wiki-cafe/temporal
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add JWT-based authorization support for Temporal server with Keycloak integration

Browse Source 
- Create QUICK_REFERENCE.md for a concise guide on setting up temporal authorization.
- Add README_AUTHORIZATION.md detailing the implementation steps and common issues.
- Introduce REVERSE_PROXY_APPROACH.md as an alternative method for authorization using a reverse proxy.
- Implement Dockerfile for building a custom Temporal server with authorization features.
- Add main.go to initialize the custom Temporal server with JWT authorization.
- Create example-keycloak-mapper.json for mapping Keycloak groups to Temporal permissions.
- Add development.yaml for configuring the Temporal server with JWT settings.
- Implement test-authorization.sh script to verify JWT token claims and Temporal server access.
- Include go.mod for managing Go dependencies in the custom server.
- Document troubleshooting steps and customization options in README.md.
This commit is contained in:
Christian Galo
2025-10-24 02:10:54 +00:00
parent 2ac92ea493
commit 02b4ec9ee3
13 changed files with 2609 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
custom-server/main.go Normal file
View File

@ -0,0 +1,51 @@
// Custom Temporal Server with JWT Authorization
package main
import (
"log"
"go.temporal.io/server/common/authorization"
"go.temporal.io/server/common/config"
"go.temporal.io/server/temporal"
)
func main() {
// Load Temporal configuration
cfg, err := config.LoadConfig("development", "./config", "")
if err != nil {
log.Fatal("Failed to load config:", err)
}
// Create Temporal server with authorization
s, err := temporal.NewServer(
temporal.ForServices(temporal.DefaultServices),
temporal.WithConfig(cfg),
temporal.InterruptOn(temporal.InterruptCh()),
// Configure JWT ClaimMapper
temporal.WithClaimMapper(func(cfg *config.Config) authorization.ClaimMapper {
return authorization.NewDefaultJWTClaimMapper(
// Token key provider - fetches public keys from your OIDC provider
authorization.NewDefaultTokenKeyProvider(cfg, log.Default()),
cfg,
log.Default(),
)
}),
// Configure Authorizer
temporal.WithAuthorizer(authorization.NewDefaultAuthorizer()),
)
if err != nil {
log.Fatal("Failed to create server:", err)
}
// Start the server
log.Println("Starting Temporal Server with JWT Authorization...")
err = s.Start()
if err != nil {
log.Fatal("Server failed:", err)
}
log.Println("Server stopped.")
}