From e8270b7d736ecab864958b6d09fd24d9c20bea9a Mon Sep 17 00:00:00 2001
From: Eric FELIXINE <eric@digitribe.fr>
Date: Sun, 3 May 2026 08:47:47 -0400
Subject: [PATCH] Fix: OpenRemote token with admin-cli password grant, add
 OR_TOKEN_REALM, fix FROST_URL

---
 simulator.py | 29 ++++++++++++++++-------------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/simulator.py b/simulator.py
index 30d3d768..ce5c93fa 100644
--- a/simulator.py
+++ b/simulator.py
@@ -41,7 +41,9 @@ ENABLE_FROST   = os.environ.get("ENABLE_FROST", "1") == "1"
 ENABLE_OPENREMOTE = os.environ.get("ENABLE_OPENREMOTE", "1") == "1"
 OR_ADMIN_USER = os.environ.get("OR_ADMIN_USER", "admin")
 OR_ADMIN_PASS = os.environ.get("OR_ADMIN_PASS", "Digitribe972")
-OR_REALM     = os.environ.get("OR_REALM", "master")
+OR_REALM     = os.environ.get("OR_REALM", "smartcity")
+OR_TOKEN_REALM = os.environ.get("OR_TOKEN_REALM", "master")  # Realm pour obtention token
+FROST_URL    = os.environ.get("FROST_URL", "http://frost_allinone-web-1:8080/FROST-Server/v1.1")
 
 SENSOR_COUNTS = {
     "traffic":    int(os.environ.get("SENSOR_COUNT_traffic",    "3")),
@@ -363,8 +365,8 @@ STELLIO_URL = "http://stellio-api-gateway:8080"
 # Configuration OpenRemote (URLs dynamiques)
 OR_URL      = os.environ.get("OR_URL", "http://192.168.192.10:8080")  # IP directe (évite DNS)
 OR_REALM    = os.environ.get("OR_REALM", "smartcity")  # Default: smartcity
-OR_TOKEN_URL = f"{OR_URL}/auth/realms/{OR_REALM}/protocol/openid-connect/token"
-OR_TOKEN_TTL = 3600  # Refresh token every hour
+OR_TOKEN_URL = os.environ.get("OR_TOKEN_URL", f"http://openremote-keycloak-1:8080/auth/realms/{OR_TOKEN_REALM}/protocol/openid-connect/token")
+OR_TOKEN_TTL = int(os.environ.get("OR_TOKEN_TTL", "3600"))  # Refresh token every hour
 def publish_stellio(sid: str, sensor: dict) -> bool:
     """Publie sur Stellio (gère le 409)."""
     entity = _ngsi_payload(sid, sensor)
@@ -545,21 +547,22 @@ def publish_frost(sid: str, sensor: dict, field: str, value: float) -> bool:
 _or_token_cache = {"token": "", "expires": 0}
 
 def _get_or_token() -> str:
-    """Obtient un token OpenRemote via client credentials (service account)."""
-    import time
+    """Obtain an OpenRemote token via password grant (admin-cli, directAccessGrants enabled)."""
+    import time, urllib.parse
     if _or_token_cache["token"] and _or_token_cache["expires"] > time.time() + 60:
         return _or_token_cache["token"]
     try:
-        # Utiliser HTTP Basic Auth (client_secret_basic)
-        import base64
-        creds = base64.b64encode(f"{os.environ.get('OR_CLIENT_ID')}:{os.environ.get('OR_CLIENT_SECRET')}".encode()).decode()
+        # Use password grant with admin-cli client (directAccessGrants enabled)
+        data = urllib.parse.urlencode({
+            "grant_type": "password",
+            "username": os.environ.get("OR_ADMIN_USER", "admin"),
+            "password": os.environ.get("OR_ADMIN_PASS", "Digitribe972"),
+            "client_id": "admin-cli"
+        }).encode()
         req = urllib.request.Request(
             OR_TOKEN_URL,
-            data=urllib.parse.urlencode({"grant_type": "client_credentials"}).encode(),
-            headers={
-                "Content-Type": "application/x-www-form-urlencoded",
-                "Authorization": f"Basic {creds}"
-            }
+            data=data,
+            headers={"Content-Type": "application/x-www-form-urlencoded"}
         )
         with urllib.request.urlopen(req, timeout=5) as r:
             token_data = json.loads(r.read().decode())