From 5ad384bfe992cca433aa449ad6afc6c409ca6216 Mon Sep 17 00:00:00 2001 From: AdvanticGmbH Date: Thu, 23 Feb 2023 09:21:01 +0100 Subject: [PATCH] Add support for oidc_oauth_metadata_url configuration option This commit adds support for the `oidc_oauth_metadata_url` configuration option. This option specifies the URL of the OIDC server's metadata endpoint, which contains information about the OIDC server's endpoints, supported scopes, and other configuration details. By using this option, we can ensure compatibility with different OIDC servers and reduce the risk of errors due to manual endpoint configuration. --- configs/docker_config.py | 1 + docs/oauth.md | 1 + docs/wiki/configuration/Environment-variables.md | 1 + powerdnsadmin/models/setting.py | 1 + powerdnsadmin/routes/admin.py | 2 ++ powerdnsadmin/services/oidc.py | 1 + .../templates/admin_setting_authentication.html | 11 +++++++++++ 7 files changed, 18 insertions(+) diff --git a/configs/docker_config.py b/configs/docker_config.py index 174f93c..e780882 100644 --- a/configs/docker_config.py +++ b/configs/docker_config.py @@ -11,6 +11,7 @@ legal_envvars = ( 'OIDC_OAUTH_API_URL', 'OIDC_OAUTH_TOKEN_URL', 'OIDC_OAUTH_AUTHORIZE_URL', + 'OIDC_OAUTH_METADATA_URL', 'BIND_ADDRESS', 'PORT', 'LOG_LEVEL', diff --git a/docs/oauth.md b/docs/oauth.md index f84ac69..b493f87 100644 --- a/docs/oauth.md +++ b/docs/oauth.md @@ -51,6 +51,7 @@ Enable OpenID Connect OAuth option. * API URL, /auth (The ending can be different with each provider) * Token URL, /token * Authorize URL, /auth +* Metadata URL, /.well-known/openid-configuration * Logout URL, /logout * Username, This will be the claim that will be used as the username. (Usually preferred_username) diff --git a/docs/wiki/configuration/Environment-variables.md b/docs/wiki/configuration/Environment-variables.md index 3ee84c4..b133ee6 100644 --- a/docs/wiki/configuration/Environment-variables.md +++ b/docs/wiki/configuration/Environment-variables.md @@ -20,6 +20,7 @@ | OIDC_OAUTH_API_URL | | | | | OIDC_OAUTH_AUTHORIZE_URL | | OIDC_OAUTH_TOKEN_URL | | | | +| OIDC_OAUTH_METADATA_URL | | | | | PORT | | REMOTE_USER_COOKIES | | REMOTE_USER_LOGOUT_URL | diff --git a/powerdnsadmin/models/setting.py b/powerdnsadmin/models/setting.py index 71fec98..e820af9 100644 --- a/powerdnsadmin/models/setting.py +++ b/powerdnsadmin/models/setting.py @@ -104,6 +104,7 @@ class Setting(db.Model): 'oidc_oauth_api_url': '', 'oidc_oauth_token_url': '', 'oidc_oauth_authorize_url': '', + 'oidc_oauth_metadata_url': '', 'oidc_oauth_logout_url': '', 'oidc_oauth_username': 'preferred_username', 'oidc_oauth_firstname': 'given_name', diff --git a/powerdnsadmin/routes/admin.py b/powerdnsadmin/routes/admin.py index eb27950..609f875 100644 --- a/powerdnsadmin/routes/admin.py +++ b/powerdnsadmin/routes/admin.py @@ -1731,6 +1731,8 @@ def setting_authentication(): request.form.get('oidc_oauth_token_url')) Setting().set('oidc_oauth_authorize_url', request.form.get('oidc_oauth_authorize_url')) + Setting().set('oidc_oauth_metadata_url', + request.form.get('oidc_oauth_metadata_url')) Setting().set('oidc_oauth_logout_url', request.form.get('oidc_oauth_logout_url')) Setting().set('oidc_oauth_username', diff --git a/powerdnsadmin/services/oidc.py b/powerdnsadmin/services/oidc.py index 7e8172b..b5da89e 100644 --- a/powerdnsadmin/services/oidc.py +++ b/powerdnsadmin/services/oidc.py @@ -23,6 +23,7 @@ def oidc_oauth(): request_token_url=None, access_token_url=Setting().get('oidc_oauth_token_url'), authorize_url=Setting().get('oidc_oauth_authorize_url'), + server_metadata_url=Setting().get('oidc_oauth_metadata_url'), client_kwargs={'scope': Setting().get('oidc_oauth_scope')}, fetch_token=fetch_oidc_token, update_token=update_token) diff --git a/powerdnsadmin/templates/admin_setting_authentication.html b/powerdnsadmin/templates/admin_setting_authentication.html index 56f4dd0..26d9a72 100644 --- a/powerdnsadmin/templates/admin_setting_authentication.html +++ b/powerdnsadmin/templates/admin_setting_authentication.html @@ -1210,6 +1210,17 @@ value="{{ SETTING.get('oidc_oauth_authorize_url') }}"> +
+ + + +