Skip to content

Instantly share code, notes, and snippets.

@johnnychoque

johnnychoque/edc-oauth2.md Secret

Last active June 7, 2024 15:12
Show Gist options
  • Save johnnychoque/026ca3bfcf223da2f62929c063adf0d4 to your computer and use it in GitHub Desktop.
Save johnnychoque/026ca3bfcf223da2f62929c063adf0d4 to your computer and use it in GitHub Desktop.
Download ZIP
edc-oauth
Raw
edc-oauth2.md

EDC with Oauth2

IP address of the nodes

  • edc-provider: 10.10.40.101
  • edc-consumer: 10.10.40.102
  • keycloak-idm: 10.10.38.12

Configuration of Oauth2

1. Add oauth2 dependencies to build.gradle.kts

dependencies {
    . . .
    . . .
    implementation(libs.edc.oauth2.client)
    implementation(libs.edc.oauth2.core) 
}

2. Add oauth2 libraries to libs.versions.toml

[libraries]
. . .
. . .
edc-oauth2-client = { module = "org.eclipse.edc:oauth2-client", version.ref = "edc" }
edc-oauth2-core = { module = "org.eclipse.edc:oauth2-core", version.ref = "edc" }

Setting parameters in configuration.properties files

1. For provider connector

edc.participant.id=edc-provider

web.http.port=19191
web.http.path=/api
web.http.management.port=19193
web.http.management.path=/management
web.http.protocol.port=19194
web.http.protocol.path=/protocol
web.http.public.port=19291
web.http.public.path=/public
web.http.control.port=19192
web.http.control.path=/control
edc.dsp.callback.address=http://localhost:19194/protocol
edc.receiver.http.endpoint=http://localhost:4000/receiver/urn:connector:provider/callback

edc.dataplane.token.validation.endpoint=http://localhost:19192/control/token
edc.public.key.alias=public-key
edc.transfer.dataplane.token.signer.privatekey.alias=throttle
edc.transfer.proxy.token.signer.privatekey.alias=throttle
edc.transfer.proxy.token.verifier.publickey.alias=public-key

edc.oauth.token.url=http://10.10.38.12:8080/realms/edc-realm/protocol/openid-connect/token
edc.oauth.provider.jwks.url=http://10.10.38.12:8080/realms/edc-realm/protocol/openid-connect/certs
edc.oauth.client.id=edc-provider
edc.oauth.provider.audience=http://10.10.38.12:8080/realms/edc-realm
edc.oauth.endpoint.audience=http://10.10.38.12:8080/realms/edc-realm
edc.oauth.certificate.alias=throttle
edc.oauth.private.key.alias=throttle

2. For consumer connector

edc.participant.id=edc-consumer

web.http.port=29191
web.http.path=/api
web.http.management.port=29193
web.http.management.path=/management
web.http.protocol.port=29194
web.http.protocol.path=/protocol
web.http.public.port=29291
web.http.public.path=/public
web.http.control.port=29192
web.http.control.path=/control
edc.dsp.callback.address=http://10.10.40.102:29194/protocol
edc.receiver.http.endpoint=http://10.10.40.102:4000/receiver/urn:connector:provider/callback

edc.dataplane.token.validation.endpoint=http://10.10.40.102:29192/control/token

edc.public.key.alias=public-key
edc.transfer.dataplane.token.signer.privatekey.alias=throttle
edc.transfer.proxy.token.signer.privatekey.alias=throttle
edc.transfer.proxy.token.verifier.publickey.alias=public-key

edc.oauth.token.url=http://10.10.38.12:8080/realms/edc-realm/protocol/openid-connect/token
edc.oauth.provider.jwks.url=http://10.10.38.12:8080/realms/edc-realm/protocol/openid-connect/certs
edc.oauth.client.id=edc-consumer
edc.oauth.provider.audience=http://10.10.38.12:8080/realms/edc-realm
edc.oauth.endpoint.audience=http://10.10.38.12:8080/realms/edc-realm
edc.oauth.certificate.alias=throttle
edc.oauth.private.key.alias=throttle

Data plane for provider

1. dataplane-provider.json

{
  "@context": {
    "@vocab": "https://w3id.org/edc/v0.0.1/ns/"
  },
  "@id": "http-pull-provider-dataplane",
  "url": "http://10.10.40.101:19192/control/transfer",
  "allowedSourceTypes": [
    "HttpData"
  ],
  "allowedDestTypes": [
    "HttpProxy",
    "HttpData"
  ],
  "properties": {
    "https://w3id.org/edc/v0.0.1/ns/publicApiUrl": "http://10.10.40.101:19291/public/"
  }
}

2. Request

curl 'http://10.10.40.101:19193/management/v2/dataplanes' \
-H 'Content-Type: application/json' \
-d @dataplane-provider.json

3. Response

{
    "@type": "IdResponse",
    "@id": "http-pull-provider-dataplane",
    "createdAt": 1713887368419,
    "@context": {
        "@vocab": "https://w3id.org/edc/v0.0.1/ns/",
        "edc": "https://w3id.org/edc/v0.0.1/ns/",
        "odrl": "http://www.w3.org/ns/odrl/2/"
    }
}

Create asset on provider

1. create-asset.json

{
  "@context": {
    "@vocab": "https://w3id.org/edc/v0.0.1/ns/"
  },
  "@id": "assetId",
  "properties": {
    "name": "product description",
    "contenttype": "application/json"
  },
  "dataAddress": {
    "type": "HttpData",
    "name": "Test asset",
    "baseUrl": "https://jsonplaceholder.typicode.com/users",
    "proxyPath": "true"
  }
}

2. Request

curl 'http://10.10.40.101:19193/management/v3/assets' \
-H 'Content-Type: application/json' \
-d @create-asset.json

3. Response

{
    "@type": "IdResponse",
    "@id": "assetId",
    "createdAt": 1713887463806,
    "@context": {
        "@vocab": "https://w3id.org/edc/v0.0.1/ns/",
        "edc": "https://w3id.org/edc/v0.0.1/ns/",
        "odrl": "http://www.w3.org/ns/odrl/2/"
    }
}

Create policy on provider

1. create-policy.json

{
  "@context": {
    "@vocab": "https://w3id.org/edc/v0.0.1/ns/",
    "odrl": "http://www.w3.org/ns/odrl/2/"
  },
  "@id": "aPolicy",
  "policy": {
    "@context": "http://www.w3.org/ns/odrl.jsonld",
    "@type": "Set",
    "permission": [],
    "prohibition": [],
    "obligation": []
  }
}

2. Request

curl --location 'http://10.10.40.101:19193/management/v2/policydefinitions' \
-H 'Content-Type: application/json' \
-d @create-policy.json

3. Response

{
    "@type": "IdResponse",
    "@id": "aPolicy",
    "createdAt": 1713887509954,
    "@context": {
        "@vocab": "https://w3id.org/edc/v0.0.1/ns/",
        "edc": "https://w3id.org/edc/v0.0.1/ns/",
        "odrl": "http://www.w3.org/ns/odrl/2/"
    }
}

Create contract offer on provider

1. contract-offer.json

{
  "@context": {
    "@vocab": "https://w3id.org/edc/v0.0.1/ns/"
  },
  "@id": "1",
  "accessPolicyId": "aPolicy",
  "contractPolicyId": "aPolicy",
  "assetsSelector": []
}

2. Request

curl 'http://10.10.40.101:19193/management/v2/contractdefinitions' \
-H 'Content-Type: application/json' \
-d @contract-offer.json

3. Response

{
    "@type": "IdResponse",
    "@id": "1",
    "createdAt": 1713887564726,
    "@context": {
        "@vocab": "https://w3id.org/edc/v0.0.1/ns/",
        "edc": "https://w3id.org/edc/v0.0.1/ns/",
        "odrl": "http://www.w3.org/ns/odrl/2/"
    }
}

Fetch catalog on consumer

1. fetch-catalog.json

{
  "@context": {
    "@vocab": "https://w3id.org/edc/v0.0.1/ns/"
  },
  "counterPartyAddress": "http://10.10.40.101:19194/protocol",
  "protocol": "dataspace-protocol-http"
}

2. Request

curl 'http://10.10.40.102:29193/management/v2/catalog/request' \
-H 'Content-Type: application/json' \
-d @fetch-catalog.json

3. Response

{
    "@id": "c9dfe1fd-d516-41bc-a04c-a8a399646680",
    "@type": "dcat:Catalog",
    "dspace:participantId": "edc-provider",
    "dcat:dataset": {
        "@id": "assetId",
        "@type": "dcat:Dataset",
        "odrl:hasPolicy": {
            "@id": "MQ==:YXNzZXRJZA==:OGJiZTNmZWUtOTM3Yi00NGE0LTgwNTktYWI0OGMzYzI0ZWE2",
            "@type": "odrl:Offer",
            "odrl:permission": [],
            "odrl:prohibition": [],
            "odrl:obligation": []
        },
        "dcat:distribution": [
            {
                "@type": "dcat:Distribution",
                "dct:format": {
                    "@id": "HttpProxy-PUSH"
                },
                "dcat:accessService": "34b1c00e-1930-447a-9dd9-b704d76203c1"
            },
            {
                "@type": "dcat:Distribution",
                "dct:format": {
                    "@id": "HttpData-PULL"
                },
                "dcat:accessService": "34b1c00e-1930-447a-9dd9-b704d76203c1"
            },
            {
                "@type": "dcat:Distribution",
                "dct:format": {
                    "@id": "HttpData-PUSH"
                },
                "dcat:accessService": "34b1c00e-1930-447a-9dd9-b704d76203c1"
            }
        ],
        "name": "product description",
        "id": "assetId",
        "contenttype": "application/json"
    },
    "dcat:service": {
        "@id": "34b1c00e-1930-447a-9dd9-b704d76203c1",
        "@type": "dcat:DataService",
        "dct:terms": "connector",
        "dct:endpointUrl": "http://10.10.40.101:19194/protocol"
    },
    "participantId": "edc-provider",
    "@context": {
        "@vocab": "https://w3id.org/edc/v0.0.1/ns/",
        "edc": "https://w3id.org/edc/v0.0.1/ns/",
        "dcat": "http://www.w3.org/ns/dcat#",
        "dct": "http://purl.org/dc/terms/",
        "odrl": "http://www.w3.org/ns/odrl/2/",
        "dspace": "https://w3id.org/dspace/v0.8/"
    }
}

Negotiate a contract from consumer

1. negotiate-contract.json

{
  "@context": {
    "@vocab": "https://w3id.org/edc/v0.0.1/ns/"
  },
  "@type": "ContractRequest",
  "counterPartyAddress": "http://10.10.40.101:19194/protocol",
  "protocol": "dataspace-protocol-http",
  "policy": {
    "@context": "http://www.w3.org/ns/odrl.jsonld",
    "@id": "MQ==:YXNzZXRJZA==:OGJiZTNmZWUtOTM3Yi00NGE0LTgwNTktYWI0OGMzYzI0ZWE2",
    "@type": "Offer",
    "assigner": "provider",
    "target": "assetId"
  }
}

2. Request

curl 'http://10.10.40.102:29193/management/v2/contractnegotiations' \
-H 'Content-Type: application/json' \
-d @negotiate-contract.json

3. Response

{
    "@type": "IdResponse",
    "@id": "fa2e538b-b997-4e4d-b325-af17643d4243",
    "createdAt": 1713887763359,
    "@context": {
        "@vocab": "https://w3id.org/edc/v0.0.1/ns/",
        "edc": "https://w3id.org/edc/v0.0.1/ns/",
        "odrl": "http://www.w3.org/ns/odrl/2/"
    }
}

Error messages in provider connector

DSP: Incoming CatalogRequestMessage for class org.eclipse.edc.catalog.spi.Catalog process
DSP: Incoming ContractRequestMessage for class org.eclipse.edc.connector.contract.spi.types.negotiation.ContractNegotiation process
[PROVIDER] ContractNegotiation e3ec8dff-8418-4acf-a9a0-e000ea52a1ab is now in state REQUESTED.
[ProviderContractNegotiationManagerImpl] ContractNegotiation e3ec8dff-8418-4acf-a9a0-e000ea52a1ab is now in state AGREEING
ContractNegotiation: ID e3ec8dff-8418-4acf-a9a0-e000ea52a1ab. [Provider] send agreement
ContractNegotiation: ID e3ec8dff-8418-4acf-a9a0-e000ea52a1ab. [Provider] send agreement
SEVERE 2024-04-23T17:56:04.510789582 ContractNegotiation: ID e3ec8dff-8418-4acf-a9a0-e000ea52a1ab. Fatal error while [Provider] send agreement. Error details: {"@type":"dspace:ContractNegotiationError","dspace:code":"400","dspace:reason":"Contract agreement received. Validation failed: Policy in the contract agreement is not equal to the one in the contract offer","dspace:processId":"fa2e538b-b997-4e4d-b325-af17643d4243","@context":{"@vocab":"https://w3id.org/edc/v0.0.1/ns/","edc":"https://w3id.org/edc/v0.0.1/ns/","dcat":"http://www.w3.org/ns/dcat#","dct":"http://purl.org/dc/terms/","odrl":"http://www.w3.org/ns/odrl/2/","dspace":"https://w3id.org/dspace/v0.8/"}}
[ProviderContractNegotiationManagerImpl] ContractNegotiation e3ec8dff-8418-4acf-a9a0-e000ea52a1ab is now in state TERMINATED
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment