Add support for oidc_oauth_metadata_url configuration option

This commit adds support for the `oidc_oauth_metadata_url` configuration
option. This option specifies the URL of the OIDC server's
metadata endpoint, which contains information about the OIDC server's
endpoints, supported scopes, and other configuration details. By using this
option, we can ensure compatibility with different OIDC servers and reduce
the risk of errors due to manual endpoint configuration.
This commit is contained in:
AdvanticGmbH 2023-02-23 09:21:01 +01:00
parent 1cda4f774a
commit 5ad384bfe9
7 changed files with 18 additions and 0 deletions

View File

@ -11,6 +11,7 @@ legal_envvars = (
'OIDC_OAUTH_API_URL', 'OIDC_OAUTH_API_URL',
'OIDC_OAUTH_TOKEN_URL', 'OIDC_OAUTH_TOKEN_URL',
'OIDC_OAUTH_AUTHORIZE_URL', 'OIDC_OAUTH_AUTHORIZE_URL',
'OIDC_OAUTH_METADATA_URL',
'BIND_ADDRESS', 'BIND_ADDRESS',
'PORT', 'PORT',
'LOG_LEVEL', 'LOG_LEVEL',

View File

@ -51,6 +51,7 @@ Enable OpenID Connect OAuth option.
* API URL, <oidc_provider_link>/auth (The ending can be different with each provider) * API URL, <oidc_provider_link>/auth (The ending can be different with each provider)
* Token URL, <oidc_provider_link>/token * Token URL, <oidc_provider_link>/token
* Authorize URL, <oidc_provider_link>/auth * Authorize URL, <oidc_provider_link>/auth
* Metadata URL, <oidc_provider_link>/.well-known/openid-configuration
* Logout URL, <oidc_provider_link>/logout * Logout URL, <oidc_provider_link>/logout
* Username, This will be the claim that will be used as the username. (Usually preferred_username) * Username, This will be the claim that will be used as the username. (Usually preferred_username)

View File

@ -20,6 +20,7 @@
| OIDC_OAUTH_API_URL | | | | | OIDC_OAUTH_API_URL | | | |
| OIDC_OAUTH_AUTHORIZE_URL | | OIDC_OAUTH_AUTHORIZE_URL |
| OIDC_OAUTH_TOKEN_URL | | | | | OIDC_OAUTH_TOKEN_URL | | | |
| OIDC_OAUTH_METADATA_URL | | | |
| PORT | | PORT |
| REMOTE_USER_COOKIES | | REMOTE_USER_COOKIES |
| REMOTE_USER_LOGOUT_URL | | REMOTE_USER_LOGOUT_URL |

View File

@ -104,6 +104,7 @@ class Setting(db.Model):
'oidc_oauth_api_url': '', 'oidc_oauth_api_url': '',
'oidc_oauth_token_url': '', 'oidc_oauth_token_url': '',
'oidc_oauth_authorize_url': '', 'oidc_oauth_authorize_url': '',
'oidc_oauth_metadata_url': '',
'oidc_oauth_logout_url': '', 'oidc_oauth_logout_url': '',
'oidc_oauth_username': 'preferred_username', 'oidc_oauth_username': 'preferred_username',
'oidc_oauth_firstname': 'given_name', 'oidc_oauth_firstname': 'given_name',

View File

@ -1731,6 +1731,8 @@ def setting_authentication():
request.form.get('oidc_oauth_token_url')) request.form.get('oidc_oauth_token_url'))
Setting().set('oidc_oauth_authorize_url', Setting().set('oidc_oauth_authorize_url',
request.form.get('oidc_oauth_authorize_url')) request.form.get('oidc_oauth_authorize_url'))
Setting().set('oidc_oauth_metadata_url',
request.form.get('oidc_oauth_metadata_url'))
Setting().set('oidc_oauth_logout_url', Setting().set('oidc_oauth_logout_url',
request.form.get('oidc_oauth_logout_url')) request.form.get('oidc_oauth_logout_url'))
Setting().set('oidc_oauth_username', Setting().set('oidc_oauth_username',

View File

@ -23,6 +23,7 @@ def oidc_oauth():
request_token_url=None, request_token_url=None,
access_token_url=Setting().get('oidc_oauth_token_url'), access_token_url=Setting().get('oidc_oauth_token_url'),
authorize_url=Setting().get('oidc_oauth_authorize_url'), authorize_url=Setting().get('oidc_oauth_authorize_url'),
server_metadata_url=Setting().get('oidc_oauth_metadata_url'),
client_kwargs={'scope': Setting().get('oidc_oauth_scope')}, client_kwargs={'scope': Setting().get('oidc_oauth_scope')},
fetch_token=fetch_oidc_token, fetch_token=fetch_oidc_token,
update_token=update_token) update_token=update_token)

View File

@ -1210,6 +1210,17 @@
value="{{ SETTING.get('oidc_oauth_authorize_url') }}"> value="{{ SETTING.get('oidc_oauth_authorize_url') }}">
<span class="help-block with-errors"></span> <span class="help-block with-errors"></span>
</div> </div>
<div class="form-group">
<label for="oidc_oauth_metadata_url">Metadata
URL</label>
<input type="text" class="form-control"
name="oidc_oauth_metadata_url"
id="oidc_oauth_metadata_url"
placeholder="e.g. https://oidc.com/login/oauth/.well-known/openid-configuration"
data-error="Plesae input Metadata URL"
value="{{ SETTING.get('oidc_oauth_metadata_url') }}">
<span class="help-block with-errors"></span>
</div>
<div class="form-group"> <div class="form-group">
<label for="oidc_oauth_logout_url">Logout <label for="oidc_oauth_logout_url">Logout
URL</label> URL</label>