Run Auth Locally

BlueAPI can be secured using OIDC authenticaiton. For development it can be useful to run a containerised version of the OIDC stack, to serve a local instance of BlueAPI.

To run the stack:

1. In the root directory run git submodule update --init --recursive to initialise the example-services repo

2. Run docker compose -f tests/system_tests/compose.yaml up -d to launch an instance of NumTracker, RabbitMQ, Keycloak, Tiled, OPA and a number of IOCs, in detached mode

3. Run source tests/system_tests/.env which will set required EPICS environmental variables

4. Run blueapi -c tests/system_tests/config.yaml serve to launch BlueAPI configured to use the launched stack. This may take a while, as BlueAPI will attempt to connect to a number of devices via Channel Access

To log in through the BlueAPI CLI:

1. Run blueapi login (if you want to run a plan with stomp config, add the -c tests/system_tests/config.yaml parameter)

2. Follow the login prompted to Keycloak, then log in with the username admin and password admin

3. When prompted by Keycloak, grant BlueAPI access to the listed privileges

4. Run blueapi controller plans to check that the log in has succeeded

By default the BlueAPI instance will be available via the OAuth2 proxy at localhost:4180, and Tiled through its OAuth2 proxy at localhost:4181.