rc/friwall
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Get OIDC end_session_endpoint from server metadata

Browse source
This commit is contained in:
Timotej Lazar 2023-09-14 10:09:45 +02:00
parent 02059e5043
commit e5f86e72c2
2 changed files with 15 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
web/__init__.py
View file

@ -17,8 +17,7 @@ def create_app(test_config=None):
'ldap_pass': '', 'ldap_pass': '',
'ldap_base_dn': '', 'ldap_base_dn': '',
'user_group': '', 'user_group': '',
'oidc_url_discovery': '', 'oidc_server': '',
'oidc_url_logout': '',
'oidc_client_id': '', 'oidc_client_id': '',
'oidc_client_secret': '', 'oidc_client_secret': '',
'admin_group': '', 'admin_group': '',
@ -36,13 +35,9 @@ def create_app(test_config=None):
db.write('settings', settings) db.write('settings', settings)
app.config['SECRET_KEY'] = settings.get('secret_key', '') app.config['SECRET_KEY'] = settings.get('secret_key', '')
app.config['OIDC_URL_DISCOVERY'] = settings.get('oidc_url_discovery', '')
app.config['OIDC_URL_LOGOUT'] = settings.get('oidc_url_logout', '')
app.config['OIDC_CLIENT_ID'] = settings.get('oidc_client_id', '')
app.config['OIDC_CLIENT_SECRET'] = settings.get('oidc_client_secret', '')
from . import auth from . import auth
auth.init_app(app) auth.init_app(app, settings)
from . import errors from . import errors
errors.init_app(app) errors.init_app(app)

20
web/auth.py
View file

@ -25,16 +25,20 @@ class User(flask_login.UserMixin):
def get_id(self): def get_id(self):
return self.username return self.username
def init_app(app): def init_app(app, settings):
login_manager = flask_login.LoginManager(app) login_manager = flask_login.LoginManager(app)
oauth = authlib.integrations.flask_client.OAuth(app) oauth = authlib.integrations.flask_client.OAuth(app)
oauth.register( oauth.register(
name='default', name='default',
server_metadata_url=app.config['OIDC_URL_DISCOVERY'], server_metadata_url=settings.get('oidc_server'),
client_id=app.config['OIDC_CLIENT_ID'], client_id=settings.get('oidc_client_id'),
client_secret=app.config['OIDC_CLIENT_SECRET'], client_secret=settings.get('oidc_client_secret'),
client_kwargs={'scope': 'openid profile email'}) client_kwargs={'scope': 'openid profile email'})
metadata = oauth.default.load_server_metadata()
app.config['OIDC_CLIENT_ID'] = settings.get('OIDC_CLIENT_ID')
app.config['OIDC_END_SESSION_ENDPOINT'] = metadata.get('end_session_endpoint')
@login_manager.user_loader @login_manager.user_loader
def load_user(username): def load_user(username):
return users.get(username) return users.get(username)
@ -57,6 +61,8 @@ def init_app(app):
@app.route('/logout') @app.route('/logout')
def logout(): def logout():
flask_login.logout_user() flask_login.logout_user()
return flask.redirect( if oidc_logout_url := flask.current_app.config.get('OIDC_END_SESSION_ENDPOINT'):
flask.current_app.config.get('OIDC_URL_LOGOUT') + '?' return flask.redirect(oidc_logout_url + '?'
+ urllib.parse.urlencode({'client_id': config.get('OIDC_CLIENT_ID')})) + urllib.parse.urlencode({'client_id': flask.current_app.config.get('OIDC_CLIENT_ID')}))
else:
return flask.redirect('/')