From 82760211b1f2a5bbb49dd8d32272e2c82bf4b041 Mon Sep 17 00:00:00 2001
From: Livio Bieri <livio@livio.li>
Date: Thu, 9 Nov 2023 10:34:31 +0100
Subject: [PATCH] wip: sso snafu

---
 server/config/settings/base.py    | 15 +++++++++++++--
 server/vbv_lernwelt/sso/client.py |  3 +++
 server/vbv_lernwelt/sso/views.py  |  6 +++++-
 3 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/server/config/settings/base.py b/server/config/settings/base.py
index b7ffbd2e..7b259878 100644
--- a/server/config/settings/base.py
+++ b/server/config/settings/base.py
@@ -597,19 +597,30 @@ OAUTH = {
     "client_secret": env("IT_OAUTH_CLIENT_SECRET", default=""),
     "authorize_params": IT_OAUTH_AUTHORIZE_PARAMS,
     "access_token_params": IT_OAUTH_AUTHORIZE_PARAMS,
+    "access_token_url": env(
+        "IT_OAUTH_ACCESS_TOKEN_URL",
+        default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/token",
+    ),
+    "authorize_url": env(
+        "IT_OAUTH_AUTHORIZE_URL",
+        default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/auth",
+    ),
     "api_base_url": env(
         "IT_OAUTH_API_BASE_URL",
         default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/",
     ),
     "local_redirect_uri": env(
-        "IT_OAUTH_LOCAL_REDIRECT_URI", default="http://localhost:8000/sso/callback/"
+        # FIXME: Billet is :3000, :8000 in other place -> What is correct here?
+        #  Q: is :3000 configured? or is :8000 configured?
+        "IT_OAUTH_LOCAL_REDIRECT_URI",
+        default="http://localhost:3000/api/oauth/callback/",
     ),
     "server_metadata_url": env(
         "IT_OAUTH_SERVER_METADATA_URL",
         default="https://sso.test.b.lernetz.host/auth/realms/vbv/.well-known/openid-configuration",
     ),
     "client_kwargs": {
-        "scope": env("IT_OAUTH_SCOPE", default="openid email"),
+        "scope": env("IT_OAUTH_SCOPE", default="openid email roles"),
         "token_endpoint_auth_method": "client_secret_post",
         "token_placement": "body",
     },
diff --git a/server/vbv_lernwelt/sso/client.py b/server/vbv_lernwelt/sso/client.py
index 875bfec1..56f4a6d6 100644
--- a/server/vbv_lernwelt/sso/client.py
+++ b/server/vbv_lernwelt/sso/client.py
@@ -12,4 +12,7 @@ oauth.register(
     authorize_params=settings.OAUTH["authorize_params"],
     client_kwargs=settings.OAUTH["client_kwargs"],
     server_metadata_url=settings.OAUTH["server_metadata_url"],
+    access_token_url=settings.OAUTH["access_token_url"],
+    api_base_url=settings.OAUTH["api_base_url"],
+    authorize_url=settings.OAUTH["authorize_url"],
 )
diff --git a/server/vbv_lernwelt/sso/views.py b/server/vbv_lernwelt/sso/views.py
index 957a1b8e..7d54d76a 100644
--- a/server/vbv_lernwelt/sso/views.py
+++ b/server/vbv_lernwelt/sso/views.py
@@ -18,7 +18,11 @@ def login(request):
     oauth_client = oauth.create_client(settings.OAUTH["client_name"])
     redirect_uri = settings.OAUTH["local_redirect_uri"]
     language = request.GET.get("lang", "de")
-    return oauth_client.authorize_redirect(request, redirect_uri, lang=language)
+
+    # TODO: extract query params and put them into state
+    return oauth_client.authorize_redirect(
+        request, redirect_uri, lang=language, p="b2c_1_signup_v3"
+    )
 
 
 def authorize(request):