mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2025-01-10 04:15:40 +00:00
5ad384bfe9
This commit adds support for the `oidc_oauth_metadata_url` configuration option. This option specifies the URL of the OIDC server's metadata endpoint, which contains information about the OIDC server's endpoints, supported scopes, and other configuration details. By using this option, we can ensure compatibility with different OIDC servers and reduce the risk of errors due to manual endpoint configuration.
42 lines
1.5 KiB
Python
42 lines
1.5 KiB
Python
from flask import request, session, redirect, url_for, current_app
|
|
|
|
from .base import authlib_oauth_client
|
|
from ..models.setting import Setting
|
|
|
|
|
|
def oidc_oauth():
|
|
if not Setting().get('oidc_oauth_enabled'):
|
|
return None
|
|
|
|
def fetch_oidc_token():
|
|
return session.get('oidc_token')
|
|
|
|
def update_token(token):
|
|
session['oidc_token'] = token
|
|
return token
|
|
|
|
oidc = authlib_oauth_client.register(
|
|
'oidc',
|
|
client_id=Setting().get('oidc_oauth_key'),
|
|
client_secret=Setting().get('oidc_oauth_secret'),
|
|
api_base_url=Setting().get('oidc_oauth_api_url'),
|
|
request_token_url=None,
|
|
access_token_url=Setting().get('oidc_oauth_token_url'),
|
|
authorize_url=Setting().get('oidc_oauth_authorize_url'),
|
|
server_metadata_url=Setting().get('oidc_oauth_metadata_url'),
|
|
client_kwargs={'scope': Setting().get('oidc_oauth_scope')},
|
|
fetch_token=fetch_oidc_token,
|
|
update_token=update_token)
|
|
|
|
@current_app.route('/oidc/authorized')
|
|
def oidc_authorized():
|
|
session['oidc_oauthredir'] = url_for('.oidc_authorized',
|
|
_external=True)
|
|
token = oidc.authorize_access_token()
|
|
if token is None:
|
|
return 'Access denied: reason=%s error=%s' % (
|
|
request.args['error'], request.args['error_description'])
|
|
session['oidc_token'] = (token)
|
|
return redirect(url_for('index.login'))
|
|
|
|
return oidc |