openid-configuration
parent
14ee96ea4a
commit
d8d07b7dbd
|
@ -0,0 +1,26 @@
|
||||||
|
def read_private_key_file(path):
|
||||||
|
with open(path) as f:
|
||||||
|
return f.read()
|
||||||
|
|
||||||
|
ISSUER_URL = 'https://arkhack.org'
|
||||||
|
JWT_CONFIG = {
|
||||||
|
'key': read_private_key_file('private.pem'),
|
||||||
|
'alg': 'RS512',
|
||||||
|
'iss': ISSUER_URL,
|
||||||
|
'exp': 3600
|
||||||
|
}
|
||||||
|
|
||||||
|
SCOPES_SUPPORTED = [
|
||||||
|
"profile:read",
|
||||||
|
"profile:write",
|
||||||
|
"password:write",
|
||||||
|
"users:read",
|
||||||
|
"openid",
|
||||||
|
]
|
||||||
|
|
||||||
|
RESPONSE_TYPES_SUPPORTED = [
|
||||||
|
"code",
|
||||||
|
"code id_token",
|
||||||
|
"id_token",
|
||||||
|
"token id_token",
|
||||||
|
]
|
|
@ -1,6 +1,7 @@
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
|
||||||
from flask_sqlalchemy import SQLAlchemy
|
from flask_sqlalchemy import SQLAlchemy
|
||||||
|
from .config import SCOPES_SUPPORTED
|
||||||
|
|
||||||
|
|
||||||
db = SQLAlchemy()
|
db = SQLAlchemy()
|
||||||
|
@ -54,13 +55,7 @@ class Client(db.Model):
|
||||||
return redirect_uri in self.redirect_uris
|
return redirect_uri in self.redirect_uris
|
||||||
|
|
||||||
def check_requested_scopes(self, scopes):
|
def check_requested_scopes(self, scopes):
|
||||||
return {
|
set(SCOPES_SUPPORTED).issuperset(scopes)
|
||||||
"profile:read",
|
|
||||||
"profile:write",
|
|
||||||
"password:write",
|
|
||||||
"users:read",
|
|
||||||
"openid",
|
|
||||||
}.issuperset(scopes)
|
|
||||||
|
|
||||||
def check_token_endpoint_auth_method(self, method):
|
def check_token_endpoint_auth_method(self, method):
|
||||||
allowed = ['client_secret_post', 'client_secret_basic']
|
allowed = ['client_secret_post', 'client_secret_basic']
|
||||||
|
|
|
@ -2,6 +2,7 @@ from authlib.oauth2 import OAuth2Error
|
||||||
from flask import Blueprint, render_template, jsonify, request, flash, redirect, current_app
|
from flask import Blueprint, render_template, jsonify, request, flash, redirect, current_app
|
||||||
from flask_login import login_required, current_user, login_user, logout_user
|
from flask_login import login_required, current_user, login_user, logout_user
|
||||||
|
|
||||||
|
from .config import SCOPES_SUPPORTED, RESPONSE_TYPES_SUPPORTED, ISSUER_URL
|
||||||
from .forms import LoginForm
|
from .forms import LoginForm
|
||||||
from .ldap import LDAPUser, check_credentials
|
from .ldap import LDAPUser, check_credentials
|
||||||
from .oauth2 import authorization, require_oauth
|
from .oauth2 import authorization, require_oauth
|
||||||
|
@ -124,10 +125,14 @@ def oauth_token_revoke():
|
||||||
|
|
||||||
@bp.route("/.well-known/openid-configuration")
|
@bp.route("/.well-known/openid-configuration")
|
||||||
def oidc_configuration():
|
def oidc_configuration():
|
||||||
issuer = current_app.config['ISSUER_URL']
|
|
||||||
return jsonify({
|
return jsonify({
|
||||||
"issuer": issuer,
|
"issuer": ISSUER_URL,
|
||||||
"authorization_endpoint": issuer + "/oauth/authorize",
|
"authorization_endpoint": f"{ISSUER_URL}/oauth/authorize",
|
||||||
"token_endpoint": issuer + "/oauth/token",
|
"token_endpoint": f"{ISSUER_URL}/oauth/token",
|
||||||
"userinfo_endpoint": issuer + "/api/1/userinfo",
|
"userinfo_endpoint": f"{ISSUER_URL}/api/1/userinfo",
|
||||||
|
"jwks_uri": f"{ISSUER_URL}/jwks.json",
|
||||||
|
"scopes_supported": SCOPES_SUPPORTED, # recommended
|
||||||
|
"response_types_supported": RESPONSE_TYPES_SUPPORTED,
|
||||||
|
"subject_types_supported": ["pairwise"],
|
||||||
|
"id_token_signing_alg_values_supported": ["RS256", "none"],
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in New Issue