wip: sso snafu

2023-11-09 10:34:31 +01:00 · 2023-11-09 10:34:31 +01:00 · 82760211b1
parent e16cc575aa
commit 82760211b1
3 changed files with 21 additions and 3 deletions
--- a/server/config/settings/base.py
+++ b/server/config/settings/base.py
@ -597,19 +597,30 @@ OAUTH = {
    "client_secret": env("IT_OAUTH_CLIENT_SECRET", default=""),
    "authorize_params": IT_OAUTH_AUTHORIZE_PARAMS,
    "access_token_params": IT_OAUTH_AUTHORIZE_PARAMS,
+    "access_token_url": env(
+        "IT_OAUTH_ACCESS_TOKEN_URL",
+        default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/token",
+    ),
+    "authorize_url": env(
+        "IT_OAUTH_AUTHORIZE_URL",
+        default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/auth",
+    ),
    "api_base_url": env(
        "IT_OAUTH_API_BASE_URL",
        default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/",
    ),
    "local_redirect_uri": env(
-        "IT_OAUTH_LOCAL_REDIRECT_URI", default="http://localhost:8000/sso/callback/"
+        # FIXME: Billet is :3000, :8000 in other place -> What is correct here?
+        #  Q: is :3000 configured? or is :8000 configured?
+        "IT_OAUTH_LOCAL_REDIRECT_URI",
+        default="http://localhost:3000/api/oauth/callback/",
    ),
    "server_metadata_url": env(
        "IT_OAUTH_SERVER_METADATA_URL",
        default="https://sso.test.b.lernetz.host/auth/realms/vbv/.well-known/openid-configuration",
    ),
    "client_kwargs": {
-        "scope": env("IT_OAUTH_SCOPE", default="openid email"),
+        "scope": env("IT_OAUTH_SCOPE", default="openid email roles"),
        "token_endpoint_auth_method": "client_secret_post",
        "token_placement": "body",
    },
--- a/server/vbv_lernwelt/sso/client.py
+++ b/server/vbv_lernwelt/sso/client.py
@ -12,4 +12,7 @@ oauth.register(
    authorize_params=settings.OAUTH["authorize_params"],
    client_kwargs=settings.OAUTH["client_kwargs"],
    server_metadata_url=settings.OAUTH["server_metadata_url"],
+    access_token_url=settings.OAUTH["access_token_url"],
+    api_base_url=settings.OAUTH["api_base_url"],
+    authorize_url=settings.OAUTH["authorize_url"],
 )
--- a/server/vbv_lernwelt/sso/views.py
+++ b/server/vbv_lernwelt/sso/views.py
@ -18,7 +18,11 @@ def login(request):
    oauth_client = oauth.create_client(settings.OAUTH["client_name"])
    redirect_uri = settings.OAUTH["local_redirect_uri"]
    language = request.GET.get("lang", "de")
-    return oauth_client.authorize_redirect(request, redirect_uri, lang=language)
+
+    # TODO: extract query params and put them into state
+    return oauth_client.authorize_redirect(
+        request, redirect_uri, lang=language, p="b2c_1_signup_v3"
+    )


 def authorize(request):