mirror of
https://github.com/Xtao-Labs/telegram-oauth.git
synced 2024-11-24 00:21:34 +00:00
✨ Support openID AutoDiscovery URL
This commit is contained in:
parent
ea9126c7f7
commit
992e11ae6a
@ -2,6 +2,7 @@ CONN_URI=sqlite+aiosqlite:///data/db.sqlite3
|
||||
DEBUG=True
|
||||
PROJECT_URL=http://127.0.0.1
|
||||
PROJECT_LOGIN_SUCCESS_URL=http://google.com
|
||||
PROJECT_HOST=127.0.0.1
|
||||
PROJECT_PORT=80
|
||||
JWT_PRIVATE_KEY='data/private_key'
|
||||
JWT_PUBLIC_KEY='data/public_key'
|
||||
|
@ -6,7 +6,8 @@
|
||||
CONN_URI=sqlite+aiosqlite:///data/db.sqlite3 # 数据库 uri
|
||||
DEBUG=True # 调试模式
|
||||
PROJECT_URL=http://127.0.0.1 # 项目可访问的地址
|
||||
PROJECT_LOGIN_SUCCESS_URL=http://google.com # 登录成功后跳转的地址
|
||||
PROJECT_LOGIN_SUCCESS_URL=http://google.com # 默认登录成功后跳转的地址
|
||||
PROJECT_HOST=127.0.0.1 # 项目监听的 ip 地址
|
||||
PROJECT_PORT=80 # 项目运行的端口
|
||||
JWT_PRIVATE_KEY='data/private_key' # jwt 私钥
|
||||
JWT_PUBLIC_KEY='data/public_key' # jwt 公钥
|
||||
|
@ -5,6 +5,7 @@ from aioauth.server import AuthorizationServer
|
||||
from fastapi import APIRouter, Depends, Request
|
||||
|
||||
from aioauth_fastapi.utils import to_fastapi_response, to_oauth2_request
|
||||
from .models import Configuration
|
||||
from .storage import Storage
|
||||
from ..config import settings as local_settings
|
||||
from ..storage.sqlalchemy import SQLAlchemyStorage, get_sqlalchemy_storage
|
||||
@ -52,5 +53,24 @@ async def authorize(
|
||||
|
||||
|
||||
@router.get("/keys")
|
||||
@router.get("/.well-known/jwks.json")
|
||||
async def keys():
|
||||
return get_pub_key_resp()
|
||||
|
||||
|
||||
@router.get("/.well-known/openid-configuration")
|
||||
async def get_configuration():
|
||||
return Configuration(
|
||||
issuer=local_settings.PROJECT_URL,
|
||||
authorization_endpoint=f"{local_settings.PROJECT_URL}/oauth2/authorize",
|
||||
token_endpoint=f"{local_settings.PROJECT_URL}/oauth2/token",
|
||||
userinfo_endpoint="",
|
||||
revocation_endpoint="",
|
||||
jwks_uri=f"{local_settings.PROJECT_URL}/oauth2/.well-known/jwks.json",
|
||||
scopes_supported=["openid", "profile", "email"],
|
||||
response_types_supported=["code"],
|
||||
grant_types_supported=["authorization_code", "refresh_token"],
|
||||
subject_types_supported=["public"],
|
||||
id_token_signing_alg_values_supported=["RS256"],
|
||||
claims_supported=["username", "email"],
|
||||
)
|
||||
|
@ -1,5 +1,6 @@
|
||||
from typing import TYPE_CHECKING, Optional
|
||||
from typing import TYPE_CHECKING, Optional, List
|
||||
|
||||
from pydantic import BaseModel
|
||||
from pydantic.types import UUID4
|
||||
from sqlmodel.main import Field, Relationship
|
||||
|
||||
@ -48,3 +49,18 @@ class Token(BaseTable, table=True): # type: ignore
|
||||
|
||||
user_id: UUID4 = Field(foreign_key="users.id", nullable=False)
|
||||
user: "User" = Relationship(back_populates="user_tokens")
|
||||
|
||||
|
||||
class Configuration(BaseModel):
|
||||
issuer: str
|
||||
authorization_endpoint: str
|
||||
token_endpoint: str
|
||||
userinfo_endpoint: str
|
||||
revocation_endpoint: str
|
||||
jwks_uri: str
|
||||
scopes_supported: List[str]
|
||||
response_types_supported: List[str]
|
||||
grant_types_supported: List[str]
|
||||
subject_types_supported: List[str]
|
||||
id_token_signing_alg_values_supported: List[str]
|
||||
claims_supported: List[str]
|
||||
|
@ -276,7 +276,10 @@ class Storage(BaseStorage):
|
||||
) -> str:
|
||||
scopes = enforce_list(scope)
|
||||
user = await self.get_user(request)
|
||||
user_data = {}
|
||||
user_data = {
|
||||
"aud": client_id,
|
||||
"iss": settings.PROJECT_URL,
|
||||
}
|
||||
|
||||
if "email" in scopes:
|
||||
user_data["email"] = user.username
|
||||
|
Loading…
Reference in New Issue
Block a user