Support openID AutoDiscovery URL

This commit is contained in:
xtaodada 2024-05-20 22:12:36 +08:00
parent ea9126c7f7
commit 992e11ae6a
Signed by: xtaodada
GPG Key ID: 4CBB3F4FA8C85659
5 changed files with 44 additions and 3 deletions

View File

@ -2,6 +2,7 @@ CONN_URI=sqlite+aiosqlite:///data/db.sqlite3
DEBUG=True DEBUG=True
PROJECT_URL=http://127.0.0.1 PROJECT_URL=http://127.0.0.1
PROJECT_LOGIN_SUCCESS_URL=http://google.com PROJECT_LOGIN_SUCCESS_URL=http://google.com
PROJECT_HOST=127.0.0.1
PROJECT_PORT=80 PROJECT_PORT=80
JWT_PRIVATE_KEY='data/private_key' JWT_PRIVATE_KEY='data/private_key'
JWT_PUBLIC_KEY='data/public_key' JWT_PUBLIC_KEY='data/public_key'

View File

@ -6,7 +6,8 @@
CONN_URI=sqlite+aiosqlite:///data/db.sqlite3 # 数据库 uri CONN_URI=sqlite+aiosqlite:///data/db.sqlite3 # 数据库 uri
DEBUG=True # 调试模式 DEBUG=True # 调试模式
PROJECT_URL=http://127.0.0.1 # 项目可访问的地址 PROJECT_URL=http://127.0.0.1 # 项目可访问的地址
PROJECT_LOGIN_SUCCESS_URL=http://google.com # 登录成功后跳转的地址 PROJECT_LOGIN_SUCCESS_URL=http://google.com # 默认登录成功后跳转的地址
PROJECT_HOST=127.0.0.1 # 项目监听的 ip 地址
PROJECT_PORT=80 # 项目运行的端口 PROJECT_PORT=80 # 项目运行的端口
JWT_PRIVATE_KEY='data/private_key' # jwt 私钥 JWT_PRIVATE_KEY='data/private_key' # jwt 私钥
JWT_PUBLIC_KEY='data/public_key' # jwt 公钥 JWT_PUBLIC_KEY='data/public_key' # jwt 公钥

View File

@ -5,6 +5,7 @@ from aioauth.server import AuthorizationServer
from fastapi import APIRouter, Depends, Request from fastapi import APIRouter, Depends, Request
from aioauth_fastapi.utils import to_fastapi_response, to_oauth2_request from aioauth_fastapi.utils import to_fastapi_response, to_oauth2_request
from .models import Configuration
from .storage import Storage from .storage import Storage
from ..config import settings as local_settings from ..config import settings as local_settings
from ..storage.sqlalchemy import SQLAlchemyStorage, get_sqlalchemy_storage from ..storage.sqlalchemy import SQLAlchemyStorage, get_sqlalchemy_storage
@ -52,5 +53,24 @@ async def authorize(
@router.get("/keys") @router.get("/keys")
@router.get("/.well-known/jwks.json")
async def keys(): async def keys():
return get_pub_key_resp() return get_pub_key_resp()
@router.get("/.well-known/openid-configuration")
async def get_configuration():
return Configuration(
issuer=local_settings.PROJECT_URL,
authorization_endpoint=f"{local_settings.PROJECT_URL}/oauth2/authorize",
token_endpoint=f"{local_settings.PROJECT_URL}/oauth2/token",
userinfo_endpoint="",
revocation_endpoint="",
jwks_uri=f"{local_settings.PROJECT_URL}/oauth2/.well-known/jwks.json",
scopes_supported=["openid", "profile", "email"],
response_types_supported=["code"],
grant_types_supported=["authorization_code", "refresh_token"],
subject_types_supported=["public"],
id_token_signing_alg_values_supported=["RS256"],
claims_supported=["username", "email"],
)

View File

@ -1,5 +1,6 @@
from typing import TYPE_CHECKING, Optional from typing import TYPE_CHECKING, Optional, List
from pydantic import BaseModel
from pydantic.types import UUID4 from pydantic.types import UUID4
from sqlmodel.main import Field, Relationship from sqlmodel.main import Field, Relationship
@ -48,3 +49,18 @@ class Token(BaseTable, table=True): # type: ignore
user_id: UUID4 = Field(foreign_key="users.id", nullable=False) user_id: UUID4 = Field(foreign_key="users.id", nullable=False)
user: "User" = Relationship(back_populates="user_tokens") user: "User" = Relationship(back_populates="user_tokens")
class Configuration(BaseModel):
issuer: str
authorization_endpoint: str
token_endpoint: str
userinfo_endpoint: str
revocation_endpoint: str
jwks_uri: str
scopes_supported: List[str]
response_types_supported: List[str]
grant_types_supported: List[str]
subject_types_supported: List[str]
id_token_signing_alg_values_supported: List[str]
claims_supported: List[str]

View File

@ -276,7 +276,10 @@ class Storage(BaseStorage):
) -> str: ) -> str:
scopes = enforce_list(scope) scopes = enforce_list(scope)
user = await self.get_user(request) user = await self.get_user(request)
user_data = {} user_data = {
"aud": client_id,
"iss": settings.PROJECT_URL,
}
if "email" in scopes: if "email" in scopes:
user_data["email"] = user.username user_data["email"] = user.username