wip: sso snafu
This commit is contained in:
Livio Bieri
Christian Cueni
parent
e16cc575aa
commit
82760211b1
|
|
@ -597,19 +597,30 @@ OAUTH = {
|
||||||
"client_secret": env("IT_OAUTH_CLIENT_SECRET", default=""),
|
"client_secret": env("IT_OAUTH_CLIENT_SECRET", default=""),
|
||||||
"authorize_params": IT_OAUTH_AUTHORIZE_PARAMS,
|
"authorize_params": IT_OAUTH_AUTHORIZE_PARAMS,
|
||||||
"access_token_params": IT_OAUTH_AUTHORIZE_PARAMS,
|
"access_token_params": IT_OAUTH_AUTHORIZE_PARAMS,
|
||||||
|
"access_token_url": env(
|
||||||
|
"IT_OAUTH_ACCESS_TOKEN_URL",
|
||||||
|
default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/token",
|
||||||
|
),
|
||||||
|
"authorize_url": env(
|
||||||
|
"IT_OAUTH_AUTHORIZE_URL",
|
||||||
|
default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/auth",
|
||||||
|
),
|
||||||
"api_base_url": env(
|
"api_base_url": env(
|
||||||
"IT_OAUTH_API_BASE_URL",
|
"IT_OAUTH_API_BASE_URL",
|
||||||
default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/",
|
default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/",
|
||||||
),
|
),
|
||||||
"local_redirect_uri": env(
|
"local_redirect_uri": env(
|
||||||
"IT_OAUTH_LOCAL_REDIRECT_URI", default="http://localhost:8000/sso/callback/"
|
# FIXME: Billet is :3000, :8000 in other place -> What is correct here?
|
||||||
|
# Q: is :3000 configured? or is :8000 configured?
|
||||||
|
"IT_OAUTH_LOCAL_REDIRECT_URI",
|
||||||
|
default="http://localhost:3000/api/oauth/callback/",
|
||||||
),
|
),
|
||||||
"server_metadata_url": env(
|
"server_metadata_url": env(
|
||||||
"IT_OAUTH_SERVER_METADATA_URL",
|
"IT_OAUTH_SERVER_METADATA_URL",
|
||||||
default="https://sso.test.b.lernetz.host/auth/realms/vbv/.well-known/openid-configuration",
|
default="https://sso.test.b.lernetz.host/auth/realms/vbv/.well-known/openid-configuration",
|
||||||
),
|
),
|
||||||
"client_kwargs": {
|
"client_kwargs": {
|
||||||
"scope": env("IT_OAUTH_SCOPE", default="openid email"),
|
"scope": env("IT_OAUTH_SCOPE", default="openid email roles"),
|
||||||
"token_endpoint_auth_method": "client_secret_post",
|
"token_endpoint_auth_method": "client_secret_post",
|
||||||
"token_placement": "body",
|
"token_placement": "body",
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -12,4 +12,7 @@ oauth.register(
|
||||||
authorize_params=settings.OAUTH["authorize_params"],
|
authorize_params=settings.OAUTH["authorize_params"],
|
||||||
client_kwargs=settings.OAUTH["client_kwargs"],
|
client_kwargs=settings.OAUTH["client_kwargs"],
|
||||||
server_metadata_url=settings.OAUTH["server_metadata_url"],
|
server_metadata_url=settings.OAUTH["server_metadata_url"],
|
||||||
|
access_token_url=settings.OAUTH["access_token_url"],
|
||||||
|
api_base_url=settings.OAUTH["api_base_url"],
|
||||||
|
authorize_url=settings.OAUTH["authorize_url"],
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,11 @@ def login(request):
|
||||||
oauth_client = oauth.create_client(settings.OAUTH["client_name"])
|
oauth_client = oauth.create_client(settings.OAUTH["client_name"])
|
||||||
redirect_uri = settings.OAUTH["local_redirect_uri"]
|
redirect_uri = settings.OAUTH["local_redirect_uri"]
|
||||||
language = request.GET.get("lang", "de")
|
language = request.GET.get("lang", "de")
|
||||||
return oauth_client.authorize_redirect(request, redirect_uri, lang=language)
|
|
||||||
|
# TODO: extract query params and put them into state
|
||||||
|
return oauth_client.authorize_redirect(
|
||||||
|
request, redirect_uri, lang=language, p="b2c_1_signup_v3"
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
def authorize(request):
|
def authorize(request):
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue