This article describes a workflow that you can follow to use the Collaboratory.drive as a backend for your service to be able to store and read data inside a privatre user space.
Solution description
Your Keycloak client can be setup to have a service account linked to it. This service account being seen as a user by Keycloak, it can log in the Collaboratory.drive to have its user account synchronised there.
From this point, everything is set up to let your service account create and share files and folders to existing users. This can be achieved by using the existing Seafile API (the tool behind the Collaboratory.drive).
Creating a service account
If needed, follow the guide to create an OpenID Connect client.
You will need to modify your client to allow service accounts:
clb_reg_token=...
# Update the client
curl -X PUT https://iam.humanbrainproject.eu/auth/realms/hbp/clients-registrations/default/my-awesome-client \
-H "Authorization: Bearer ${clb_reg_token}" \
-H 'Content-Type: application/json' \
-d '{
"clientId": "my-awesome-client",
"serviceAccountsEnabled": true
}' |
# Prettify the JSON response
json_pp;
Creating a user account for the service account in the Collaboratory.drive
This step requires admin privileges. Please send a request to support@humanbrainproject.eu in order to get help.
The steps for the admins are described are the following:
- get the service account sub
- enable the service account user
- impersonate the service account
- log in Collaboratory.drive
Getting the service account sub
One way to get the service account is to request a token with its credentials.