Crude OpenID Connect client using Authlib

Developers can go to /sso/login to get redirected to the SSO. On successful login, the ID token is displayed. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2025-02-03 10:43:03 +01:00 · 2020-06-04 22:00:20 +02:00 · 2020-06-04 22:00:20 +02:00 · 3b347d3989
commit 3b347d3989
parent b1300117ac
8 changed files with 72 additions and 2 deletions
--- a/aurweb/asgi.py
+++ b/aurweb/asgi.py
@ -1,3 +1,16 @@
 from fastapi import FastAPI
+from starlette.middleware.sessions import SessionMiddleware
+
+import aurweb.config
+
+from aurweb.routers import sso

 app = FastAPI()
+
+session_secret = aurweb.config.get("fastapi", "session_secret")
+if not session_secret:
+    raise Exception("[fastapi] session_secret must not be empty")
+
+app.add_middleware(SessionMiddleware, secret_key=session_secret)
+
+app.include_router(sso.router)
--- a/aurweb/routers/init.py
+++ b/aurweb/routers/init.py
@ -0,0 +1,5 @@
+"""
+API routers for FastAPI.
+
+See https://fastapi.tiangolo.com/tutorial/bigger-applications/
+"""
--- a/aurweb/routers/sso.py
+++ b/aurweb/routers/sso.py
@ -0,0 +1,30 @@
+import fastapi
+
+from authlib.integrations.starlette_client import OAuth
+from starlette.requests import Request
+
+import aurweb.config
+
+router = fastapi.APIRouter()
+
+oauth = OAuth()
+oauth.register(
+    name="sso",
+    server_metadata_url=aurweb.config.get("sso", "openid_configuration"),
+    client_kwargs={"scope": "openid"},
+    client_id=aurweb.config.get("sso", "client_id"),
+    client_secret=aurweb.config.get("sso", "client_secret"),
+)
+
+
+@router.get("/sso/login")
+async def login(request: Request):
+    redirect_uri = aurweb.config.get("options", "aur_location") + "/sso/authenticate"
+    return await oauth.sso.authorize_redirect(request, redirect_uri, prompt="login")
+
+
+@router.get("/sso/authenticate")
+async def authenticate(request: Request):
+    token = await oauth.sso.authorize_access_token(request)
+    user = await oauth.sso.parse_id_token(request, token)
+    return dict(user)
--- a/aurweb/spawn.py
+++ b/aurweb/spawn.py
@ -60,6 +60,9 @@ def generate_nginx_config():
                location / {{
                    proxy_pass http://{aurweb.config.get("php", "bind_address")};
                }}
+                location /sso {{
+                    proxy_pass http://{aurweb.config.get("fastapi", "bind_address")};
+                }}
            }}
        }}
    """)