Openid Connect support #157
Comments
|
Leaving this open as an enhancement request in case we have resource to look into adding this in the future. |
|
Hi, I would like to know if there is something new with this issue? I would like to use authomatic but before digging, I want to know if it works with and OpenID Connect Provider. Best regards, |
|
Hi - no there hasn't been any advance on this issue since my last comment I'm afraid! |
|
Following up here. I wrote a customer specific OpenID Connect Provider for Helmholtz AAI. I do not have paid nor volunteer resources to turn this into an official generic plugin, but I can drop the code here. It is even not finished (performance and flexibility), but it works. Code is under GPLv2 for now. from authomatic import core
from authomatic.exceptions import AuthenticationError
from authomatic.providers.oauth2 import OAuth2
from authomatic.providers.oauth2 import PROVIDER_ID_MAP
class HelmholtzAAI(OAuth2):
"""Helmholtz AAI |oauth2| (OpenID Connect) provider.
* Dashboard: https://login.helmholtz.de/home/ (development at https://login-dev.helmholtz.de/)
* Docs: https://hifis.net/doc/backbone-aai/guidelines-services/#oidc
* API reference:
Supported :class:`.User` properties:
* id (eduperson_unique_id)
* name (display_name)
* username (preferred_username)
* first_name (given_name)
* last_name (familiy_name)
* email (email_verified or email)
Unsupported :class:`.User` properties:
* birth_date
* city
* country
* gender
* link
* locale
* location
* nickname
* phone
* picture
* postal_code
* timezone
"""
authorization_scope = [
"openid",
"email",
"display_name",
"profile",
"eduperson_unique_id",
"eduperson_entitlement",
"eduperson_scoped_affiliation",
]
user_info_scope = []
supported_user_attributes = core.SupportedUserAttributes(
id=True,
name=True,
username=True,
first_name=True,
last_name=True,
email=True,
)
well_known_live_url = (
"https://login.helmholtz.de/oauth2/.well-known/openid-configuration"
)
well_known_test_url = (
"https://login-dev.helmholtz.de/oauth2/.well-known/openid-configuration"
)
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.scope += self.authorization_scope
@property
def user_authorization_url(self):
# TODO: Fetch and cache from .well-known
return "https://login-dev.helmholtz.de/oauth2-as/oauth2-authz"
@property
def access_token_url(self):
# TODO: Fetch and cache from .well-known
return "https://login-dev.helmholtz.de/oauth2/token"
@property
def user_info_url(self):
# TODO: Fetch and cache from .well-known
return "https://login-dev.helmholtz.de/oauth2/userinfo"
def _x_scope_parser(self, scope):
# OIDC has space-separated scopes
return " ".join(scope)
@classmethod
def _x_credentials_parser(
cls, credentials: core.Credentials, data: dict
) -> core.Credentials:
if data.get("token_
6C74
type") == "bearer":
credentials.token_type = cls.BEARER
return credentials
@staticmethod
def _x_user_parser(user: core.User, data: dict) -> core.User:
# map properties
user.id = data.get("eduperson_unique_id")
user.name = data.get("display_name")
user.username = data.get("preferred_username")
user.first_name = data.get("given_name")
user.last_name = data.get("familiy_name")
user.email = data.get("email")
return user
PROVIDER_ID_MAP.append(HelmholtzAAI) |
I am trying to find a solution to authenticate users via the V2 Microsoft Azure endpoint using OpenID Connect (to seamlessly login Office 365 users) on a Google Appengine application (Webapp2).
This project seems to accomplish everything else OAuth2 replated but not OpenId Connect which is used by the Microsoft V2 endpoint, am I missing something or does authomatic NOT support OpenId Connect?
Thanks,
Ian
The text was updated successfully, but these errors were encountered: