reference RP

This commit is contained in:
Johan Lundberg 2026-06-29 09:23:22 +02:00
parent 850240ab97
commit 8e8c33a407
No known key found for this signature in database
GPG key ID: A6C152738D03C7D1
7 changed files with 1508 additions and 0 deletions

View file

@ -0,0 +1,39 @@
"""RP configuration, read from the environment with sensible local defaults.
Every value can be overridden with an OIDC_RP_* environment variable. The
defaults assume porchlight is running locally on :8000 and this RP on :9000.
"""
from __future__ import annotations
import os
from dataclasses import dataclass
@dataclass(frozen=True)
class Config:
# The OP's issuer URL. Discovery is derived from this:
# {issuer}/.well-known/openid-configuration
issuer: str = os.environ.get("OIDC_RP_ISSUER", "http://localhost:8000")
# Credentials for the client registered in porchlight.toml. See README.
client_id: str = os.environ.get("OIDC_RP_CLIENT_ID", "showcase-rp")
client_secret: str = os.environ.get("OIDC_RP_CLIENT_SECRET", "change-me")
# Where the OP redirects back to after authentication. Must exactly match
# one of the redirect_uris registered for the client.
redirect_uri: str = os.environ.get(
"OIDC_RP_REDIRECT_URI", "http://localhost:9000/callback"
)
# Scopes we request. offline_access is what makes the OP issue a refresh
# token (porchlight gates it behind this scope).
scope: str = os.environ.get("OIDC_RP_SCOPE", "openid profile email offline_access")
# Secret used to sign the session-id cookie (NOT the OIDC client_secret).
session_secret: str = os.environ.get(
"OIDC_RP_SESSION_SECRET", "dev-only-rp-session-secret-change-me"
)
# Allowed clock skew (seconds) when validating exp/iat.
leeway: int = int(os.environ.get("OIDC_RP_LEEWAY", "30"))