From e5f86e72c27e1ce5974e8c3285263fc5bb00bb6d Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Thu, 14 Sep 2023 10:09:45 +0200 Subject: [PATCH] Get OIDC end_session_endpoint from server metadata --- web/__init__.py | 9 ++------- web/auth.py | 20 +++++++++++++------- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/web/__init__.py b/web/__init__.py index b44d011..7fbec82 100644 --- a/web/__init__.py +++ b/web/__init__.py @@ -17,8 +17,7 @@ def create_app(test_config=None): 'ldap_pass': '', 'ldap_base_dn': '', 'user_group': '', - 'oidc_url_discovery': '', - 'oidc_url_logout': '', + 'oidc_server': '', 'oidc_client_id': '', 'oidc_client_secret': '', 'admin_group': '', @@ -36,13 +35,9 @@ def create_app(test_config=None): db.write('settings', settings) app.config['SECRET_KEY'] = settings.get('secret_key', '') - app.config['OIDC_URL_DISCOVERY'] = settings.get('oidc_url_discovery', '') - app.config['OIDC_URL_LOGOUT'] = settings.get('oidc_url_logout', '') - app.config['OIDC_CLIENT_ID'] = settings.get('oidc_client_id', '') - app.config['OIDC_CLIENT_SECRET'] = settings.get('oidc_client_secret', '') from . import auth - auth.init_app(app) + auth.init_app(app, settings) from . import errors errors.init_app(app) diff --git a/web/auth.py b/web/auth.py index 218c7c0..7672e14 100644 --- a/web/auth.py +++ b/web/auth.py @@ -25,16 +25,20 @@ class User(flask_login.UserMixin): def get_id(self): return self.username -def init_app(app): +def init_app(app, settings): login_manager = flask_login.LoginManager(app) oauth = authlib.integrations.flask_client.OAuth(app) oauth.register( name='default', - server_metadata_url=app.config['OIDC_URL_DISCOVERY'], - client_id=app.config['OIDC_CLIENT_ID'], - client_secret=app.config['OIDC_CLIENT_SECRET'], + server_metadata_url=settings.get('oidc_server'), + client_id=settings.get('oidc_client_id'), + client_secret=settings.get('oidc_client_secret'), client_kwargs={'scope': 'openid profile email'}) + metadata = oauth.default.load_server_metadata() + app.config['OIDC_CLIENT_ID'] = settings.get('OIDC_CLIENT_ID') + app.config['OIDC_END_SESSION_ENDPOINT'] = metadata.get('end_session_endpoint') + @login_manager.user_loader def load_user(username): return users.get(username) @@ -57,6 +61,8 @@ def init_app(app): @app.route('/logout') def logout(): flask_login.logout_user() - return flask.redirect( - flask.current_app.config.get('OIDC_URL_LOGOUT') + '?' - + urllib.parse.urlencode({'client_id': config.get('OIDC_CLIENT_ID')})) + if oidc_logout_url := flask.current_app.config.get('OIDC_END_SESSION_ENDPOINT'): + return flask.redirect(oidc_logout_url + '?' + + urllib.parse.urlencode({'client_id': flask.current_app.config.get('OIDC_CLIENT_ID')})) + else: + return flask.redirect('/')