Compare commits
3 commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 2051addfc2 | |||
| 2534c1cbb4 | |||
| fb433e27be |
20 changed files with 384 additions and 440 deletions
|
|
@ -19,7 +19,7 @@ jobs:
|
|||
- name: Install the latest version of uv
|
||||
uses: astral-sh/setup-uv@v4
|
||||
with:
|
||||
version: "0.6.9"
|
||||
version: "0.5.16"
|
||||
|
||||
- name: Install
|
||||
run: uv sync
|
||||
|
|
@ -27,26 +27,34 @@ jobs:
|
|||
- name: Run tests (API call)
|
||||
run: .venv/bin/pytest -s tests/basic.py
|
||||
|
||||
- name: Get version
|
||||
run: echo "VERSION=$(.venv/bin/dunamai from any --style semver)" >> $GITHUB_ENV
|
||||
- name: Get version with git describe
|
||||
id: version
|
||||
run: |
|
||||
echo "version=$(git describe)" >> $GITHUB_OUTPUT
|
||||
echo "$VERSION"
|
||||
|
||||
- name: Version
|
||||
run: echo $VERSION
|
||||
- name: Check if the container should be built
|
||||
id: builder
|
||||
env:
|
||||
RUN: ${{ toJSON(inputs.build || !contains(steps.version.outputs.version, '-')) }}
|
||||
run: |
|
||||
echo "run=$RUN" >> $GITHUB_OUTPUT
|
||||
echo "Run build: $RUN"
|
||||
|
||||
- name: Get distance from tag
|
||||
run: echo "DISTANCE=$(.venv/bin/dunamai from any --format '{distance}')" >> $GITHUB_ENV
|
||||
|
||||
- name: Distance
|
||||
run: echo $DISTANCE
|
||||
- name: Set the version in pyproject.toml (workaround for uv not supporting dynamic version)
|
||||
if: fromJSON(steps.builder.outputs.run)
|
||||
env:
|
||||
VERSION: ${{ steps.version.outputs.version }}
|
||||
run: sed "s/0.0.0/$VERSION/" -i pyproject.toml
|
||||
|
||||
- name: Workaround for bug of podman-login
|
||||
if: env.DISTANCE == '0'
|
||||
if: fromJSON(steps.builder.outputs.run)
|
||||
run: |
|
||||
mkdir -p $HOME/.docker
|
||||
echo "{ \"auths\": {} }" > $HOME/.docker/config.json
|
||||
|
||||
- name: Log in to the container registry (with another workaround)
|
||||
if: env.DISTANCE == '0'
|
||||
if: fromJSON(steps.builder.outputs.run)
|
||||
uses: actions/podman-login@v1
|
||||
with:
|
||||
registry: ${{ vars.REGISTRY }}
|
||||
|
|
@ -55,30 +63,30 @@ jobs:
|
|||
auth_file_path: /tmp/auth.json
|
||||
|
||||
- name: Build the container image
|
||||
if: env.DISTANCE == '0'
|
||||
if: fromJSON(steps.builder.outputs.run)
|
||||
uses: actions/buildah-build@v1
|
||||
with:
|
||||
image: oidc-fastapi-test
|
||||
oci: true
|
||||
labels: oidc-fastapi-test
|
||||
tags: "latest ${{ env.VERSION }}"
|
||||
tags: latest ${{ steps.version.outputs.version }}
|
||||
containerfiles: |
|
||||
./Containerfile
|
||||
|
||||
- name: Push the image to the registry
|
||||
if: env.DISTANCE == '0'
|
||||
if: fromJSON(steps.builder.outputs.run)
|
||||
uses: actions/push-to-registry@v2
|
||||
with:
|
||||
registry: "docker://${{ vars.REGISTRY }}/${{ vars.ORGANISATION }}"
|
||||
image: oidc-fastapi-test
|
||||
tags: "latest ${{ env.VERSION }}"
|
||||
tags: latest ${{ steps.version.outputs.version }}
|
||||
|
||||
- name: Build wheel
|
||||
if: env.DISTANCE == '0'
|
||||
if: fromJSON(steps.builder.outputs.run)
|
||||
run: uv build --wheel
|
||||
|
||||
- name: Publish Python package (home)
|
||||
if: env.DISTANCE == '0'
|
||||
if: fromJSON(steps.builder.outputs.run)
|
||||
env:
|
||||
LOCAL_PYPI_TOKEN: ${{ secrets.LOCAL_PYPI_TOKEN }}
|
||||
run: uv publish --publish-url https://code.philo.ydns.eu/api/packages/philorg/pypi --token $LOCAL_PYPI_TOKEN
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ jobs:
|
|||
- name: Install the latest version of uv
|
||||
uses: astral-sh/setup-uv@v4
|
||||
with:
|
||||
version: "0.6.3"
|
||||
version: "0.5.16"
|
||||
|
||||
- name: Install
|
||||
run: uv sync
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
FROM docker.io/library/python:latest
|
||||
FROM docker.io/library/python:alpine
|
||||
|
||||
COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /usr/local/bin/
|
||||
|
||||
|
|
|
|||
60
README.md
60
README.md
|
|
@ -52,59 +52,31 @@ given by the OIDC providers.
|
|||
For example:
|
||||
|
||||
```yaml
|
||||
secret_key: AVeryWellKeptSecret
|
||||
debug_token: no
|
||||
show_token: yes
|
||||
log: yes
|
||||
|
||||
auth:
|
||||
oidc:
|
||||
secret_key: "ASecretNoOneKnows"
|
||||
show_session_details: yes
|
||||
providers:
|
||||
- id: auth0
|
||||
name: Okta / Auth0
|
||||
url: https://<your_auth0_app_URL>
|
||||
public_key_url: https://<your_auth0_app_URL>/pem
|
||||
client_id: <your_auth0_client_id>
|
||||
client_secret: client_secret_generated_by_auth0
|
||||
hint: A hint for test credentials
|
||||
url: "https://<your_auth0_app_URL>"
|
||||
client_id: "<your_auth0_client_id>"
|
||||
client_secret: "client_secret_generated_by_auth0"
|
||||
hint: "A hint for test credentials"
|
||||
|
||||
- id: keycloak
|
||||
name: Keycloak at somewhere
|
||||
url: https://<the_keycloak_realm_url>
|
||||
info_url: https://philo.ydns.eu/auth/realms/test
|
||||
account_url_template: /account
|
||||
client_id: <your_keycloak_client_id>
|
||||
client_secret: <client_secret_generated_by_keycloak>
|
||||
hint: A hint for test credentials
|
||||
code_challenge_method: S256
|
||||
resource_provider_scopes:
|
||||
- get:time
|
||||
- get:bs
|
||||
resource_providers:
|
||||
- id: <third_party_resource_provider_id>
|
||||
name: A third party resource provider
|
||||
base_url: https://some.example.com/
|
||||
verify_ssl: yes
|
||||
resources:
|
||||
- name: Public RS2
|
||||
resource_name: public
|
||||
url: resource/public
|
||||
- name: BS RS2
|
||||
resource_name: bs
|
||||
url: resource/bs
|
||||
- name: Time RS2
|
||||
resource_name: time
|
||||
url: resource/time
|
||||
url: "https://<the_keycloak_realm_url>"
|
||||
account_url_template: "/account"
|
||||
client_id: "<your_keycloak_client_id>"
|
||||
client_secret: "client_secret_generated_by_keycloak"
|
||||
hint: "User: foo, password: foofoo"
|
||||
|
||||
- id: codeberg
|
||||
disabled: no
|
||||
name: Codeberg
|
||||
url: https://codeberg.org
|
||||
account_url_template: /user/settings
|
||||
client_id: <your_codeberg_client_id>
|
||||
client_secret: client_secret_generated_by_codeberg
|
||||
info_url: https://codeberg.org/login/oauth/keys
|
||||
session_key: sub
|
||||
skip_verify_signature: no
|
||||
url: "https://codeberg.org"
|
||||
account_url_template: "/user/settings"
|
||||
client_id: "<your_codeberg_client_id>"
|
||||
client_secret: "client_secret_generated_by_codeberg"
|
||||
resources:
|
||||
- name: List of repos
|
||||
id: repos
|
||||
|
|
|
|||
|
|
@ -1,14 +1,16 @@
|
|||
[project]
|
||||
name = "oidc-fastapi-test"
|
||||
#version = "0.0.0"
|
||||
dynamic = ["version"]
|
||||
version = "0.0.0"
|
||||
# dynamic = ["version"]
|
||||
description = "Add your description here"
|
||||
readme = "README.md"
|
||||
requires-python = ">=3.13"
|
||||
dependencies = [
|
||||
"asyncpg>=0.30.0",
|
||||
"authlib>=1.4.0",
|
||||
"cachetools>=5.5.0",
|
||||
"fastapi[standard]>=0.115.6",
|
||||
"greenlet>=3.1.1",
|
||||
"httpx>=0.28.1",
|
||||
"itsdangerous>=2.2.0",
|
||||
"passlib[bcrypt]>=1.7.4",
|
||||
|
|
@ -24,21 +26,14 @@ dependencies = [
|
|||
oidc-test = "oidc_test.main:main"
|
||||
|
||||
[dependency-groups]
|
||||
dev = ["dunamai>=1.23.0", "ipdb>=0.13.13", "pytest>=8.3.4"]
|
||||
dev = ["ipdb>=0.13.13", "pytest>=8.3.4"]
|
||||
|
||||
[build-system]
|
||||
requires = ["hatchling", "uv-dynamic-versioning"]
|
||||
requires = ["hatchling"]
|
||||
build-backend = "hatchling.build"
|
||||
|
||||
[tool.hatch.version]
|
||||
source = "uv-dynamic-versioning"
|
||||
|
||||
[tool.hatch.build.targets.wheel]
|
||||
packages = ["src/oidc_test"]
|
||||
package = true
|
||||
|
||||
[tool.uv-dynamic-versioning]
|
||||
style = "semver"
|
||||
|
||||
[tool.uv]
|
||||
package = true
|
||||
|
|
|
|||
|
|
@ -1,11 +0,0 @@
|
|||
import importlib.metadata
|
||||
|
||||
try:
|
||||
from dunamai import Version, Style
|
||||
|
||||
__version__ = Version.from_git().serialize(style=Style.SemVer, dirty=True)
|
||||
except ImportError:
|
||||
# __name__ could be used if the package name is the same
|
||||
# as the directory - not the case here
|
||||
# __version__ = importlib.metadata.version(__name__)
|
||||
__version__ = importlib.metadata.version("oidc-fastapi-test")
|
||||
|
|
@ -7,7 +7,7 @@ from pydantic import ConfigDict
|
|||
from authlib.integrations.starlette_client.apps import StarletteOAuth2App
|
||||
from httpx import AsyncClient
|
||||
|
||||
from oidc_test.settings import AuthProviderSettings, ResourceProvider, Resource, settings
|
||||
from oidc_test.settings import AuthProviderSettings, settings
|
||||
from oidc_test.models import User
|
||||
|
||||
logger = logging.getLogger("oidc-test")
|
||||
|
|
@ -24,7 +24,6 @@ class Provider(AuthProviderSettings):
|
|||
authlib_client: StarletteOAuth2App = StarletteOAuth2App(None)
|
||||
info: dict[str, Any] = {}
|
||||
unknown_auth_user: User
|
||||
logout_with_id_token_hint: bool = True
|
||||
|
||||
def decode(self, token: str, verify_signature: bool | None = None) -> dict[str, Any]:
|
||||
"""Decode the token with signature check"""
|
||||
|
|
@ -61,34 +60,28 @@ class Provider(AuthProviderSettings):
|
|||
if self.info_url is not None:
|
||||
try:
|
||||
provider_info = await client.get(self.info_url)
|
||||
except Exception as err:
|
||||
logger.debug("Provider_info: cannot connect")
|
||||
logger.exception(err)
|
||||
except Exception:
|
||||
raise NoPublicKey
|
||||
try:
|
||||
self.info = provider_info.json()
|
||||
except JSONDecodeError:
|
||||
logger.debug("Provider_info: cannot decode json response")
|
||||
raise NoPublicKey
|
||||
if "public_key" in self.info:
|
||||
# For Keycloak
|
||||
try:
|
||||
public_key = str(self.info["public_key"])
|
||||
except KeyError:
|
||||
logger.debug("Provider_info: cannot get public_key")
|
||||
raise NoPublicKey
|
||||
elif "keys" in self.info:
|
||||
# For Forgejo/Gitea
|
||||
try:
|
||||
public_key = str(self.info["keys"][0]["n"])
|
||||
except KeyError:
|
||||
logger.debug("Provider_info: cannot get key 0.n")
|
||||
raise NoPublicKey
|
||||
if self.public_key_url is not None:
|
||||
resp = await client.get(self.public_key_url)
|
||||
public_key = resp.text
|
||||
if public_key is None:
|
||||
logger.debug("Provider_info: cannot determine public key")
|
||||
raise NoPublicKey
|
||||
self.public_key = "\n".join(
|
||||
["-----BEGIN PUBLIC KEY-----", public_key, "-----END PUBLIC KEY-----"]
|
||||
|
|
@ -96,18 +89,3 @@ class Provider(AuthProviderSettings):
|
|||
|
||||
def get_session_key(self, userinfo):
|
||||
return userinfo[self.session_key]
|
||||
|
||||
def get_resource(self, resource_name: str) -> Resource:
|
||||
return [
|
||||
resource for resource in self.resources if resource.resource_name == resource_name
|
||||
][0]
|
||||
|
||||
def get_resource_url(self, resource_name: str) -> str:
|
||||
return self.url + self.get_resource(resource_name).url
|
||||
|
||||
def get_resource_provider(self, resource_provider_id: str) -> ResourceProvider:
|
||||
return [
|
||||
provider
|
||||
for provider in self.resource_providers
|
||||
if provider.id == resource_provider_id
|
||||
][0]
|
||||
|
|
|
|||
|
|
@ -4,13 +4,16 @@ import logging
|
|||
|
||||
from fastapi import HTTPException, Request, Depends, status
|
||||
from fastapi.security import OAuth2PasswordBearer
|
||||
from sqlmodel.ext.asyncio.session import AsyncSession
|
||||
from authlib.integrations.starlette_client import OAuth, OAuthError, StarletteOAuth2App
|
||||
from authlib.oauth2.rfc6749 import OAuth2Token
|
||||
from jwt import ExpiredSignatureError, InvalidKeyError, DecodeError, PyJWTError
|
||||
|
||||
# from authlib.oauth1.auth import OAuthToken
|
||||
from authlib.oauth2.rfc6749 import OAuth2Token
|
||||
|
||||
from oidc_test.auth.provider import Provider
|
||||
from oidc_test.models import User
|
||||
from oidc_test.database import db, TokenNotInDb, UserNotInDB
|
||||
from oidc_test.database import db, get_db_session, TokenNotInDb, UserNotInDB
|
||||
from oidc_test.settings import settings
|
||||
from oidc_test.auth_providers import providers
|
||||
|
||||
|
|
@ -20,7 +23,7 @@ logger = logging.getLogger("oidc-test")
|
|||
async def fetch_token(name, request):
|
||||
assert name is not None
|
||||
assert request is not None
|
||||
logger.warning("TODO: fetch_token")
|
||||
logger.warn("TODO: fetch_token")
|
||||
...
|
||||
# if name in oidc_providers:
|
||||
# model = OAuth2Token
|
||||
|
|
@ -32,10 +35,7 @@ async def fetch_token(name, request):
|
|||
|
||||
|
||||
async def update_token(
|
||||
provider_id,
|
||||
token,
|
||||
refresh_token: str | None = None,
|
||||
access_token: str | None = None,
|
||||
provider_id, token, refresh_token: str | None = None, access_token: str | None = None
|
||||
):
|
||||
"""Update the token in the database"""
|
||||
provider = providers[provider_id]
|
||||
|
|
@ -58,7 +58,11 @@ def init_providers():
|
|||
provider_settings_dict = provider_settings.model_dump()
|
||||
# Add an anonymous user, that cannot be identified but has provided a valid access token
|
||||
provider_settings_dict["unknown_auth_user"] = User(
|
||||
sub="", auth_provider_id=provider_settings.id
|
||||
sub="",
|
||||
auth_provider_id=provider_settings.id,
|
||||
roles=[],
|
||||
userinfo={},
|
||||
access_token_decoded={},
|
||||
)
|
||||
provider = Provider(**provider_settings_dict)
|
||||
if provider.disabled:
|
||||
|
|
@ -120,17 +124,32 @@ def get_auth_provider(request: Request) -> Provider:
|
|||
return provider
|
||||
|
||||
|
||||
async def get_current_user(request: Request) -> User:
|
||||
async def get_current_user(
|
||||
request: Request,
|
||||
db_session: Annotated[AsyncSession, Depends(get_db_session)],
|
||||
) -> User:
|
||||
"""Return the user from the request's session.
|
||||
It can be used in Depends()"""
|
||||
if user := await get_current_user_or_none(request, db_session):
|
||||
return user
|
||||
else:
|
||||
raise HTTPException(status.HTTP_401_UNAUTHORIZED)
|
||||
|
||||
|
||||
async def get_current_user_or_none(
|
||||
request: Request,
|
||||
db_session: Annotated[AsyncSession, Depends(get_db_session)],
|
||||
) -> User | None:
|
||||
"""Get the current user from a request object.
|
||||
Also validates the token expiration time.
|
||||
... TODO: complete about refresh token
|
||||
"""
|
||||
if (user_sub := request.session.get("user_sub")) is None:
|
||||
raise HTTPException(status.HTTP_401_UNAUTHORIZED)
|
||||
token = await get_token_from_session(request)
|
||||
user = await db.get_user(user_sub)
|
||||
return None
|
||||
token = await get_token_from_session_or_none(request, db_session)
|
||||
## Check if the token is expired
|
||||
if token.is_expired():
|
||||
breakpoint()
|
||||
if token is not None and token.is_expired():
|
||||
provider = get_auth_provider(request=request)
|
||||
## Ask a new refresh token from the provider
|
||||
logger.info(f"Token expired for user {user.name}")
|
||||
|
|
@ -144,20 +163,28 @@ async def get_current_user(request: Request) -> User:
|
|||
# raise HTTPException(
|
||||
# status.HTTP_401_UNAUTHORIZED, "Token expired, cannot refresh"
|
||||
# )
|
||||
|
||||
user = await db.get_or_add_user(
|
||||
user_sub, db_session=db_session, auth_provider=provider, token=token
|
||||
)
|
||||
return user
|
||||
|
||||
|
||||
async def get_token_from_session_or_none(request: Request) -> OAuth2Token | None:
|
||||
async def get_token_from_session_or_none(
|
||||
request: Request,
|
||||
db_session: Annotated[AsyncSession, Depends(get_db_session)],
|
||||
) -> OAuth2Token | None:
|
||||
"""Return the auth token from the session or None.
|
||||
Can be used in Depends()"""
|
||||
try:
|
||||
return await get_token_from_session(request)
|
||||
return await get_token_from_session(request, db_session)
|
||||
except HTTPException:
|
||||
return None
|
||||
|
||||
|
||||
async def get_token_from_session(request: Request) -> OAuth2Token:
|
||||
async def get_token_from_session(
|
||||
request: Request,
|
||||
db_session: Annotated[AsyncSession, Depends(get_db_session)],
|
||||
) -> OAuth2Token:
|
||||
"""Return the token from the session.
|
||||
Can be used in Depends()"""
|
||||
try:
|
||||
|
|
@ -167,60 +194,15 @@ async def get_token_from_session(request: Request) -> OAuth2Token:
|
|||
request.session.pop("user_sub", None)
|
||||
raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Invalid provider")
|
||||
try:
|
||||
return await db.get_token(
|
||||
provider,
|
||||
request.session.get("sid"),
|
||||
)
|
||||
return await db.get_token(provider, request.session.get("sid"), db_session)
|
||||
except (TokenNotInDb, InvalidKeyError, DecodeError) as err:
|
||||
raise HTTPException(status.HTTP_401_UNAUTHORIZED, err.__class__.__name__)
|
||||
|
||||
|
||||
async def get_current_user_or_none(request: Request) -> User | None:
|
||||
"""Return the user from a request object, from the session.
|
||||
It can be used in Depends()"""
|
||||
try:
|
||||
return await get_current_user(request)
|
||||
except HTTPException:
|
||||
return None
|
||||
|
||||
|
||||
def hasrole(required_roles: Union[str, list[str]] = []):
|
||||
"""Decorator for RBAC permissions"""
|
||||
required_roles_set: set[str]
|
||||
if isinstance(required_roles, str):
|
||||
required_roles_set = set([required_roles])
|
||||
else:
|
||||
required_roles_set = set(required_roles)
|
||||
|
||||
def decorator(func):
|
||||
@wraps(func)
|
||||
async def wrapper(request=None, *args, **kwargs):
|
||||
if request is None:
|
||||
raise HTTPException(
|
||||
500,
|
||||
"Functions decorated with hasrole must have a request:Request argument",
|
||||
)
|
||||
user: User = await get_current_user(request)
|
||||
if not any(required_roles_set.intersection(user.roles_as_set)):
|
||||
raise HTTPException(status.HTTP_401_UNAUTHORIZED)
|
||||
return await func(request, *args, **kwargs)
|
||||
|
||||
return wrapper
|
||||
|
||||
return decorator
|
||||
|
||||
|
||||
def get_token_info(token: dict) -> dict:
|
||||
token_info = dict()
|
||||
for key in token:
|
||||
if key != "userinfo":
|
||||
token_info[key] = token[key]
|
||||
return token_info
|
||||
|
||||
|
||||
async def get_user_from_token(
|
||||
token: Annotated[str, Depends(oauth2_scheme)],
|
||||
request: Request,
|
||||
db_session: Annotated[AsyncSession, Depends(get_db_session)],
|
||||
) -> User:
|
||||
try:
|
||||
auth_provider_id = request.headers["auth_provider"]
|
||||
|
|
@ -258,9 +240,10 @@ async def get_user_from_token(
|
|||
try:
|
||||
user_id = payload["sub"]
|
||||
except KeyError:
|
||||
logger.info(f"'sub' not found in the token, using {auth_provider_id}'s default user")
|
||||
return provider.unknown_auth_user
|
||||
try:
|
||||
user = await db.get_user(user_id)
|
||||
user = await db.get_user(user_id, db_session)
|
||||
if user.access_token != token:
|
||||
user.access_token = token
|
||||
except UserNotInDB:
|
||||
|
|
@ -279,11 +262,12 @@ async def get_user_from_token(
|
|||
async def get_user_from_token_or_none(
|
||||
token: Annotated[str | None, Depends(oauth2_scheme_optional)],
|
||||
request: Request,
|
||||
db_session: Annotated[AsyncSession, Depends(get_db_session)],
|
||||
) -> User | None:
|
||||
if token is None:
|
||||
return None
|
||||
try:
|
||||
return await get_user_from_token(token, request)
|
||||
return await get_user_from_token(token, request, db_session)
|
||||
except HTTPException:
|
||||
return None
|
||||
|
||||
|
|
@ -303,3 +287,29 @@ class UserWithRole:
|
|||
status.HTTP_401_UNAUTHORIZED, f"Not of any required role {', '.join(self.roles)}"
|
||||
)
|
||||
return user
|
||||
|
||||
|
||||
# def hasrole(required_roles: Union[str, list[str]] = []):
|
||||
# """Decorator for RBAC permissions"""
|
||||
# required_roles_set: set[str]
|
||||
# if isinstance(required_roles, str):
|
||||
# required_roles_set = set([required_roles])
|
||||
# else:
|
||||
# required_roles_set = set(required_roles)
|
||||
#
|
||||
# def decorator(func):
|
||||
# @wraps(func)
|
||||
# async def wrapper(request=None, *args, **kwargs):
|
||||
# if request is None:
|
||||
# raise HTTPException(
|
||||
# 500,
|
||||
# "Functions decorated with hasrole must have a request:Request argument",
|
||||
# )
|
||||
# user: User = await get_current_user(request)
|
||||
# if not any(required_roles_set.intersection(user.roles_as_set)):
|
||||
# raise HTTPException(status.HTTP_401_UNAUTHORIZED)
|
||||
# return await func(request, *args, **kwargs)
|
||||
#
|
||||
# return wrapper
|
||||
#
|
||||
# return decorator
|
||||
|
|
|
|||
|
|
@ -1,17 +1,26 @@
|
|||
"""Fake in-memory database interface for demo purpose"""
|
||||
|
||||
import logging
|
||||
from collections.abc import AsyncGenerator
|
||||
|
||||
from authlib.oauth2.rfc6749 import OAuth2Token
|
||||
from jwt import PyJWTError
|
||||
|
||||
from oidc_test.auth.provider import Provider
|
||||
from sqlmodel import SQLModel, create_engine, select
|
||||
from sqlmodel.ext.asyncio.session import AsyncSession
|
||||
from sqlalchemy.ext.asyncio import create_async_engine
|
||||
|
||||
from oidc_test.models import User, Role
|
||||
from oidc_test.auth import provider
|
||||
from oidc_test.settings import settings
|
||||
from oidc_test.auth.provider import Provider
|
||||
from oidc_test.models import User, Role, Token
|
||||
from oidc_test.auth_providers import providers
|
||||
|
||||
logger = logging.getLogger("oidc-test")
|
||||
|
||||
engine = create_async_engine(settings.db.sqla_url)
|
||||
sync_engine = create_engine(settings.db.sqla_url)
|
||||
|
||||
|
||||
class UserNotInDB(Exception):
|
||||
pass
|
||||
|
|
@ -21,6 +30,11 @@ class TokenNotInDb(Exception):
|
|||
pass
|
||||
|
||||
|
||||
async def get_db_session() -> AsyncGenerator[AsyncSession]:
|
||||
async with AsyncSession(engine) as db_session:
|
||||
yield db_session
|
||||
|
||||
|
||||
class Database:
|
||||
users: dict[str, User] = {}
|
||||
# TODO: key of the token table should be provider: sid
|
||||
|
|
@ -31,20 +45,21 @@ class Database:
|
|||
async def add_user(
|
||||
self,
|
||||
sub: str,
|
||||
user_info: dict,
|
||||
auth_provider: Provider,
|
||||
access_token: str,
|
||||
token: OAuth2Token,
|
||||
# access_token: str,
|
||||
access_token_decoded: dict | None = None,
|
||||
) -> User:
|
||||
if access_token_decoded is None:
|
||||
assert auth_provider.name is not None
|
||||
provider = providers[auth_provider.id]
|
||||
try:
|
||||
access_token_decoded = provider.decode(access_token)
|
||||
access_token_decoded = provider.decode(token["access_token"])
|
||||
except PyJWTError:
|
||||
access_token_decoded = {}
|
||||
user_info["auth_provider_id"] = auth_provider.id
|
||||
user = User(**user_info)
|
||||
user_info: dict = token["user_info"]
|
||||
sub = user_info["sub"]
|
||||
user = User(auth_provider_id=auth_provider.id, **user_info)
|
||||
user.userinfo = user_info
|
||||
# user.access_token = access_token
|
||||
# user.access_token_decoded = access_token_decoded
|
||||
|
|
@ -63,34 +78,62 @@ class Database:
|
|||
roles.update(r)
|
||||
except KeyError:
|
||||
pass
|
||||
user.roles = [Role(name=role_name) for role_name in roles]
|
||||
# user.roles = [Role(name=role_name) for role_name in roles]
|
||||
user.roles = []
|
||||
self.users[sub] = user
|
||||
return user
|
||||
|
||||
async def get_user(self, sub: str) -> User:
|
||||
if sub not in self.users:
|
||||
async def get_user(self, sub: str, db_session: AsyncSession) -> User:
|
||||
query = select(User).where(User.sub == sub)
|
||||
user = (await db_session.exec(query)).first()
|
||||
if user is None:
|
||||
raise UserNotInDB
|
||||
return self.users[sub]
|
||||
return user
|
||||
|
||||
async def add_token(self, provider: Provider, token: OAuth2Token) -> None:
|
||||
async def get_or_add_user(
|
||||
self, sub: str, db_session: AsyncSession, auth_provider: Provider, token: OAuth2Token
|
||||
):
|
||||
if user := self.get_user(sub, db_session):
|
||||
return user
|
||||
else:
|
||||
return await self.add_user(sub=sub, auth_provider=auth_provider, token=token)
|
||||
|
||||
async def add_token(
|
||||
self, provider: Provider, token: OAuth2Token, db_session: AsyncSession
|
||||
) -> None:
|
||||
"""Store a token using as key the sid (auth provider's session id)
|
||||
in the id_token"""
|
||||
sid = provider.get_session_key(token["userinfo"])
|
||||
self.tokens[sid] = token
|
||||
if existing_token := await db_session.get(Token, sid):
|
||||
# The token already exists: update it
|
||||
# XXX: check is token is different?
|
||||
existing_token.token = token
|
||||
db_session.add(existing_token)
|
||||
await db_session.commit()
|
||||
else:
|
||||
token = Token(sid=sid, token=token)
|
||||
db_session.add(token)
|
||||
await db_session.commit()
|
||||
|
||||
async def get_token(
|
||||
self,
|
||||
provider: Provider,
|
||||
sid: str | None,
|
||||
self, provider: Provider, sid: str | None, db_session: AsyncSession
|
||||
) -> OAuth2Token:
|
||||
# TODO: key of the token table should be provider: sid
|
||||
assert isinstance(provider, Provider)
|
||||
if sid is None:
|
||||
raise TokenNotInDb
|
||||
try:
|
||||
return self.tokens[sid]
|
||||
except KeyError:
|
||||
if token := await db_session.get(Token, sid):
|
||||
return OAuth2Token.from_dict(token.token)
|
||||
else:
|
||||
raise TokenNotInDb
|
||||
|
||||
|
||||
async def create_db(drop=False):
|
||||
logger.debug(f"Connect to database with config: {settings.db}")
|
||||
async with engine.begin() as conn:
|
||||
if drop:
|
||||
await conn.run_sync(SQLModel.metadata.drop_all)
|
||||
await conn.run_sync(SQLModel.metadata.create_all)
|
||||
|
||||
|
||||
db = Database()
|
||||
|
|
|
|||
|
|
@ -6,9 +6,6 @@ from typing import Annotated
|
|||
from pathlib import Path
|
||||
from datetime import datetime
|
||||
import logging
|
||||
import logging.config
|
||||
import importlib.resources
|
||||
from yaml import safe_load
|
||||
from urllib.parse import urlencode
|
||||
from contextlib import asynccontextmanager
|
||||
|
||||
|
|
@ -19,6 +16,8 @@ from fastapi.responses import HTMLResponse, RedirectResponse
|
|||
from fastapi.templating import Jinja2Templates
|
||||
from fastapi.middleware.cors import CORSMiddleware
|
||||
from jwt import PyJWTError
|
||||
from sqlalchemy.ext.asyncio import AsyncSession
|
||||
from sqlmodel import select
|
||||
from starlette.middleware.sessions import SessionMiddleware
|
||||
from authlib.integrations.starlette_client.apps import StarletteOAuth2App
|
||||
from authlib.integrations.base_client import OAuthError
|
||||
|
|
@ -29,7 +28,6 @@ from authlib.oauth2.rfc6749 import OAuth2Token
|
|||
# from fastapi.security import OpenIdConnect
|
||||
# from pkce import generate_code_verifier, generate_pkce_pair
|
||||
|
||||
from oidc_test import __version__
|
||||
from oidc_test.registry import registry
|
||||
from oidc_test.auth.provider import NoPublicKey, Provider
|
||||
from oidc_test.auth.utils import (
|
||||
|
|
@ -45,26 +43,18 @@ from oidc_test.auth.utils import init_providers
|
|||
from oidc_test.settings import settings
|
||||
from oidc_test.auth_providers import providers
|
||||
from oidc_test.models import User
|
||||
from oidc_test.database import TokenNotInDb, db
|
||||
from oidc_test.database import TokenNotInDb, db, create_db, get_db_session
|
||||
from oidc_test.resource_server import resource_server
|
||||
|
||||
logger = logging.getLogger("oidc-test")
|
||||
|
||||
if settings.log:
|
||||
assert __package__ is not None
|
||||
with (
|
||||
importlib.resources.path(__package__) as package_path,
|
||||
open(package_path / settings.log_config_file) as f,
|
||||
):
|
||||
logging_config = safe_load(f)
|
||||
logging.config.dictConfig(logging_config)
|
||||
|
||||
templates = Jinja2Templates(Path(__file__).parent / "templates")
|
||||
|
||||
|
||||
@asynccontextmanager
|
||||
async def lifespan(app: FastAPI):
|
||||
assert app is not None
|
||||
await create_db()
|
||||
init_providers()
|
||||
registry.make_registry()
|
||||
for provider in list(providers.values()):
|
||||
|
|
@ -109,38 +99,35 @@ async def home(
|
|||
"show_token": settings.show_token,
|
||||
"user": user,
|
||||
"now": datetime.now(),
|
||||
"__version__": __version__,
|
||||
"auth_provider": provider,
|
||||
}
|
||||
if provider is None or token is None:
|
||||
if provider is None or token is None or user is None:
|
||||
context["providers"] = providers
|
||||
context["access_token"] = None
|
||||
context["id_token_parsed"] = None
|
||||
context["access_token_parsed"] = None
|
||||
context["refresh_token_parsed"] = None
|
||||
context["resources"] = None
|
||||
context["auth_provider"] = None
|
||||
else:
|
||||
context["auth_provider"] = provider
|
||||
context["access_token"] = token["access_token"]
|
||||
# XXX: resources defined externally? I am confused...
|
||||
try:
|
||||
access_token_parsed = provider.decode(token["access_token"], verify_signature=False)
|
||||
context["access_token_parsed"] = access_token_parsed
|
||||
context["access_token_scope"] = access_token_parsed.get("scope")
|
||||
except PyJWTError as err:
|
||||
context["access_token_parsed"] = {"Cannot parse": err.__class__.__name__}
|
||||
access_token_parsed = {"Cannot parse": err.__class__.__name__}
|
||||
try:
|
||||
context["access_token_scope"] = access_token_parsed["scope"]
|
||||
except KeyError:
|
||||
context["access_token_scope"] = None
|
||||
context["id_token_parsed"] = provider.decode(token["id_token"], verify_signature=False)
|
||||
context["access_token_parsed"] = access_token_parsed
|
||||
context["resource_providers"] = registry.resource_providers
|
||||
try:
|
||||
id_token_parsed = provider.decode(token["id_token"], verify_signature=False)
|
||||
context["id_token_parsed"] = id_token_parsed
|
||||
except PyJWTError as err:
|
||||
context["id_token_parsed"] = {"Cannot parse": err.__class__.__name__}
|
||||
try:
|
||||
refresh_token_parsed = provider.decode(token["refresh_token"], verify_signature=False)
|
||||
context["refresh_token_parsed"] = refresh_token_parsed
|
||||
context["refresh_token_parsed"] = provider.decode(
|
||||
token["refresh_token"], verify_signature=False
|
||||
)
|
||||
except PyJWTError as err:
|
||||
context["refresh_token_parsed"] = {"Cannot parse": err.__class__.__name__}
|
||||
context["resources"] = registry.resources
|
||||
context["resource_providers"] = provider.resource_providers
|
||||
return templates.TemplateResponse(name="home.html", request=request, context=context)
|
||||
|
||||
|
||||
|
|
@ -184,6 +171,7 @@ async def login(request: Request, auth_provider_id: str) -> RedirectResponse:
|
|||
async def auth(
|
||||
request: Request,
|
||||
auth_provider_id: str,
|
||||
db_session: Annotated[AsyncSession, Depends(get_db_session)],
|
||||
) -> RedirectResponse:
|
||||
"""Decrypt the auth token, store it to the session (cookie based)
|
||||
and response to the browser with a redirect to a "welcome user" page.
|
||||
|
|
@ -218,24 +206,30 @@ async def auth(
|
|||
# user_info_from_endpoint = {}
|
||||
# Build and remember the user in the session
|
||||
request.session["user_sub"] = sub
|
||||
# Store the user in the database, which also verifies the token validity and signature
|
||||
try:
|
||||
user = await db.add_user(
|
||||
sub,
|
||||
user_info=userinfo,
|
||||
auth_provider=providers[auth_provider_id],
|
||||
access_token=token["access_token"],
|
||||
)
|
||||
except PyJWTError as err:
|
||||
raise HTTPException(
|
||||
status.HTTP_401_UNAUTHORIZED,
|
||||
detail=f"Token invalid: {err.__class__.__name__}",
|
||||
)
|
||||
assert isinstance(user, User)
|
||||
user = db.get_or_add_user(sub, db_session, auth_provider=provider, token=token)
|
||||
query = select(User).where(User.sub == sub)
|
||||
user = (await db_session.exec(query)).first()
|
||||
assert user is not None
|
||||
except Exception as err:
|
||||
# Store the user in the database, which also verifies the token validity and signature
|
||||
logger.info(f"New user {userinfo}")
|
||||
try:
|
||||
user = await db.add_user(
|
||||
sub,
|
||||
user_info=userinfo,
|
||||
auth_provider=providers[auth_provider_id],
|
||||
access_token=token["access_token"],
|
||||
)
|
||||
except PyJWTError as err:
|
||||
raise HTTPException(
|
||||
status.HTTP_401_UNAUTHORIZED,
|
||||
detail=f"Token invalid: {err.__class__.__name__}",
|
||||
)
|
||||
# Add the provider session id to the session
|
||||
request.session["sid"] = provider.get_session_key(userinfo)
|
||||
# Add the token to the db because it is used for logout
|
||||
await db.add_token(provider, token)
|
||||
await db.add_token(provider, token, db_session)
|
||||
# Send the user to the home: (s)he is authenticated
|
||||
return RedirectResponse(url=request.url_for("home"))
|
||||
else:
|
||||
|
|
@ -262,7 +256,7 @@ async def logout(
|
|||
if (
|
||||
provider_logout_uri := provider.authlib_client.server_metadata.get("end_session_endpoint")
|
||||
) is None:
|
||||
logger.warning(f"Cannot find end_session_endpoint for provider {provider.id}")
|
||||
logger.warn(f"Cannot find end_session_endpoint for provider {provider.id}")
|
||||
return RedirectResponse(request.url_for("non_compliant_logout"))
|
||||
post_logout_uri = request.url_for("home")
|
||||
# Clear session
|
||||
|
|
@ -273,13 +267,17 @@ async def logout(
|
|||
except TokenNotInDb:
|
||||
logger.warning("No session in db for the token or no token")
|
||||
return RedirectResponse(request.url_for("home"))
|
||||
url_query = {
|
||||
"post_logout_redirect_uri": post_logout_uri,
|
||||
"client_id": provider.client_id,
|
||||
}
|
||||
if provider.logout_with_id_token_hint:
|
||||
url_query["id_token_hint"] = token["id_token"]
|
||||
logout_url = f"{provider_logout_uri}?{urlencode(url_query)}"
|
||||
logout_url = (
|
||||
provider_logout_uri
|
||||
+ "?"
|
||||
+ urlencode(
|
||||
{
|
||||
"post_logout_redirect_uri": post_logout_uri,
|
||||
"id_token_hint": token["id_token"],
|
||||
"client_id": "oidc_local_test",
|
||||
}
|
||||
)
|
||||
)
|
||||
return RedirectResponse(logout_url)
|
||||
|
||||
|
||||
|
|
@ -310,13 +308,7 @@ async def refresh(
|
|||
refresh_token=token["refresh_token"],
|
||||
grant_type="refresh_token",
|
||||
)
|
||||
try:
|
||||
await update_token(provider.id, new_token)
|
||||
except PyJWTError as err:
|
||||
logger.info(f"Cannot refresh token: {err.__class__.__name__}")
|
||||
raise HTTPException(
|
||||
status.HTTP_510_NOT_EXTENDED, f"Token refresh error: {err.__class__.__name__}"
|
||||
)
|
||||
await update_token(provider.id, new_token)
|
||||
return RedirectResponse(url=request.url_for("home"))
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -2,41 +2,49 @@ import logging
|
|||
from functools import cached_property
|
||||
from typing import Any
|
||||
|
||||
from sqlalchemy.types import JSON
|
||||
from pydantic import (
|
||||
BaseModel,
|
||||
computed_field,
|
||||
field_validator,
|
||||
AnyHttpUrl,
|
||||
EmailStr,
|
||||
ConfigDict,
|
||||
)
|
||||
from sqlmodel import SQLModel, Field
|
||||
from sqlmodel import Relationship, SQLModel, Field
|
||||
|
||||
logger = logging.getLogger("oidc-test")
|
||||
|
||||
|
||||
class Role(SQLModel, extra="ignore"):
|
||||
class Role(SQLModel, table=True):
|
||||
id: str = Field(primary_key=True)
|
||||
name: str
|
||||
|
||||
|
||||
class UserBase(SQLModel, extra="ignore"):
|
||||
id: str | None = None
|
||||
class UserBase(SQLModel):
|
||||
sid: str | None = None
|
||||
name: str | None = None
|
||||
email: EmailStr | None = None
|
||||
picture: AnyHttpUrl | None = None
|
||||
roles: list[Role] = []
|
||||
picture: str | None = None
|
||||
|
||||
@classmethod
|
||||
@field_validator("picture")
|
||||
def _valid_url(cls, v):
|
||||
return AnyHttpUrl(v)
|
||||
|
||||
|
||||
class User(UserBase):
|
||||
model_config = ConfigDict(arbitrary_types_allowed=True) # type:ignore
|
||||
|
||||
class User(UserBase, table=True):
|
||||
# model_config = ConfigDict(arbitrary_types_allowed=True) # type:ignore
|
||||
id: int | None = Field(primary_key=True, default=None)
|
||||
roles: list[str] = Field(sa_type=JSON, default=[]) # Relationship(link_model=Role)
|
||||
sub: str = Field(
|
||||
description="""subject id of the user given by the oidc provider,
|
||||
also the key for the database 'table'""",
|
||||
)
|
||||
userinfo: dict = {}
|
||||
access_token: str | None = None
|
||||
access_token_decoded: dict[str, Any] | None = None
|
||||
auth_provider_id: str
|
||||
access_token: str | None = None
|
||||
userinfo: dict[str, Any] = Field(sa_type=JSON)
|
||||
access_token_decoded: dict[str, Any] | None = Field(sa_type=JSON)
|
||||
|
||||
@computed_field
|
||||
@cached_property
|
||||
|
|
@ -64,3 +72,8 @@ class User(UserBase):
|
|||
|
||||
def get_scope(self, verify_signature: bool = True):
|
||||
return self.decode_access_token(verify_signature=verify_signature)["scope"]
|
||||
|
||||
|
||||
class Token(SQLModel, table=True):
|
||||
sid: str | None = Field(primary_key=True, default=None)
|
||||
token: dict[str, Any] = Field(sa_type=JSON)
|
||||
|
|
|
|||
|
|
@ -12,13 +12,14 @@ class ProcessResult(BaseModel):
|
|||
model_config = ConfigDict(
|
||||
extra="allow",
|
||||
)
|
||||
msg: str | None = None
|
||||
|
||||
|
||||
class ProcessError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class Resource(BaseModel):
|
||||
class ResourceProvider(BaseModel):
|
||||
name: str
|
||||
scope_required: str | None = None
|
||||
role_required: str | None = None
|
||||
|
|
@ -35,13 +36,13 @@ class Resource(BaseModel):
|
|||
|
||||
|
||||
class ResourceRegistry(BaseModel):
|
||||
resources: dict[str, Resource] = {}
|
||||
resource_providers: dict[str, ResourceProvider] = {}
|
||||
|
||||
def make_registry(self):
|
||||
for ep in entry_points().select(group="oidc_test.resource_provider"):
|
||||
ResourceClass = ep.load()
|
||||
if issubclass(ResourceClass, Resource):
|
||||
self.resources[ep.name] = ResourceClass(ep.name)
|
||||
ResourceProviderClass = ep.load()
|
||||
if issubclass(ResourceProviderClass, ResourceProvider):
|
||||
self.resource_providers[ep.name] = ResourceProviderClass(ep.name)
|
||||
|
||||
|
||||
registry = ResourceRegistry()
|
||||
|
|
|
|||
|
|
@ -1,11 +1,9 @@
|
|||
from typing import Annotated, Any
|
||||
import logging
|
||||
from json import JSONDecodeError
|
||||
|
||||
from authlib.oauth2.rfc6749 import OAuth2Token
|
||||
from httpx import AsyncClient, HTTPError
|
||||
from jwt.exceptions import DecodeError, ExpiredSignatureError, InvalidTokenError
|
||||
from fastapi import FastAPI, HTTPException, Depends, Request, status
|
||||
from httpx import AsyncClient
|
||||
from fastapi import FastAPI, HTTPException, Depends, status
|
||||
from fastapi.middleware.cors import CORSMiddleware
|
||||
|
||||
# from starlette.middleware.sessions import SessionMiddleware
|
||||
|
|
@ -18,7 +16,7 @@ from oidc_test.auth.utils import (
|
|||
oauth2_scheme_optional,
|
||||
)
|
||||
from oidc_test.auth_providers import providers
|
||||
from oidc_test.settings import ResourceProvider, settings
|
||||
from oidc_test.settings import settings
|
||||
from oidc_test.models import User
|
||||
from oidc_test.registry import ProcessError, ProcessResult, registry
|
||||
|
||||
|
|
@ -49,7 +47,7 @@ resource_server.add_middleware(
|
|||
|
||||
@resource_server.get("/")
|
||||
async def resources() -> dict[str, dict[str, Any]]:
|
||||
return {"internal": {}, "plugins": registry.resources}
|
||||
return {"internal": {}, "plugins": registry.resource_providers}
|
||||
|
||||
|
||||
@resource_server.get("/{resource_name}")
|
||||
|
|
@ -66,46 +64,8 @@ async def get_resource(
|
|||
# Get the resource if it's defined in user auth provider's resources (external)
|
||||
if user is not None:
|
||||
provider = providers[user.auth_provider_id]
|
||||
if ":" in resource_name:
|
||||
# Third-party resource provider: send the request with the request token
|
||||
resource_provider_id, resource_name = resource_name.split(":", 1)
|
||||
provider = providers[user.auth_provider_id]
|
||||
resource_provider: ResourceProvider = provider.get_resource_provider(
|
||||
resource_provider_id
|
||||
)
|
||||
resource_url = resource_provider.get_resource_url(resource_name)
|
||||
async with AsyncClient(verify=resource_provider.verify_ssl) as client:
|
||||
try:
|
||||
logger.debug(f"GET request to {resource_url}")
|
||||
resp = await client.get(
|
||||
resource_url,
|
||||
headers={
|
||||
"Content-type": "application/json",
|
||||
"Authorization": f"Bearer {token}",
|
||||
"auth_provider": user.auth_provider_id,
|
||||
},
|
||||
)
|
||||
except HTTPError as err:
|
||||
raise HTTPException(
|
||||
status.HTTP_503_SERVICE_UNAVAILABLE, err.__class__.__name__
|
||||
)
|
||||
except Exception as err:
|
||||
raise HTTPException(
|
||||
status.HTTP_500_INTERNAL_SERVER_ERROR, err.__class__.__name__
|
||||
)
|
||||
else:
|
||||
if resp.is_success:
|
||||
return resp.json()
|
||||
else:
|
||||
reason_str: str
|
||||
try:
|
||||
reason_str = resp.json().get("detail", str(resp))
|
||||
except Exception:
|
||||
reason_str = str(resp.text)
|
||||
raise HTTPException(resp.status_code, reason_str)
|
||||
# Third party resource (provided through the auth provider)
|
||||
# The token is just passed on
|
||||
# XXX: is this branch valid anymore?
|
||||
if resource_name in [r.resource_name for r in provider.resources]:
|
||||
return await get_auth_provider_resource(
|
||||
provider=provider,
|
||||
|
|
@ -114,31 +74,31 @@ async def get_resource(
|
|||
user=user,
|
||||
)
|
||||
# Internal resource (provided here)
|
||||
if resource_name in registry.resources:
|
||||
resource = registry.resources[resource_name]
|
||||
if resource_name in registry.resource_providers:
|
||||
resource_provider = registry.resource_providers[resource_name]
|
||||
reason: dict[str, str] = {}
|
||||
if not resource.is_public:
|
||||
if not resource_provider.is_public:
|
||||
if user is None:
|
||||
raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Resource is not public")
|
||||
else:
|
||||
if resource.scope_required is not None and not user.has_scope(
|
||||
resource.scope_required
|
||||
if resource_provider.scope_required is not None and not user.has_scope(
|
||||
resource_provider.scope_required
|
||||
):
|
||||
reason["scope"] = (
|
||||
f"No scope {resource.scope_required} in the access token "
|
||||
f"No scope {resource_provider.scope_required} in the access token "
|
||||
"but it is required for accessing this resource"
|
||||
)
|
||||
if (
|
||||
resource.role_required is not None
|
||||
and resource.role_required not in user.roles_as_set
|
||||
resource_provider.role_required is not None
|
||||
and resource_provider.role_required not in user.roles_as_set
|
||||
):
|
||||
reason["role"] = (
|
||||
f"You don't have the role {resource.role_required} "
|
||||
f"You don't have the role {resource_provider.role_required} "
|
||||
"but it is required for accessing this resource"
|
||||
)
|
||||
if len(reason) == 0:
|
||||
try:
|
||||
resp = await resource.process(user=user, resource_id=resource_id)
|
||||
resp = await resource_provider.process(user=user, resource_id=resource_id)
|
||||
return resp
|
||||
except ProcessError as err:
|
||||
raise HTTPException(
|
||||
|
|
@ -156,10 +116,11 @@ async def get_auth_provider_resource(
|
|||
) -> ProcessResult:
|
||||
if token is None:
|
||||
raise HTTPException(status.HTTP_401_UNAUTHORIZED, "No auth token")
|
||||
access_token = token
|
||||
access_token = token["access_token"]
|
||||
resource = [r for r in provider.resources if r.resource_name == resource_name][0]
|
||||
async with AsyncClient() as client:
|
||||
resp = await client.get(
|
||||
url=provider.get_resource_url(resource_name),
|
||||
url=provider.url + resource.url,
|
||||
headers={
|
||||
"Content-type": "application/json",
|
||||
"Authorization": f"Bearer {access_token}",
|
||||
|
|
@ -170,19 +131,9 @@ async def get_auth_provider_resource(
|
|||
# Only a demo, real application would really process the response
|
||||
resp_length = len(resp.text)
|
||||
if resp_length > 1024:
|
||||
return ProcessResult(
|
||||
msg=f"The resource is too long ({resp_length} bytes) to show in this demo, here is just the begining in raw format",
|
||||
start=resp.text[:100] + "...",
|
||||
)
|
||||
return ProcessResult(msg=f"The resource is too long ({resp_length} bytes) to show here")
|
||||
else:
|
||||
try:
|
||||
resp_json = resp.json()
|
||||
except JSONDecodeError:
|
||||
return ProcessResult(msg="The resource is not formatted in JSON", text=resp.text)
|
||||
if isinstance(resp_json, dict):
|
||||
return ProcessResult(**resp.json())
|
||||
elif isinstance(resp_json, list):
|
||||
return ProcessResult(**{str(i): line for i, line in enumerate(resp_json)})
|
||||
return ProcessResult(**resp.json())
|
||||
|
||||
|
||||
# @resource_server.get("/public")
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ import random
|
|||
from typing import Type, Tuple
|
||||
from pathlib import Path
|
||||
|
||||
from pydantic import AnyHttpUrl, BaseModel, computed_field, AnyUrl
|
||||
from pydantic import BaseModel, computed_field, AnyUrl
|
||||
from pydantic_settings import (
|
||||
BaseSettings,
|
||||
SettingsConfigDict,
|
||||
|
|
@ -22,22 +22,6 @@ class Resource(BaseModel):
|
|||
url: str
|
||||
|
||||
|
||||
class ResourceProvider(BaseModel):
|
||||
id: str
|
||||
name: str
|
||||
base_url: AnyUrl
|
||||
resources: list[Resource] = []
|
||||
verify_ssl: bool = True
|
||||
|
||||
def get_resource(self, resource_name: str) -> Resource:
|
||||
return [
|
||||
resource for resource in self.resources if resource.resource_name == resource_name
|
||||
][0]
|
||||
|
||||
def get_resource_url(self, resource_name: str) -> str:
|
||||
return f"{self.base_url}{self.get_resource(resource_name).url}"
|
||||
|
||||
|
||||
class AuthProviderSettings(BaseModel):
|
||||
"""Auth provider, can also be a resource server"""
|
||||
|
||||
|
|
@ -61,7 +45,6 @@ class AuthProviderSettings(BaseModel):
|
|||
session_key: str = "sid"
|
||||
skip_verify_signature: bool = True
|
||||
disabled: bool = False
|
||||
resource_providers: list[ResourceProvider] = []
|
||||
|
||||
@computed_field
|
||||
@property
|
||||
|
|
@ -84,6 +67,13 @@ class AuthProviderSettings(BaseModel):
|
|||
return None
|
||||
|
||||
|
||||
class ResourceProvider(BaseModel):
|
||||
id: str
|
||||
name: str
|
||||
base_url: AnyUrl
|
||||
resources: list[Resource] = []
|
||||
|
||||
|
||||
class AuthSettings(BaseModel):
|
||||
show_session_details: bool = False
|
||||
providers: list[AuthProviderSettings] = []
|
||||
|
|
@ -96,20 +86,41 @@ class Insecure(BaseModel):
|
|||
skip_verify_signature: bool = False
|
||||
|
||||
|
||||
class DB(BaseModel):
|
||||
host: str = "localhost"
|
||||
port: int = 5432
|
||||
db: str = "oidc-test"
|
||||
user: str = "oidc-test"
|
||||
password: str = "oidc-test"
|
||||
debug: bool = False
|
||||
pool_size: int = 10
|
||||
max_overflow: int = 10
|
||||
echo: bool = False
|
||||
|
||||
@property
|
||||
def sqla_url(self):
|
||||
return (
|
||||
f"postgresql+asyncpg://{self.user}:{self.password}@{self.host}:{self.port}/{self.db}"
|
||||
)
|
||||
|
||||
def get_pg_url(self):
|
||||
return f"postgresql://{self.user}:{self.password}@{self.host}:{self.port}/{self.db}"
|
||||
|
||||
|
||||
class Settings(BaseSettings):
|
||||
"""Settings wil be read from an .env file"""
|
||||
|
||||
model_config = SettingsConfigDict(env_nested_delimiter="__")
|
||||
|
||||
auth: AuthSettings = AuthSettings()
|
||||
resource_providers: list[ResourceProvider] = []
|
||||
secret_key: str = "".join(random.choice(string.ascii_letters) for _ in range(16))
|
||||
log: bool = False
|
||||
log_config_file: str = "log_conf.yaml"
|
||||
insecure: Insecure = Insecure()
|
||||
db: DB = DB()
|
||||
cors_origins: list[str] = []
|
||||
debug_token: bool = False
|
||||
show_token: bool = False
|
||||
show_external_resource_providers_links: bool = False
|
||||
|
||||
@classmethod
|
||||
def settings_customise_sources(
|
||||
|
|
|
|||
|
|
@ -21,12 +21,6 @@ hr {
|
|||
.hidden {
|
||||
display: none;
|
||||
}
|
||||
.version {
|
||||
position: absolute;
|
||||
font-size: 75%;
|
||||
top: 0.3em;
|
||||
right: 0.3em;
|
||||
}
|
||||
.center {
|
||||
text-align: center;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,9 +2,7 @@ async function checkHref(elem, token, authProvider) {
|
|||
const msg = document.getElementById("msg")
|
||||
const resourceName = elem.getAttribute("resource-name")
|
||||
const resourceId = elem.getAttribute("resource-id")
|
||||
const resourceProviderId = elem.getAttribute("resource-provider-id") ? elem.getAttribute("resource-provider-id") : ""
|
||||
const fqResourceName = resourceProviderId ? `${resourceProviderId}:${resourceName}` : resourceName
|
||||
const url = resourceId ? `resource/${fqResourceName}/${resourceId}` : `resource/${fqResourceName}`
|
||||
const url = resourceId ? `resource/${resourceName}/${resourceId}` : `resource/${resourceName}`
|
||||
const resp = await fetch(url, {
|
||||
method: "GET",
|
||||
headers: new Headers({
|
||||
|
|
@ -32,13 +30,11 @@ function checkPerms(className, token, authProvider) {
|
|||
)
|
||||
}
|
||||
|
||||
async function get_resource(resourceName, token, authProvider, resourceId, resourceProviderId) {
|
||||
// BaseUrl for an external resource provider
|
||||
async function get_resource(resource_name, token, authProvider, resource_id) {
|
||||
//if (!keycloak.keycloak) { return }
|
||||
const msg = document.getElementById("msg")
|
||||
const resourceElem = document.getElementById('resource')
|
||||
const fqResourceName = resourceProviderId ? `${resourceProviderId}:${resourceName}` : resourceName
|
||||
const url = resourceId ? `resource/${fqResourceName}/${resourceId}` : `resource/${fqResourceName}`
|
||||
const url = resource_id ? `resource/${resource_name}/${resource_id}` : `resource/${resource_name}`
|
||||
const resp = await fetch(url, {
|
||||
method: "GET",
|
||||
headers: new Headers({
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@
|
|||
<script src="{{ url_for('static', path='/utils.js') }}"></script>
|
||||
</head>
|
||||
<body onload="checkPerms('links-to-check', '{{ access_token }}', '{{ auth_provider.id }}')">
|
||||
<div class="version">v. {{ __version__}}</div>
|
||||
<h1>OIDC-test - FastAPI client</h1>
|
||||
{% block content %}
|
||||
{% endblock %}
|
||||
|
|
|
|||
|
|
@ -66,67 +66,29 @@
|
|||
{% endif %}
|
||||
<hr>
|
||||
<div class="content">
|
||||
{% if resources %}
|
||||
<p>This application provides all these resources, eventually protected with scope or roles:</p>
|
||||
{% if resource_providers %}
|
||||
<p>
|
||||
{{ auth_provider.name }} provides these resources:
|
||||
</p>
|
||||
<div class="links-to-check">
|
||||
{% for name, resource in resources.items() %}
|
||||
{% if resource.default_resource_id %}
|
||||
<button resource-name="{{ name }}"
|
||||
resource-id="{{ resource.default_resource_id }}"
|
||||
onclick="get_resource('{{ name }}', '{{ access_token }}', '{{ auth_provider.id }}', '{{ resource.default_resource_id }}')"
|
||||
>
|
||||
{{ resource.name }}
|
||||
</button>
|
||||
{% for name, resource_provider in resource_providers.items() %}
|
||||
{% if resource_provider.default_resource_id %}
|
||||
<button resource-name="{{ name }}"
|
||||
resource-id="{{ resource_provider.default_resource_id }}"
|
||||
onclick="get_resource('{{ name }}', '{{ access_token }}', '{{ auth_provider.id }}', '{{ resource_provider.default_resource_id }}')"
|
||||
>
|
||||
{{ resource_provider.name }}
|
||||
</button>
|
||||
{% else %}
|
||||
<button resource-name="{{ name }}"
|
||||
onclick="get_resource('{{ name }}', '{{ access_token }}', '{{ auth_provider.id }}')"
|
||||
>
|
||||
{{ resource.name }}
|
||||
</button>
|
||||
{{ resource_provider.name }}
|
||||
</buttona>
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
</div>
|
||||
{% endif %}
|
||||
{% if auth_provider.resources %}
|
||||
<p>{{ auth_provider.name }} is also defined as a provider for these resources:</p>
|
||||
<div class="links-to-check">
|
||||
{% for resource in auth_provider.resources %}
|
||||
{% if resource.default_resource_id %}
|
||||
<button resource-name="{{ resource.resource_name }}"
|
||||
resource-id="{{ resource.default_resource_id }}"
|
||||
onclick="get_resource('{{ resource.resource_name }}', '{{ access_token }}', '{{ auth_provider.id }}', '{{ resource.default_resource_id }}')"
|
||||
>
|
||||
{{ resource.name }}
|
||||
</button>
|
||||
{% else %}
|
||||
<button resource-name="{{ resource.resource_name }}"
|
||||
onclick="get_resource('{{ resource.resource_name }}', '{{ access_token }}', '{{ auth_provider.id }}')"
|
||||
>
|
||||
{{ resource.name }}
|
||||
</button>
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
</div>
|
||||
{% endif %}
|
||||
{% if resource_providers %}
|
||||
<p>{{ auth_provider.name }} allows this application to request resources from third party resource providers:</p>
|
||||
{% for resource_provider in resource_providers %}
|
||||
<div class="links-to-check">
|
||||
{{ resource_provider.name }}
|
||||
{% for resource in resource_provider.resources %}
|
||||
<button resource-name="{{ resource.resource_name }}"
|
||||
resource-id="{{ resource.default_resource_id }}"
|
||||
resource-provider-id="{{ resource_provider.id }}"
|
||||
onclick="get_resource('{{ resource.resource_name }}', '{{ access_token }}',
|
||||
'{{ auth_provider.id }}', '{{ resource.default_resource_id }}',
|
||||
'{{ resource_provider.id }}')"
|
||||
>
|
||||
{{ resource.name }}
|
||||
</button>
|
||||
{% endfor %}
|
||||
</div>
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
<div class="resourceResult">
|
||||
<div id="resource" class="resource"></div>
|
||||
<div id="msg" class="msg error"></div>
|
||||
|
|
|
|||
60
uv.lock
generated
60
uv.lock
generated
|
|
@ -1,5 +1,4 @@
|
|||
version = 1
|
||||
revision = 1
|
||||
requires-python = ">=3.13"
|
||||
|
||||
[[package]]
|
||||
|
|
@ -33,6 +32,22 @@ wheels = [
|
|||
{ url = "https://files.pythonhosted.org/packages/25/8a/c46dcc25341b5bce5472c718902eb3d38600a903b14fa6aeecef3f21a46f/asttokens-3.0.0-py3-none-any.whl", hash = "sha256:e3078351a059199dd5138cb1c706e6430c05eff2ff136af5eb4790f9d28932e2", size = 26918 },
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "asyncpg"
|
||||
version = "0.30.0"
|
||||
source = { registry = "https://pypi.org/simple" }
|
||||
sdist = { url = "https://files.pythonhosted.org/packages/2f/4c/7c991e080e106d854809030d8584e15b2e996e26f16aee6d757e387bc17d/asyncpg-0.30.0.tar.gz", hash = "sha256:c551e9928ab6707602f44811817f82ba3c446e018bfe1d3abecc8ba5f3eac851", size = 957746 }
|
||||
wheels = [
|
||||
{ url = "https://files.pythonhosted.org/packages/3a/22/e20602e1218dc07692acf70d5b902be820168d6282e69ef0d3cb920dc36f/asyncpg-0.30.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:05b185ebb8083c8568ea8a40e896d5f7af4b8554b64d7719c0eaa1eb5a5c3a70", size = 670373 },
|
||||
{ url = "https://files.pythonhosted.org/packages/3d/b3/0cf269a9d647852a95c06eb00b815d0b95a4eb4b55aa2d6ba680971733b9/asyncpg-0.30.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:c47806b1a8cbb0a0db896f4cd34d89942effe353a5035c62734ab13b9f938da3", size = 634745 },
|
||||
{ url = "https://files.pythonhosted.org/packages/8e/6d/a4f31bf358ce8491d2a31bfe0d7bcf25269e80481e49de4d8616c4295a34/asyncpg-0.30.0-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9b6fde867a74e8c76c71e2f64f80c64c0f3163e687f1763cfaf21633ec24ec33", size = 3512103 },
|
||||
{ url = "https://files.pythonhosted.org/packages/96/19/139227a6e67f407b9c386cb594d9628c6c78c9024f26df87c912fabd4368/asyncpg-0.30.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:46973045b567972128a27d40001124fbc821c87a6cade040cfcd4fa8a30bcdc4", size = 3592471 },
|
||||
{ url = "https://files.pythonhosted.org/packages/67/e4/ab3ca38f628f53f0fd28d3ff20edff1c975dd1cb22482e0061916b4b9a74/asyncpg-0.30.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:9110df111cabc2ed81aad2f35394a00cadf4f2e0635603db6ebbd0fc896f46a4", size = 3496253 },
|
||||
{ url = "https://files.pythonhosted.org/packages/ef/5f/0bf65511d4eeac3a1f41c54034a492515a707c6edbc642174ae79034d3ba/asyncpg-0.30.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:04ff0785ae7eed6cc138e73fc67b8e51d54ee7a3ce9b63666ce55a0bf095f7ba", size = 3662720 },
|
||||
{ url = "https://files.pythonhosted.org/packages/e7/31/1513d5a6412b98052c3ed9158d783b1e09d0910f51fbe0e05f56cc370bc4/asyncpg-0.30.0-cp313-cp313-win32.whl", hash = "sha256:ae374585f51c2b444510cdf3595b97ece4f233fde739aa14b50e0d64e8a7a590", size = 560404 },
|
||||
{ url = "https://files.pythonhosted.org/packages/c8/a4/cec76b3389c4c5ff66301cd100fe88c318563ec8a520e0b2e792b5b84972/asyncpg-0.30.0-cp313-cp313-win_amd64.whl", hash = "sha256:f59b430b8e27557c3fb9869222559f7417ced18688375825f8f12302c34e915e", size = 621623 },
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "authlib"
|
||||
version = "1.4.0"
|
||||
|
|
@ -207,18 +222,6 @@ wheels = [
|
|||
{ url = "https://files.pythonhosted.org/packages/68/1b/e0a87d256e40e8c888847551b20a017a6b98139178505dc7ffb96f04e954/dnspython-2.7.0-py3-none-any.whl", hash = "sha256:b4c34b7d10b51bcc3a5071e7b8dee77939f1e878477eeecc965e9835f63c6c86", size = 313632 },
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "dunamai"
|
||||
version = "1.23.0"
|
||||
source = { registry = "https://pypi.org/simple" }
|
||||
dependencies = [
|
||||
{ name = "packaging" },
|
||||
]
|
||||
sdist = { url = "https://files.pythonhosted.org/packages/06/4e/a5c8c337a1d9ac0384298ade02d322741fb5998041a5ea74d1cd2a4a1d47/dunamai-1.23.0.tar.gz", hash = "sha256:a163746de7ea5acb6dacdab3a6ad621ebc612ed1e528aaa8beedb8887fccd2c4", size = 44681 }
|
||||
wheels = [
|
||||
{ url = "https://files.pythonhosted.org/packages/21/4c/963169386309fec4f96fd61210ac0a0666887d0fb0a50205395674d20b71/dunamai-1.23.0-py3-none-any.whl", hash = "sha256:a0906d876e92441793c6a423e16a4802752e723e9c9a5aabdc5535df02dbe041", size = 26342 },
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "ecdsa"
|
||||
version = "0.19.0"
|
||||
|
|
@ -296,6 +299,30 @@ standard = [
|
|||
{ name = "uvicorn", extra = ["standard"] },
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "greenlet"
|
||||
version = "3.1.1"
|
||||
source = { registry = "https://pypi.org/simple" }
|
||||
sdist = { url = "https://files.pythonhosted.org/packages/2f/ff/df5fede753cc10f6a5be0931204ea30c35fa2f2ea7a35b25bdaf4fe40e46/greenlet-3.1.1.tar.gz", hash = "sha256:4ce3ac6cdb6adf7946475d7ef31777c26d94bccc377e070a7986bd2d5c515467", size = 186022 }
|
||||
wheels = [
|
||||
{ url = "https://files.pythonhosted.org/packages/f3/57/0db4940cd7bb461365ca8d6fd53e68254c9dbbcc2b452e69d0d41f10a85e/greenlet-3.1.1-cp313-cp313-macosx_11_0_universal2.whl", hash = "sha256:05175c27cb459dcfc05d026c4232f9de8913ed006d42713cb8a5137bd49375f1", size = 272990 },
|
||||
{ url = "https://files.pythonhosted.org/packages/1c/ec/423d113c9f74e5e402e175b157203e9102feeb7088cee844d735b28ef963/greenlet-3.1.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:935e943ec47c4afab8965954bf49bfa639c05d4ccf9ef6e924188f762145c0ff", size = 649175 },
|
||||
{ url = "https://files.pythonhosted.org/packages/a9/46/ddbd2db9ff209186b7b7c621d1432e2f21714adc988703dbdd0e65155c77/greenlet-3.1.1-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:667a9706c970cb552ede35aee17339a18e8f2a87a51fba2ed39ceeeb1004798a", size = 663425 },
|
||||
{ url = "https://files.pythonhosted.org/packages/bc/f9/9c82d6b2b04aa37e38e74f0c429aece5eeb02bab6e3b98e7db89b23d94c6/greenlet-3.1.1-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:b8a678974d1f3aa55f6cc34dc480169d58f2e6d8958895d68845fa4ab566509e", size = 657736 },
|
||||
{ url = "https://files.pythonhosted.org/packages/d9/42/b87bc2a81e3a62c3de2b0d550bf91a86939442b7ff85abb94eec3fc0e6aa/greenlet-3.1.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:efc0f674aa41b92da8c49e0346318c6075d734994c3c4e4430b1c3f853e498e4", size = 660347 },
|
||||
{ url = "https://files.pythonhosted.org/packages/37/fa/71599c3fd06336cdc3eac52e6871cfebab4d9d70674a9a9e7a482c318e99/greenlet-3.1.1-cp313-cp313-manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:0153404a4bb921f0ff1abeb5ce8a5131da56b953eda6e14b88dc6bbc04d2049e", size = 615583 },
|
||||
{ url = "https://files.pythonhosted.org/packages/4e/96/e9ef85de031703ee7a4483489b40cf307f93c1824a02e903106f2ea315fe/greenlet-3.1.1-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:275f72decf9932639c1c6dd1013a1bc266438eb32710016a1c742df5da6e60a1", size = 1133039 },
|
||||
{ url = "https://files.pythonhosted.org/packages/87/76/b2b6362accd69f2d1889db61a18c94bc743e961e3cab344c2effaa4b4a25/greenlet-3.1.1-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:c4aab7f6381f38a4b42f269057aee279ab0fc7bf2e929e3d4abfae97b682a12c", size = 1160716 },
|
||||
{ url = "https://files.pythonhosted.org/packages/1f/1b/54336d876186920e185066d8c3024ad55f21d7cc3683c856127ddb7b13ce/greenlet-3.1.1-cp313-cp313-win_amd64.whl", hash = "sha256:b42703b1cf69f2aa1df7d1030b9d77d3e584a70755674d60e710f0af570f3761", size = 299490 },
|
||||
{ url = "https://files.pythonhosted.org/packages/5f/17/bea55bf36990e1638a2af5ba10c1640273ef20f627962cf97107f1e5d637/greenlet-3.1.1-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f1695e76146579f8c06c1509c7ce4dfe0706f49c6831a817ac04eebb2fd02011", size = 643731 },
|
||||
{ url = "https://files.pythonhosted.org/packages/78/d2/aa3d2157f9ab742a08e0fd8f77d4699f37c22adfbfeb0c610a186b5f75e0/greenlet-3.1.1-cp313-cp313t-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:7876452af029456b3f3549b696bb36a06db7c90747740c5302f74a9e9fa14b13", size = 649304 },
|
||||
{ url = "https://files.pythonhosted.org/packages/f1/8e/d0aeffe69e53ccff5a28fa86f07ad1d2d2d6537a9506229431a2a02e2f15/greenlet-3.1.1-cp313-cp313t-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:4ead44c85f8ab905852d3de8d86f6f8baf77109f9da589cb4fa142bd3b57b475", size = 646537 },
|
||||
{ url = "https://files.pythonhosted.org/packages/05/79/e15408220bbb989469c8871062c97c6c9136770657ba779711b90870d867/greenlet-3.1.1-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8320f64b777d00dd7ccdade271eaf0cad6636343293a25074cc5566160e4de7b", size = 642506 },
|
||||
{ url = "https://files.pythonhosted.org/packages/18/87/470e01a940307796f1d25f8167b551a968540fbe0551c0ebb853cb527dd6/greenlet-3.1.1-cp313-cp313t-manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:6510bf84a6b643dabba74d3049ead221257603a253d0a9873f55f6a59a65f822", size = 602753 },
|
||||
{ url = "https://files.pythonhosted.org/packages/e2/72/576815ba674eddc3c25028238f74d7b8068902b3968cbe456771b166455e/greenlet-3.1.1-cp313-cp313t-musllinux_1_1_aarch64.whl", hash = "sha256:04b013dc07c96f83134b1e99888e7a79979f1a247e2a9f59697fa14b5862ed01", size = 1122731 },
|
||||
{ url = "https://files.pythonhosted.org/packages/ac/38/08cc303ddddc4b3d7c628c3039a61a3aae36c241ed01393d00c2fd663473/greenlet-3.1.1-cp313-cp313t-musllinux_1_1_x86_64.whl", hash = "sha256:411f015496fec93c1c8cd4e5238da364e1da7a124bcb293f085bf2860c32c6f6", size = 1142112 },
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "h11"
|
||||
version = "0.14.0"
|
||||
|
|
@ -495,11 +522,14 @@ wheels = [
|
|||
|
||||
[[package]]
|
||||
name = "oidc-fastapi-test"
|
||||
version = "0.0.0"
|
||||
source = { editable = "." }
|
||||
dependencies = [
|
||||
{ name = "asyncpg" },
|
||||
{ name = "authlib" },
|
||||
{ name = "cachetools" },
|
||||
{ name = "fastapi", extra = ["standard"] },
|
||||
{ name = "greenlet" },
|
||||
{ name = "httpx" },
|
||||
{ name = "itsdangerous" },
|
||||
{ name = "passlib", extra = ["bcrypt"] },
|
||||
|
|
@ -513,16 +543,17 @@ dependencies = [
|
|||
|
||||
[package.dev-dependencies]
|
||||
dev = [
|
||||
{ name = "dunamai" },
|
||||
{ name = "ipdb" },
|
||||
{ name = "pytest" },
|
||||
]
|
||||
|
||||
[package.metadata]
|
||||
requires-dist = [
|
||||
{ name = "asyncpg", specifier = ">=0.30.0" },
|
||||
{ name = "authlib", specifier = ">=1.4.0" },
|
||||
{ name = "cachetools", specifier = ">=5.5.0" },
|
||||
{ name = "fastapi", extras = ["standard"], specifier = ">=0.115.6" },
|
||||
{ name = "greenlet", specifier = ">=3.1.1" },
|
||||
{ name = "httpx", specifier = ">=0.28.1" },
|
||||
{ name = "itsdangerous", specifier = ">=2.2.0" },
|
||||
{ name = "passlib", extras = ["bcrypt"], specifier = ">=1.7.4" },
|
||||
|
|
@ -536,7 +567,6 @@ requires-dist = [
|
|||
|
||||
[package.metadata.requires-dev]
|
||||
dev = [
|
||||
{ name = "dunamai", specifier = ">=1.23.0" },
|
||||
{ name = "ipdb", specifier = ">=0.13.13" },
|
||||
{ name = "pytest", specifier = ">=8.3.4" },
|
||||
]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue