt
 
 
 class AuthorizationStep(BaseConfigurationStep):
@@ -151,14 +151,16 @@ def test_configuration(self):
         """
         endpoint = reverse("kanaal-list", kwargs={"version": "1"})
         full_url = build_absolute_url(endpoint, request=None)
-        auth = ClientAuth(
-            client_id=settings.OPENZAAK_NOTIF_CLIENT_ID,
-            secret=settings.OPENZAAK_NOTIF_SECRET,
+        token = generate_jwt(
+            settings.OPENZAAK_NOTIF_CLIENT_ID,
+            settings.OPENZAAK_NOTIF_SECRET,
+            settings.OPENZAAK_NOTIF_CLIENT_ID,
+            settings.OPENZAAK_NOTIF_CLIENT_ID,
         )
 
         try:
             response = requests.get(
-                full_url, headers={**auth.credentials(), "Accept": "application/json"}
+                full_url, headers={"Authorization": token, "Accept": "application/json"}
             )
             response.raise_for_status()
         except requests.RequestException as exc:

src/nrc/tests/commands/test_setup_configuration.py

@@ -12,14 +12,14 @@
 from notifications_api_common.models import NotificationsConfig
 from rest_framework import status
 from vng_api_common.authorizations.models import AuthorizationsConfig
-from zds_client.auth import ClientAuth
 from zgw_consumers.constants import APITypes, AuthTypes
 from zgw_consumers.models import Service
 from zgw_consumers.test import mock_service_oas_get
 
 from nrc.config.authorization import AuthorizationStep, OpenZaakAuthStep
 from nrc.config.notification_retry import NotificationRetryConfigurationStep
 from nrc.config.site import SiteConfigurationStep
+from nrc.utils.auth import generate_jwt
 
 
 @override_settings(
@@ -111,11 +111,13 @@ def test_setup_configuration(self, m):
             self.assertEqual(decoded_jwt["client_id"], "notif-client-id")
 
         with self.subTest("Open Zaak can query Notification API"):
-            auth = ClientAuth("oz-client-id", "oz-secret")
+            token = generate_jwt(
+                "oz-client-id", "oz-secret", "oz-client-id", "oz-client-id"
+            )
 
             response = self.client.get(
                 reverse("kanaal-list", kwargs={"version": 1}),
-                HTTP_AUTHORIZATION=auth.credentials()["Authorization"],
+                HTTP_AUTHORIZATION=token,
             )
 
             self.assertEqual(response.status_code, status.HTTP_200_OK)

src/nrc/utils/auth.py

@@ -0,0 +1,18 @@
+def generate_jwt(client_id, secret, user_id, user_representation):
+    # TODO fix this workaround
+    from zgw_consumers.client import ZGWAuth
+
+    class FakeService:
+        def __init__(self, **kwargs):
+            for key, value in kwargs.items():
+                setattr(self, key, value)
+
+    auth = ZGWAuth(
+        service=FakeService(  # type: ignore
+            client_id=client_id,
+            secret=secret,
+            user_id=user_id,
+            user_representation=user_representation,
+        )
+    )
+    return f"Bearer {auth._token}"