mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-11-09 15:10:27 +00:00
Add support for oidc_oauth_metadata_url configuration option
This commit adds support for the `oidc_oauth_metadata_url` configuration option. This option specifies the URL of the OIDC server's metadata endpoint, which contains information about the OIDC server's endpoints, supported scopes, and other configuration details. By using this option, we can ensure compatibility with different OIDC servers and reduce the risk of errors due to manual endpoint configuration.
This commit is contained in:
parent
1cda4f774a
commit
5ad384bfe9
@ -11,6 +11,7 @@ legal_envvars = (
|
|||||||
'OIDC_OAUTH_API_URL',
|
'OIDC_OAUTH_API_URL',
|
||||||
'OIDC_OAUTH_TOKEN_URL',
|
'OIDC_OAUTH_TOKEN_URL',
|
||||||
'OIDC_OAUTH_AUTHORIZE_URL',
|
'OIDC_OAUTH_AUTHORIZE_URL',
|
||||||
|
'OIDC_OAUTH_METADATA_URL',
|
||||||
'BIND_ADDRESS',
|
'BIND_ADDRESS',
|
||||||
'PORT',
|
'PORT',
|
||||||
'LOG_LEVEL',
|
'LOG_LEVEL',
|
||||||
|
@ -51,6 +51,7 @@ Enable OpenID Connect OAuth option.
|
|||||||
* API URL, <oidc_provider_link>/auth (The ending can be different with each provider)
|
* API URL, <oidc_provider_link>/auth (The ending can be different with each provider)
|
||||||
* Token URL, <oidc_provider_link>/token
|
* Token URL, <oidc_provider_link>/token
|
||||||
* Authorize URL, <oidc_provider_link>/auth
|
* Authorize URL, <oidc_provider_link>/auth
|
||||||
|
* Metadata URL, <oidc_provider_link>/.well-known/openid-configuration
|
||||||
* Logout URL, <oidc_provider_link>/logout
|
* Logout URL, <oidc_provider_link>/logout
|
||||||
|
|
||||||
* Username, This will be the claim that will be used as the username. (Usually preferred_username)
|
* Username, This will be the claim that will be used as the username. (Usually preferred_username)
|
||||||
|
@ -20,6 +20,7 @@
|
|||||||
| OIDC_OAUTH_API_URL | | | |
|
| OIDC_OAUTH_API_URL | | | |
|
||||||
| OIDC_OAUTH_AUTHORIZE_URL |
|
| OIDC_OAUTH_AUTHORIZE_URL |
|
||||||
| OIDC_OAUTH_TOKEN_URL | | | |
|
| OIDC_OAUTH_TOKEN_URL | | | |
|
||||||
|
| OIDC_OAUTH_METADATA_URL | | | |
|
||||||
| PORT |
|
| PORT |
|
||||||
| REMOTE_USER_COOKIES |
|
| REMOTE_USER_COOKIES |
|
||||||
| REMOTE_USER_LOGOUT_URL |
|
| REMOTE_USER_LOGOUT_URL |
|
||||||
|
@ -104,6 +104,7 @@ class Setting(db.Model):
|
|||||||
'oidc_oauth_api_url': '',
|
'oidc_oauth_api_url': '',
|
||||||
'oidc_oauth_token_url': '',
|
'oidc_oauth_token_url': '',
|
||||||
'oidc_oauth_authorize_url': '',
|
'oidc_oauth_authorize_url': '',
|
||||||
|
'oidc_oauth_metadata_url': '',
|
||||||
'oidc_oauth_logout_url': '',
|
'oidc_oauth_logout_url': '',
|
||||||
'oidc_oauth_username': 'preferred_username',
|
'oidc_oauth_username': 'preferred_username',
|
||||||
'oidc_oauth_firstname': 'given_name',
|
'oidc_oauth_firstname': 'given_name',
|
||||||
|
@ -1731,6 +1731,8 @@ def setting_authentication():
|
|||||||
request.form.get('oidc_oauth_token_url'))
|
request.form.get('oidc_oauth_token_url'))
|
||||||
Setting().set('oidc_oauth_authorize_url',
|
Setting().set('oidc_oauth_authorize_url',
|
||||||
request.form.get('oidc_oauth_authorize_url'))
|
request.form.get('oidc_oauth_authorize_url'))
|
||||||
|
Setting().set('oidc_oauth_metadata_url',
|
||||||
|
request.form.get('oidc_oauth_metadata_url'))
|
||||||
Setting().set('oidc_oauth_logout_url',
|
Setting().set('oidc_oauth_logout_url',
|
||||||
request.form.get('oidc_oauth_logout_url'))
|
request.form.get('oidc_oauth_logout_url'))
|
||||||
Setting().set('oidc_oauth_username',
|
Setting().set('oidc_oauth_username',
|
||||||
|
@ -23,6 +23,7 @@ def oidc_oauth():
|
|||||||
request_token_url=None,
|
request_token_url=None,
|
||||||
access_token_url=Setting().get('oidc_oauth_token_url'),
|
access_token_url=Setting().get('oidc_oauth_token_url'),
|
||||||
authorize_url=Setting().get('oidc_oauth_authorize_url'),
|
authorize_url=Setting().get('oidc_oauth_authorize_url'),
|
||||||
|
server_metadata_url=Setting().get('oidc_oauth_metadata_url'),
|
||||||
client_kwargs={'scope': Setting().get('oidc_oauth_scope')},
|
client_kwargs={'scope': Setting().get('oidc_oauth_scope')},
|
||||||
fetch_token=fetch_oidc_token,
|
fetch_token=fetch_oidc_token,
|
||||||
update_token=update_token)
|
update_token=update_token)
|
||||||
|
@ -1210,6 +1210,17 @@
|
|||||||
value="{{ SETTING.get('oidc_oauth_authorize_url') }}">
|
value="{{ SETTING.get('oidc_oauth_authorize_url') }}">
|
||||||
<span class="help-block with-errors"></span>
|
<span class="help-block with-errors"></span>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<label for="oidc_oauth_metadata_url">Metadata
|
||||||
|
URL</label>
|
||||||
|
<input type="text" class="form-control"
|
||||||
|
name="oidc_oauth_metadata_url"
|
||||||
|
id="oidc_oauth_metadata_url"
|
||||||
|
placeholder="e.g. https://oidc.com/login/oauth/.well-known/openid-configuration"
|
||||||
|
data-error="Plesae input Metadata URL"
|
||||||
|
value="{{ SETTING.get('oidc_oauth_metadata_url') }}">
|
||||||
|
<span class="help-block with-errors"></span>
|
||||||
|
</div>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="oidc_oauth_logout_url">Logout
|
<label for="oidc_oauth_logout_url">Logout
|
||||||
URL</label>
|
URL</label>
|
||||||
|
Loading…
Reference in New Issue
Block a user