Skip to content

feat(webui-dashboard): show DLS Keycloak and auth trust edges#207

Merged
vredchenko merged 5 commits into
mainfrom
feat/dashboard-keycloak-auth
May 22, 2026
Merged

feat(webui-dashboard): show DLS Keycloak and auth trust edges#207
vredchenko merged 5 commits into
mainfrom
feat/dashboard-keycloak-auth

Conversation

@vredchenko
Copy link
Copy Markdown
Collaborator

@vredchenko vredchenko commented May 22, 2026

Summary

The webui architecture dashboard didn't reflect the Keycloak auth component that's now in production across the SmartEM system. This adds it.

  • New `DLS Keycloak` box in the External Systems column (peer of ARIA Depositions Backend), labelled with realm + both client IDs.
  • Three new connections from the SmartEM components to Keycloak:
    • Web UI -> Keycloak — OIDC authorization code flow with PKCE (`SmartEM_User` client)
    • Agent -> Keycloak — OAuth 2.0 client_credentials grant (`SmartEM_Agent` client, per ADR 0018)
    • Backend API -> Keycloak — Bearer-token JWKS validation
  • Trust/identity edges are styled differently from data/RPC edges: new `gold` colour + dashed stroke. The `Connection` type gets an optional `strokeDasharray` so the convention is reusable (ARIA OAuth, currently text-only, is a future candidate).

Test plan

  • `npm run typecheck` clean
  • `npm run check` produces only the pre-existing app.css parse + routeTree.gen.ts organizeImports findings (unchanged from main)
  • Dev server renders the dashboard with the Keycloak box and three dashed gold lines anchored to the correct components
  • No console errors
  • Tooltips on the new connections describe the auth grant in plain English

Screenshot

Manual visual verification done locally; the three gold dashed lines route from Web UI / Backend API / Agent to the new DLS Keycloak box. Happy to attach a screenshot to the PR if useful (the rendered diagram is too wide to inline cleanly here).

Out of scope

  • ARIA OAuth shown as text under the existing ARIA box — left untouched for this PR. Worth a follow-up to render ARIA's auth as a trust edge too, now that the convention exists.
  • The existing `app.css:4` parse warning and `routeTree.gen.ts` organizeImports finding — both pre-existing on main.

@vredchenko
feat(webui-dashboard): add DLS Keycloak component and auth trust edges
b0c4658 
The architecture dashboard didn't reflect the Keycloak auth component
that is now in production across the SmartEM system. Add a DLS Keycloak
box under External Systems and draw the three auth trust edges:

- Web UI -> Keycloak (OIDC authorization code + PKCE, SmartEM_User client)
- Agent -> Keycloak (OAuth 2.0 client_credentials, SmartEM_Agent client)
- Backend API -> Keycloak (Bearer-token JWKS validation)

Trust/identity edges are visually distinct from data/RPC edges: they
use a new gold colour and a dashed stroke. Extend the Connection type
with an optional strokeDasharray so the convention is reusable for
future trust edges (e.g. ARIA OAuth, which is currently text-only).

Verified by running the dev server and screenshotting the dashboard.
@github-actions github-actions Bot added the smartem-devtools:webui Developer dashboard web interface label May 22, 2026
vredchenko added 4 commits May 22, 2026 16:10
@vredchenko
fixup: move DLS Keycloak to CryoEM Facilities column
b2e3333 
Keycloak is DLS-facility infrastructure that SmartEM consumes, not a
SmartEM-external system in the same way ARIA is. Sitting it under the
microscope grid reflects the conceptual tier and shortens the
agent-to-keycloak edge to a clean vertical line.

- Move the DLS Keycloak box from External Systems column to the bottom
  of the CryoEM Facilities column (sibling of MicroscopeGrid).
- Re-anchor the three trust edges:
  - Web UI / Backend API -> Keycloak: source left, target right
    (reach leftward across columns).
  - Agent -> Keycloak: source bottom, target top (short vertical edge
    within the same column).
@vredchenko
fix(webui-dashboard): drop flex:1 from MicroscopeGrid
4f3a55b 
With Keycloak now under the grid in the same column, the grid's flex:1
was expanding the grid to fill the column and leaving whitespace
between its last child and the Keycloak box. The grid only ever had
flex:1 because it used to be the sole child of the column; now that
it has a sibling, it should size to its own content.
@vredchenko
feat(webui-dashboard): polish Keycloak box and auth edges
a16a8e4 
- Column gap raised from 1 to 2.5 so the space between the microscope
  grid and the Keycloak box matches the gap between rows in the
  SmartEM Application column.
- Add production and test Keycloak URLs (identity.diamond.ac.uk and
  identity-test.diamond.ac.uk) as clickable links, mirroring the link
  style of the ARIA Depositions Backend box.
- Re-route agent->keycloak with larger sourceDotOffset (30) and
  targetDotOffset (90) so the line runs right of the centred
  "+N more microscopes" text+icon instead of overlaying it.
@vredchenko
fix(webui-dashboard): nudge agent->keycloak edge further right
53d46a8
@vredchenko vredchenko merged commit 60249f6 into main May 22, 2026
7 checks passed
@vredchenko vredchenko deleted the feat/dashboard-keycloak-auth branch May 22, 2026 15:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

smartem-devtools:webui Developer dashboard web interface

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vredchenko