openid-configuration
parent
14ee96ea4a
commit
d8d07b7dbd
|
@ -0,0 +1,26 @@
|
|||
def read_private_key_file(path):
|
||||
with open(path) as f:
|
||||
return f.read()
|
||||
|
||||
ISSUER_URL = 'https://arkhack.org'
|
||||
JWT_CONFIG = {
|
||||
'key': read_private_key_file('private.pem'),
|
||||
'alg': 'RS512',
|
||||
'iss': ISSUER_URL,
|
||||
'exp': 3600
|
||||
}
|
||||
|
||||
SCOPES_SUPPORTED = [
|
||||
"profile:read",
|
||||
"profile:write",
|
||||
"password:write",
|
||||
"users:read",
|
||||
"openid",
|
||||
]
|
||||
|
||||
RESPONSE_TYPES_SUPPORTED = [
|
||||
"code",
|
||||
"code id_token",
|
||||
"id_token",
|
||||
"token id_token",
|
||||
]
|
|
@ -1,6 +1,7 @@
|
|||
from datetime import datetime
|
||||
|
||||
from flask_sqlalchemy import SQLAlchemy
|
||||
from .config import SCOPES_SUPPORTED
|
||||
|
||||
|
||||
db = SQLAlchemy()
|
||||
|
@ -54,13 +55,7 @@ class Client(db.Model):
|
|||
return redirect_uri in self.redirect_uris
|
||||
|
||||
def check_requested_scopes(self, scopes):
|
||||
return {
|
||||
"profile:read",
|
||||
"profile:write",
|
||||
"password:write",
|
||||
"users:read",
|
||||
"openid",
|
||||
}.issuperset(scopes)
|
||||
set(SCOPES_SUPPORTED).issuperset(scopes)
|
||||
|
||||
def check_token_endpoint_auth_method(self, method):
|
||||
allowed = ['client_secret_post', 'client_secret_basic']
|
||||
|
|
|
@ -2,6 +2,7 @@ from authlib.oauth2 import OAuth2Error
|
|||
from flask import Blueprint, render_template, jsonify, request, flash, redirect, current_app
|
||||
from flask_login import login_required, current_user, login_user, logout_user
|
||||
|
||||
from .config import SCOPES_SUPPORTED, RESPONSE_TYPES_SUPPORTED, ISSUER_URL
|
||||
from .forms import LoginForm
|
||||
from .ldap import LDAPUser, check_credentials
|
||||
from .oauth2 import authorization, require_oauth
|
||||
|
@ -124,10 +125,14 @@ def oauth_token_revoke():
|
|||
|
||||
@bp.route("/.well-known/openid-configuration")
|
||||
def oidc_configuration():
|
||||
issuer = current_app.config['ISSUER_URL']
|
||||
return jsonify({
|
||||
"issuer": issuer,
|
||||
"authorization_endpoint": issuer + "/oauth/authorize",
|
||||
"token_endpoint": issuer + "/oauth/token",
|
||||
"userinfo_endpoint": issuer + "/api/1/userinfo",
|
||||
"issuer": ISSUER_URL,
|
||||
"authorization_endpoint": f"{ISSUER_URL}/oauth/authorize",
|
||||
"token_endpoint": f"{ISSUER_URL}/oauth/token",
|
||||
"userinfo_endpoint": f"{ISSUER_URL}/api/1/userinfo",
|
||||
"jwks_uri": f"{ISSUER_URL}/jwks.json",
|
||||
"scopes_supported": SCOPES_SUPPORTED, # recommended
|
||||
"response_types_supported": RESPONSE_TYPES_SUPPORTED,
|
||||
"subject_types_supported": ["pairwise"],
|
||||
"id_token_signing_alg_values_supported": ["RS256", "none"],
|
||||
})
|
||||
|
|
Loading…
Reference in New Issue