From b8bea715a2f451a904176ed2e402b97f169e5a4d Mon Sep 17 00:00:00 2001
From: tsodring <tsodring@gmail.com>
Date: Mon, 24 Jul 2023 15:15:57 +0200
Subject: [PATCH] Change endpoint key

From what I can see we have been using the wrong endpoint for logging in. We have been using hte authorization_endpoint, not the token_endpoint. This became clear when testing nikita with keycloak.
Digging a little more into the topic I found the following [description](https://www.ibm.com/docs/en/sva/9.0.5?topic=SSPREK_9.0.5/com.ibm.isam.doc/config/concept/OAuthEndpoints.htm). Here it states that:

_Authorization endpoint_: An authorization URL where the resource owner grants authorization to the OAuth client to access the protected resource. https://server.oauth.com/mga/sps/oauth/oauth20/authorize

_Token endpoint_: A token request URL where the OAuth client exchanges an authorization grant for an access token and an optional refresh token. https://server.oauth.com/mga/sps/oauth/oauth20/token

This commit fixes this, but also changes the way the URL is built for logging in. The old approach of building the URL is not working with keycloak. I believe that the parameters should be in the body. I can't find the description that requires this to be in the body rather than the as query parameters, but the [following](https://connect2id.com/products/server/docs/api/token) is an example that requires the values in the body of a request.
---
 lib/n5core/endpoint.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/n5core/endpoint.py b/lib/n5core/endpoint.py
index 356037f..d7c661d 100644
--- a/lib/n5core/endpoint.py
+++ b/lib/n5core/endpoint.py
@@ -86,7 +86,7 @@ def login(self, username = None, password = None):
         elif urloidc is not None:
             (content, res) = self.json_get(urloidc)
             j = json.loads(content)
-            url = j['authorization_endpoint']
+            url = j['token_endpoint']
             try:
                 if username is None:
                     username = 'admin@example.com'
@@ -105,8 +105,7 @@ def login(self, username = None, password = None):
                 key_str = key_bytes.decode('ascii')
                 self.token = 'Basic {}'.format(key_str)
                 # Manually encode query parameters in the URL:
-                updated_url = url + "?" + datastr
-                (c,r) = self.post(updated_url, None, 'application/x-www-form-urlencoded')
+                (c,r) = self.post(url, datastr.encode("utf-8"), 'application/x-www-form-urlencoded')
             except HTTPError as e:
                 raise LoginFailure("Posting to login relation %s failed: %s (%s)" % (url, str(e), e.read()))
             j = json.loads(c.decode('UTF-8'))