Get OIDC end_session_endpoint from server metadata
This commit is contained in:
parent
02059e5043
commit
e5f86e72c2
|
|
@ -17,8 +17,7 @@ def create_app(test_config=None):
|
||||||
'ldap_pass': '',
|
'ldap_pass': '',
|
||||||
'ldap_base_dn': '',
|
'ldap_base_dn': '',
|
||||||
'user_group': '',
|
'user_group': '',
|
||||||
'oidc_url_discovery': '',
|
'oidc_server': '',
|
||||||
'oidc_url_logout': '',
|
|
||||||
'oidc_client_id': '',
|
'oidc_client_id': '',
|
||||||
'oidc_client_secret': '',
|
'oidc_client_secret': '',
|
||||||
'admin_group': '',
|
'admin_group': '',
|
||||||
|
|
@ -36,13 +35,9 @@ def create_app(test_config=None):
|
||||||
db.write('settings', settings)
|
db.write('settings', settings)
|
||||||
|
|
||||||
app.config['SECRET_KEY'] = settings.get('secret_key', '')
|
app.config['SECRET_KEY'] = settings.get('secret_key', '')
|
||||||
app.config['OIDC_URL_DISCOVERY'] = settings.get('oidc_url_discovery', '')
|
|
||||||
app.config['OIDC_URL_LOGOUT'] = settings.get('oidc_url_logout', '')
|
|
||||||
app.config['OIDC_CLIENT_ID'] = settings.get('oidc_client_id', '')
|
|
||||||
app.config['OIDC_CLIENT_SECRET'] = settings.get('oidc_client_secret', '')
|
|
||||||
|
|
||||||
from . import auth
|
from . import auth
|
||||||
auth.init_app(app)
|
auth.init_app(app, settings)
|
||||||
|
|
||||||
from . import errors
|
from . import errors
|
||||||
errors.init_app(app)
|
errors.init_app(app)
|
||||||
|
|
|
||||||
20
web/auth.py
20
web/auth.py
|
|
@ -25,16 +25,20 @@ class User(flask_login.UserMixin):
|
||||||
def get_id(self):
|
def get_id(self):
|
||||||
return self.username
|
return self.username
|
||||||
|
|
||||||
def init_app(app):
|
def init_app(app, settings):
|
||||||
login_manager = flask_login.LoginManager(app)
|
login_manager = flask_login.LoginManager(app)
|
||||||
oauth = authlib.integrations.flask_client.OAuth(app)
|
oauth = authlib.integrations.flask_client.OAuth(app)
|
||||||
oauth.register(
|
oauth.register(
|
||||||
name='default',
|
name='default',
|
||||||
server_metadata_url=app.config['OIDC_URL_DISCOVERY'],
|
server_metadata_url=settings.get('oidc_server'),
|
||||||
client_id=app.config['OIDC_CLIENT_ID'],
|
client_id=settings.get('oidc_client_id'),
|
||||||
client_secret=app.config['OIDC_CLIENT_SECRET'],
|
client_secret=settings.get('oidc_client_secret'),
|
||||||
client_kwargs={'scope': 'openid profile email'})
|
client_kwargs={'scope': 'openid profile email'})
|
||||||
|
|
||||||
|
metadata = oauth.default.load_server_metadata()
|
||||||
|
app.config['OIDC_CLIENT_ID'] = settings.get('OIDC_CLIENT_ID')
|
||||||
|
app.config['OIDC_END_SESSION_ENDPOINT'] = metadata.get('end_session_endpoint')
|
||||||
|
|
||||||
@login_manager.user_loader
|
@login_manager.user_loader
|
||||||
def load_user(username):
|
def load_user(username):
|
||||||
return users.get(username)
|
return users.get(username)
|
||||||
|
|
@ -57,6 +61,8 @@ def init_app(app):
|
||||||
@app.route('/logout')
|
@app.route('/logout')
|
||||||
def logout():
|
def logout():
|
||||||
flask_login.logout_user()
|
flask_login.logout_user()
|
||||||
return flask.redirect(
|
if oidc_logout_url := flask.current_app.config.get('OIDC_END_SESSION_ENDPOINT'):
|
||||||
flask.current_app.config.get('OIDC_URL_LOGOUT') + '?'
|
return flask.redirect(oidc_logout_url + '?'
|
||||||
+ urllib.parse.urlencode({'client_id': config.get('OIDC_CLIENT_ID')}))
|
+ urllib.parse.urlencode({'client_id': flask.current_app.config.get('OIDC_CLIENT_ID')}))
|
||||||
|
else:
|
||||||
|
return flask.redirect('/')
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue