[PATCH 3/4] Crude OpenID Connect client using Authlib
Lukas Fleischer
lfleischer at archlinux.org
Sat Jun 6 12:42:05 UTC 2020
On Thu, 04 Jun 2020 at 16:00:20, Frédéric Mangano-Tarumi wrote:
> Developers can go to /sso/login to get redirected to the SSO. On
> successful login, the ID token is displayed.
> ---
> .gitlab-ci.yml | 3 ++-
> TESTING | 3 ++-
> aurweb/asgi.py | 13 +++++++++++++
> aurweb/routers/__init__.py | 5 +++++
> aurweb/routers/sso.py | 30 ++++++++++++++++++++++++++++++
> aurweb/spawn.py | 3 +++
> conf/config.defaults | 8 ++++++++
> conf/config.dev | 9 +++++++++
> 8 files changed, 72 insertions(+), 2 deletions(-)
> create mode 100644 aurweb/routers/__init__.py
> create mode 100644 aurweb/routers/sso.py
> [...]
> diff --git a/conf/config.dev b/conf/config.dev
> index d752f61f..27e981f8 100644
> --- a/conf/config.dev
> +++ b/conf/config.dev
> @@ -20,6 +20,12 @@ aur_location = http://127.0.0.1:8080
> disable_http_login = 0
> enable-maintenance = 0
>
> +; Single sign-on
> +[sso]
> +openid_configuration = http://127.0.0.1:8083/auth/realms/aurweb/.well-known/openid-configuration
> +client_id = aurweb
> +client_secret =
> +
> [php]
> ; Address PHP should bind when spawned in development mode by aurweb.spawn.
> bind_address = 127.0.0.1:8081
> @@ -30,3 +36,6 @@ htmldir = YOUR_AUR_ROOT/web/html
> [fastapi]
> ; Address uvicorn should bind when spawned in development mode by aurweb.spawn.
> bind_address = 127.0.0.1:8082
> +
> +; Passphrase FastAPI uses to sign client-side sessions.
> +session_secret = \u6975\u79d8\u3001\u8a33\u3059\u306a\uff01\u3042\u3001\u9045\u904e\u304e\u305f\u3002
Nit: Since this is not really a secret, can we just use a plain text
value (e.g. "secret") here? I know we had a similar discussion before,
but I don't like the idea of having binary data in text configuration
files since it might cause all sorts of issues with different tools (and
even if that means the tools are bad, it's better to avoid it
altogether).
More information about the aur-dev
mailing list