mirror of
https://github.com/Xtao-Labs/telegram-oauth.git
synced 2024-11-21 14:48:26 +00:00
✨ Support openID AutoDiscovery URL
This commit is contained in:
parent
ea9126c7f7
commit
992e11ae6a
@ -2,6 +2,7 @@ CONN_URI=sqlite+aiosqlite:///data/db.sqlite3
|
|||||||
DEBUG=True
|
DEBUG=True
|
||||||
PROJECT_URL=http://127.0.0.1
|
PROJECT_URL=http://127.0.0.1
|
||||||
PROJECT_LOGIN_SUCCESS_URL=http://google.com
|
PROJECT_LOGIN_SUCCESS_URL=http://google.com
|
||||||
|
PROJECT_HOST=127.0.0.1
|
||||||
PROJECT_PORT=80
|
PROJECT_PORT=80
|
||||||
JWT_PRIVATE_KEY='data/private_key'
|
JWT_PRIVATE_KEY='data/private_key'
|
||||||
JWT_PUBLIC_KEY='data/public_key'
|
JWT_PUBLIC_KEY='data/public_key'
|
||||||
|
@ -6,7 +6,8 @@
|
|||||||
CONN_URI=sqlite+aiosqlite:///data/db.sqlite3 # 数据库 uri
|
CONN_URI=sqlite+aiosqlite:///data/db.sqlite3 # 数据库 uri
|
||||||
DEBUG=True # 调试模式
|
DEBUG=True # 调试模式
|
||||||
PROJECT_URL=http://127.0.0.1 # 项目可访问的地址
|
PROJECT_URL=http://127.0.0.1 # 项目可访问的地址
|
||||||
PROJECT_LOGIN_SUCCESS_URL=http://google.com # 登录成功后跳转的地址
|
PROJECT_LOGIN_SUCCESS_URL=http://google.com # 默认登录成功后跳转的地址
|
||||||
|
PROJECT_HOST=127.0.0.1 # 项目监听的 ip 地址
|
||||||
PROJECT_PORT=80 # 项目运行的端口
|
PROJECT_PORT=80 # 项目运行的端口
|
||||||
JWT_PRIVATE_KEY='data/private_key' # jwt 私钥
|
JWT_PRIVATE_KEY='data/private_key' # jwt 私钥
|
||||||
JWT_PUBLIC_KEY='data/public_key' # jwt 公钥
|
JWT_PUBLIC_KEY='data/public_key' # jwt 公钥
|
||||||
|
@ -5,6 +5,7 @@ from aioauth.server import AuthorizationServer
|
|||||||
from fastapi import APIRouter, Depends, Request
|
from fastapi import APIRouter, Depends, Request
|
||||||
|
|
||||||
from aioauth_fastapi.utils import to_fastapi_response, to_oauth2_request
|
from aioauth_fastapi.utils import to_fastapi_response, to_oauth2_request
|
||||||
|
from .models import Configuration
|
||||||
from .storage import Storage
|
from .storage import Storage
|
||||||
from ..config import settings as local_settings
|
from ..config import settings as local_settings
|
||||||
from ..storage.sqlalchemy import SQLAlchemyStorage, get_sqlalchemy_storage
|
from ..storage.sqlalchemy import SQLAlchemyStorage, get_sqlalchemy_storage
|
||||||
@ -52,5 +53,24 @@ async def authorize(
|
|||||||
|
|
||||||
|
|
||||||
@router.get("/keys")
|
@router.get("/keys")
|
||||||
|
@router.get("/.well-known/jwks.json")
|
||||||
async def keys():
|
async def keys():
|
||||||
return get_pub_key_resp()
|
return get_pub_key_resp()
|
||||||
|
|
||||||
|
|
||||||
|
@router.get("/.well-known/openid-configuration")
|
||||||
|
async def get_configuration():
|
||||||
|
return Configuration(
|
||||||
|
issuer=local_settings.PROJECT_URL,
|
||||||
|
authorization_endpoint=f"{local_settings.PROJECT_URL}/oauth2/authorize",
|
||||||
|
token_endpoint=f"{local_settings.PROJECT_URL}/oauth2/token",
|
||||||
|
userinfo_endpoint="",
|
||||||
|
revocation_endpoint="",
|
||||||
|
jwks_uri=f"{local_settings.PROJECT_URL}/oauth2/.well-known/jwks.json",
|
||||||
|
scopes_supported=["openid", "profile", "email"],
|
||||||
|
response_types_supported=["code"],
|
||||||
|
grant_types_supported=["authorization_code", "refresh_token"],
|
||||||
|
subject_types_supported=["public"],
|
||||||
|
id_token_signing_alg_values_supported=["RS256"],
|
||||||
|
claims_supported=["username", "email"],
|
||||||
|
)
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
from typing import TYPE_CHECKING, Optional
|
from typing import TYPE_CHECKING, Optional, List
|
||||||
|
|
||||||
|
from pydantic import BaseModel
|
||||||
from pydantic.types import UUID4
|
from pydantic.types import UUID4
|
||||||
from sqlmodel.main import Field, Relationship
|
from sqlmodel.main import Field, Relationship
|
||||||
|
|
||||||
@ -48,3 +49,18 @@ class Token(BaseTable, table=True): # type: ignore
|
|||||||
|
|
||||||
user_id: UUID4 = Field(foreign_key="users.id", nullable=False)
|
user_id: UUID4 = Field(foreign_key="users.id", nullable=False)
|
||||||
user: "User" = Relationship(back_populates="user_tokens")
|
user: "User" = Relationship(back_populates="user_tokens")
|
||||||
|
|
||||||
|
|
||||||
|
class Configuration(BaseModel):
|
||||||
|
issuer: str
|
||||||
|
authorization_endpoint: str
|
||||||
|
token_endpoint: str
|
||||||
|
userinfo_endpoint: str
|
||||||
|
revocation_endpoint: str
|
||||||
|
jwks_uri: str
|
||||||
|
scopes_supported: List[str]
|
||||||
|
response_types_supported: List[str]
|
||||||
|
grant_types_supported: List[str]
|
||||||
|
subject_types_supported: List[str]
|
||||||
|
id_token_signing_alg_values_supported: List[str]
|
||||||
|
claims_supported: List[str]
|
||||||
|
@ -276,7 +276,10 @@ class Storage(BaseStorage):
|
|||||||
) -> str:
|
) -> str:
|
||||||
scopes = enforce_list(scope)
|
scopes = enforce_list(scope)
|
||||||
user = await self.get_user(request)
|
user = await self.get_user(request)
|
||||||
user_data = {}
|
user_data = {
|
||||||
|
"aud": client_id,
|
||||||
|
"iss": settings.PROJECT_URL,
|
||||||
|
}
|
||||||
|
|
||||||
if "email" in scopes:
|
if "email" in scopes:
|
||||||
user_data["email"] = user.username
|
user_data["email"] = user.username
|
||||||
|
Loading…
Reference in New Issue
Block a user