reference RP
This commit is contained in:
parent
850240ab97
commit
8e8c33a407
7 changed files with 1508 additions and 0 deletions
39
examples/rp-reference/config.py
Normal file
39
examples/rp-reference/config.py
Normal file
|
|
@ -0,0 +1,39 @@
|
|||
"""RP configuration, read from the environment with sensible local defaults.
|
||||
|
||||
Every value can be overridden with an OIDC_RP_* environment variable. The
|
||||
defaults assume porchlight is running locally on :8000 and this RP on :9000.
|
||||
"""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import os
|
||||
from dataclasses import dataclass
|
||||
|
||||
|
||||
@dataclass(frozen=True)
|
||||
class Config:
|
||||
# The OP's issuer URL. Discovery is derived from this:
|
||||
# {issuer}/.well-known/openid-configuration
|
||||
issuer: str = os.environ.get("OIDC_RP_ISSUER", "http://localhost:8000")
|
||||
|
||||
# Credentials for the client registered in porchlight.toml. See README.
|
||||
client_id: str = os.environ.get("OIDC_RP_CLIENT_ID", "showcase-rp")
|
||||
client_secret: str = os.environ.get("OIDC_RP_CLIENT_SECRET", "change-me")
|
||||
|
||||
# Where the OP redirects back to after authentication. Must exactly match
|
||||
# one of the redirect_uris registered for the client.
|
||||
redirect_uri: str = os.environ.get(
|
||||
"OIDC_RP_REDIRECT_URI", "http://localhost:9000/callback"
|
||||
)
|
||||
|
||||
# Scopes we request. offline_access is what makes the OP issue a refresh
|
||||
# token (porchlight gates it behind this scope).
|
||||
scope: str = os.environ.get("OIDC_RP_SCOPE", "openid profile email offline_access")
|
||||
|
||||
# Secret used to sign the session-id cookie (NOT the OIDC client_secret).
|
||||
session_secret: str = os.environ.get(
|
||||
"OIDC_RP_SESSION_SECRET", "dev-only-rp-session-secret-change-me"
|
||||
)
|
||||
|
||||
# Allowed clock skew (seconds) when validating exp/iat.
|
||||
leeway: int = int(os.environ.get("OIDC_RP_LEEWAY", "30"))
|
||||
Loading…
Add table
Add a link
Reference in a new issue