Add support for using OIDC tokens via the Docker CLI
This commit is contained in:
Joseph Schorr
parent
6600b380ca
commit
e724125459
16 changed files with 176 additions and 14 deletions
|
|
@ -1,7 +1,6 @@
|
|||
from oauth.services.github import GithubOAuthService
|
||||
from oauth.services.google import GoogleOAuthService
|
||||
from oauth.oidc import OIDCLoginService
|
||||
from data.users import UserAuthentication
|
||||
|
||||
CUSTOM_LOGIN_SERVICES = {
|
||||
'GITHUB_LOGIN_CONFIG': GithubOAuthService,
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ class OIDCLoginService(OAuthService):
|
|||
'OIDC': True,
|
||||
}
|
||||
|
||||
def exchange_code_for_login(self, app_config, http_client, code, redirect_suffix):
|
||||
def exchange_code_for_tokens(self, app_config, http_client, code, redirect_suffix):
|
||||
# Exchange the code for the access token and id_token
|
||||
try:
|
||||
json_data = self.exchange_code(app_config, http_client, code,
|
||||
|
|
@ -109,9 +109,16 @@ class OIDCLoginService(OAuthService):
|
|||
logger.debug('Missing id_token in response: %s', json_data)
|
||||
raise OAuthLoginException('Missing `id_token` in OIDC response')
|
||||
|
||||
return id_token, access_token
|
||||
|
||||
def exchange_code_for_login(self, app_config, http_client, code, redirect_suffix):
|
||||
# Exchange the code for the access token and id_token
|
||||
id_token, access_token = self.exchange_code_for_tokens(app_config, http_client, code,
|
||||
redirect_suffix)
|
||||
|
||||
# Decode the id_token.
|
||||
try:
|
||||
decoded_id_token = self._decode_user_jwt(id_token)
|
||||
decoded_id_token = self.decode_user_jwt(id_token)
|
||||
except InvalidTokenError as ite:
|
||||
logger.exception('Got invalid token error on OIDC decode: %s', ite.message)
|
||||
raise OAuthLoginException('Could not decode OIDC token')
|
||||
|
|
@ -181,7 +188,7 @@ class OIDCLoginService(OAuthService):
|
|||
logger.exception('Could not parse OIDC discovery for url: %s', discovery_url)
|
||||
raise DiscoveryFailureException("Could not parse OIDC discovery information")
|
||||
|
||||
def _decode_user_jwt(self, token):
|
||||
def decode_user_jwt(self, token):
|
||||
""" Decodes the given JWT under the given provider and returns it. Raises an InvalidTokenError
|
||||
exception on an invalid token or a PublicKeyLoadException if the public key could not be
|
||||
loaded for decoding.
|
||||
|
|
|
|||
0
oauth/test/__init__.py
Normal file
0
oauth/test/__init__.py
Normal file
|
|
@ -60,7 +60,7 @@ def app_config(http_client, mailing_feature):
|
|||
'SERVER_HOSTNAME': 'localhost',
|
||||
'FEATURE_MAILING': mailing_feature,
|
||||
|
||||
'SOMEOIDC_TEST_SERVICE': {
|
||||
'SOMEOIDC_LOGIN_CONFIG': {
|
||||
'CLIENT_ID': 'foo',
|
||||
'CLIENT_SECRET': 'bar',
|
||||
'SERVICE_NAME': 'Some Cool Service',
|
||||
|
|
@ -74,7 +74,7 @@ def app_config(http_client, mailing_feature):
|
|||
|
||||
@pytest.fixture()
|
||||
def oidc_service(app_config):
|
||||
return OIDCLoginService(app_config, 'SOMEOIDC_TEST_SERVICE')
|
||||
return OIDCLoginService(app_config, 'SOMEOIDC_LOGIN_CONFIG')
|
||||
|
||||
@pytest.fixture()
|
||||
def discovery_content(userinfo_supported):
|
||||
|
|
|
|||
Reference in a new issue