Initial commit
This commit is contained in:
commit
f6aa79a3fd
3
.gitignore
vendored
Normal file
3
.gitignore
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
venv/
|
||||
moxxy_oidc_server.egg-info/
|
||||
**/__pycache__/
|
||||
0
moxxy_oidc_server/__init__.py
Normal file
0
moxxy_oidc_server/__init__.py
Normal file
85
moxxy_oidc_server/main.py
Normal file
85
moxxy_oidc_server/main.py
Normal file
@ -0,0 +1,85 @@
|
||||
import uuid
|
||||
import os
|
||||
import urllib.parse
|
||||
|
||||
from fastapi import FastAPI, HTTPException
|
||||
from pydantic import BaseModel
|
||||
import requests
|
||||
|
||||
|
||||
class SessionRequest(BaseModel):
|
||||
# Internal session ID
|
||||
session_id: str
|
||||
|
||||
# URL to show the user to perform authentication
|
||||
auth_url: str
|
||||
|
||||
class TokenResponse(BaseModel):
|
||||
token: str
|
||||
|
||||
OIDC_BASE_URI: str = os.environ["OIDC_BASE_URI"]
|
||||
REDIRECT_URI: str = os.environ["REDIRECT_URI"]
|
||||
CLIENT_ID: str = os.environ["CLIENT_ID"]
|
||||
CLIENT_SECRET: str = os.environ["CLIENT_SECRET"]
|
||||
app = FastAPI()
|
||||
|
||||
sessions: dict[str, str | None] = {}
|
||||
|
||||
@app.get("/.well-known/xmpp/oidc")
|
||||
def request_session(provider: str) -> SessionRequest:
|
||||
"""
|
||||
Build the correct "session" and GET url to authenticate to the OIDC
|
||||
provider.
|
||||
"""
|
||||
# TODO: Actually use provider
|
||||
|
||||
sid = uuid.uuid4().hex
|
||||
sessions[sid] = None
|
||||
|
||||
params: dict[str, str] = {
|
||||
"response_type": "code",
|
||||
"scope": "openid",
|
||||
"client_id": CLIENT_ID,
|
||||
"state": sid,
|
||||
"redirect_uri": REDIRECT_URI,
|
||||
}
|
||||
return SessionRequest(
|
||||
session_id=sid,
|
||||
auth_url=f"{OIDC_BASE_URI}/authorize/" + "?" + urllib.parse.urlencode(params),
|
||||
)
|
||||
|
||||
@app.get("/.well-known/xmpp/token")
|
||||
def request_token(sid: str) -> TokenResponse:
|
||||
"""
|
||||
Acquire the token that the server got from the OIDC provider.
|
||||
"""
|
||||
|
||||
if sessions.get(sid) is None:
|
||||
raise HTTPException(404)
|
||||
|
||||
return TokenResponse(
|
||||
token=sessions.pop(sid),
|
||||
)
|
||||
|
||||
@app.get("/.well-known/xmpp/callback")
|
||||
def oidc_callback(code: str, state: str) -> None:
|
||||
"""
|
||||
Callback for the OIDC redirect
|
||||
"""
|
||||
|
||||
token_req = requests.post(
|
||||
f"{OIDC_BASE_URI}/token/",
|
||||
data={
|
||||
"grant_type": "authorization_code",
|
||||
"code": code,
|
||||
"redirect_uri": REDIRECT_URI,
|
||||
"client_id": CLIENT_ID,
|
||||
"client_secret": CLIENT_SECRET,
|
||||
},
|
||||
)
|
||||
if not token_req.ok:
|
||||
print(f"Status Code: {token_req.status_code}")
|
||||
print(f"Body: {token_req.text}")
|
||||
raise HTTPException(500)
|
||||
|
||||
sessions[state] = token_req.json()["access_token"]
|
||||
4
pyproject.toml
Normal file
4
pyproject.toml
Normal file
@ -0,0 +1,4 @@
|
||||
[project]
|
||||
name = "moxxy-oidc-server"
|
||||
version = "0.1.0"
|
||||
dependencies = ["requests", "fastapi[standard]"]
|
||||
0
tests/test_behaviour.py
Normal file
0
tests/test_behaviour.py
Normal file
Loading…
Reference in New Issue
Block a user