1

我无法在现有文档中找到此信息- 永久或非永久令牌。

使用 Keyrock 7.8、Ultralight 1.11.0(尽管任何当前代理都可以)

设置以下 Docker 参数:

      - IOTA_AUTH_ENABLED=true
      - IOTA_AUTH_TYPE=oauth2
      - IOTA_AUTH_HEADER=Authorization
      - IOTA_AUTH_HOST=keyrock
      - IOTA_AUTH_PORT=3000
      - IOTA_AUTH_URL=http://keyrock:3000
      - IOTA_AUTH_CLIENT_ID=tutorial-dckr-site-0000-xpresswebapp
   #  - IOTA_AUTH_PERMANENT_TOKEN=true

镜像中使用了默认的 Docker 配置,因此不会创建配置组类型。

我能够提供一个受信任的组,如下所示:

curl -X POST \
  http://iot-agent:4041/iot/services \
  -H 'fiware-service: openiot' \
  -H 'fiware-servicepath: /' \
  -d '{
 "services": [
   {
     "apikey":      "4jggokgpepnvsb2uv4s40d59ov",
     "cbroker":     "http://orion:1026",
     "entity_type": "Motion",
     "resource":    "/iot/d",
     "trust": "<motn-auth-token>"
   }
 ]
}'

问题 1 - 如何在 Keyrock 中生成信任令牌。

当我配置设备时

curl -X POST \
  http://iot-agent:4041/iot/devices \
  -H 'Content-Type: application/json' \
  -H 'fiware-service: openiot' \
  -H 'fiware-servicepath: /' \
  -d '{
 "devices": [
   {
     "device_id":   "motion001",
     "entity_name": "urn:ngsi-ld:Motion:001",
     "entity_type": "Motion",
     "timezone":    "Europe/Berlin",
     "attributes": [
       { "object_id": "c", "name":"count", "type":"Integer"}
      ],
      "static_attributes": [
         {"name":"refStore", "type": "Relationship","value": "urn:ngsi-ld:Store:001"}
      ]
   }
 ]
}
'

我在 IoT 代理中收到以下错误:

{
    "name": "SECURITY_INFORMATION_MISSING",
    "message": "Some security information was missing for device type:Motion"
}

Keyrock 日志中的以下内容:

Fri, 06 Dec 2019 14:13:52 GMT idm:oauth2-model_oauth_server -------getClient-------
Executing (default): SELECT `id`, `redirect_uri`, `token_types`, `jwt_secret`, `scope`, `grant_type` FROM `oauth_client` AS `OauthClient` WHERE `OauthClient`.`id` = 'tutorial-dckr-site-0000-xpresswebapp' AND `OauthClient`.`secret` = 'tutorial-lcal-host-0000-clientsecret';
Fri, 06 Dec 2019 14:13:52 GMT idm:oauth_controller Error  { invalid_client: Invalid client: client is invalid

问题2:需要提供哪些额外信息?

4

1 回答 1

1

如何在 Keyrock 中生成信任令牌。

信任令牌在 Keyrock 文档中被描述为访问令牌,首先设置客户端应用程序以生成永久令牌:

在此处输入图像描述

这也可以通过使用/v1/applications端点以编程方式完成。

要求

curl -iX POST \
  'http://keyrock:3005/v1/applications' \
  -H 'Content-Type: application/json' \
  -H 'X-Auth-token: aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa' \
  -d '{
  "application": {
    "name": "Tutorial Application",
    "description": "FIWARE Application protected by OAuth2 and Keyrock",
    "redirect_uri": "http://tutorial/login",
    "url": "http://tutorial",
    "grant_type": [
      "authorization_code",
      "implicit",
      "password"
    ],
    "token_types": ["permanent"]
  }
}'

要生成永久信任令牌,请确保 Keyrock 应用程序已配置为提供永久令牌,并使用标准Authorization: Basic标头以授权用户身份登录,该标头包含客户端 ID 和机密的 base 64 连接。添加该参数 scope=permanent以在可用时检索永久令牌。响应包含access_token可用于设备配置的(又名信任令牌)。

要求

curl -X POST \
  http://keyrock:3005/oauth2/token \
  -H 'Accept: application/json' \
  -H 'Authorization: Basic dHV0b3JpYWwtZGNrci1zaXRlLTAwMDAteHByZXNzd2ViYXBwOnR1dG9yaWFsLWRja3Itc2l0ZS0wMDAwLWNsaWVudHNlY3JldA==' \
  -d 'username=alice-the-admin@test.com&password=test&grant_type=password&scope=permanent'

回复

{
    "access_token": "e37aeef5d48c9c1a3d4adf72626a8745918d4355",
    "token_type": "Bearer",
    "scope": ["permanent"]
}

设置 IoT 代理以使用 Keyrock 和 PEP 代理

以下额外的Docker 参数是必需的

      - IOTA_CB_HOST=orion-proxy
      - IOTA_CB_PORT=${ORION_PROXY_PORT}

      - IOTA_AUTH_ENABLED=true
      - IOTA_AUTH_TYPE=oauth2
      - IOTA_AUTH_HEADER=Authorization
      - IOTA_AUTH_HOST=keyrock
      - IOTA_AUTH_PORT=${KEYROCK_PORT}
      - IOTA_AUTH_URL=http://keyrock:${KEYROCK_PORT}
      - IOTA_AUTH_CLIENT_ID=tutorial-dckr-site-0000-xpresswebapp
      - IOTA_AUTH_CLIENT_SECRET=tutorial-dckr-host-0000-clientsecret
      - IOTA_AUTH_PERMANENT_TOKEN=true
      - IOTA_AUTH_TOKEN_PATH=/oauth2/token

IoT 代理 - 配置受信任的服务组

必须将访问令牌(也称为信任令牌)添加到服务组。这保存在trust属性中,并重复在上述步骤中检索到的令牌

要求

curl -iX POST \
  'http://iot-agent:4041/iot/services' \
  -H 'Content-Type: application/json' \
  -H 'fiware-service: openiot' \
  -H 'fiware-servicepath: /' \
  -d '{
 "services": [
   {
     "apikey":      "4jggokgpepnvsb2uv4s40d59ov",
     "cbroker":     "http://orion:1026",
     "entity_type": "Motion",
     "resource":    "/iot/d",
     "trust": "e37aeef5d48c9c1a3d4adf72626a8745918d4355"
   }
 ]
}'

一旦创建了受信任的服务组,就可以以通常的方式配置设备

要求

curl -iX POST \
  'http://iot-agent:4041/iot/devices' \
  -H 'Content-Type: application/json' \
  -H 'fiware-service: openiot' \
  -H 'fiware-servicepath: /' \
  -d '{
 "devices": [
   {
     "device_id":   "motion001",
     "entity_name": "urn:ngsi-ld:Motion:001",
     "entity_type": "Motion",
     "timezone":    "Europe/Berlin",
   }
 ]
}
'
于 2019-12-13T16:48:26.863 回答