philorg/oidc-fastapi-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages2 Wiki Activity Actions

Add provider id field, relaxing name

Browse source
This commit is contained in:
phil 2025-01-10 00:09:12 +01:00
parent 57041e9233
commit 170e663ee8
4 changed files with 10 additions and 9 deletions

2
src/oidc_test/auth_utils.py
View file

@ -15,7 +15,7 @@ from .settings import settings
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
OIDC_PROVIDERS = set([provider.name for provider in settings.oidc.providers]) OIDC_PROVIDERS = set([provider.id for provider in settings.oidc.providers])
def get_provider(request: Request) -> StarletteOAuth2App: def get_provider(request: Request) -> StarletteOAuth2App:

8
src/oidc_test/main.py
View file

@ -51,7 +51,7 @@ _providers = {}
for provider in settings.oidc.providers: for provider in settings.oidc.providers:
authlib_oauth.register( authlib_oauth.register(
name=provider.name, name=provider.id,
server_metadata_url=provider.openid_configuration, server_metadata_url=provider.openid_configuration,
client_kwargs={ client_kwargs={
"scope": "openid email offline_access profile roles", "scope": "openid email offline_access profile roles",
@ -62,10 +62,10 @@ for provider in settings.oidc.providers:
# update_token=update_token, # update_token=update_token,
# client_id="some-client-id", # if enabled, authlib will also check that the access token belongs to this client id (audience) # client_id="some-client-id", # if enabled, authlib will also check that the access token belongs to this client id (audience)
) )
fastapi_providers[provider.name] = OpenIdConnect( fastapi_providers[provider.id] = OpenIdConnect(
openIdConnectUrl=provider.openid_configuration openIdConnectUrl=provider.openid_configuration
) )
_providers[provider.name] = provider _providers[provider.id] = provider
# Endpoints for the login / authorization process # Endpoints for the login / authorization process
@ -73,7 +73,7 @@ for provider in settings.oidc.providers:
@app.get("/login/{oidc_provider_id}") @app.get("/login/{oidc_provider_id}")
async def login(request: Request, oidc_provider_id: str) -> RedirectResponse: async def login(request: Request, oidc_provider_id: str) -> RedirectResponse:
"""Login with the provider name, """Login with the provider id,
by giving the browser a redirect to its authorize page. by giving the browser a redirect to its authorize page.
After successful authentification, the provider replies with an encrypted After successful authentification, the provider replies with an encrypted
auth token that only we can decode and contains userinfo, auth token that only we can decode and contains userinfo,

7
src/oidc_test/settings.py
View file

@ -11,9 +11,10 @@ from pydantic_settings import (
class OIDCProvider(BaseModel): class OIDCProvider(BaseModel):
name: str = "" id: str
url: str = "" name: str
client_id: str = "" url: str
client_id: str
client_secret: str = "" client_secret: str = ""
@computed_field @computed_field

2
src/templates/home.html
View file

@ -5,7 +5,7 @@
<p>Log in with one of these authentication providers:</p> <p>Log in with one of these authentication providers:</p>
<div class="login-toolbox"> <div class="login-toolbox">
{% for provider in settings.oidc.providers %} {% for provider in settings.oidc.providers %}
<a href="login/{{ provider.name }}">{{ provider.name }}</a> <a href="login/{{ provider.id }}">{{ provider.name }}</a>
{% else %} {% else %}
<span class="error">There is no authentication provider defined. <span class="error">There is no authentication provider defined.
Hint: check the settings.yaml file.</span> Hint: check the settings.yaml file.</span>