porchlight/examples/rp-reference/config.py
Johan Lundberg 8e8c33a407
reference RP
2026-06-29 09:23:22 +02:00

39 lines
1.5 KiB
Python

"""RP configuration, read from the environment with sensible local defaults.
Every value can be overridden with an OIDC_RP_* environment variable. The
defaults assume porchlight is running locally on :8000 and this RP on :9000.
"""
from __future__ import annotations
import os
from dataclasses import dataclass
@dataclass(frozen=True)
class Config:
# The OP's issuer URL. Discovery is derived from this:
# {issuer}/.well-known/openid-configuration
issuer: str = os.environ.get("OIDC_RP_ISSUER", "http://localhost:8000")
# Credentials for the client registered in porchlight.toml. See README.
client_id: str = os.environ.get("OIDC_RP_CLIENT_ID", "showcase-rp")
client_secret: str = os.environ.get("OIDC_RP_CLIENT_SECRET", "change-me")
# Where the OP redirects back to after authentication. Must exactly match
# one of the redirect_uris registered for the client.
redirect_uri: str = os.environ.get(
"OIDC_RP_REDIRECT_URI", "http://localhost:9000/callback"
)
# Scopes we request. offline_access is what makes the OP issue a refresh
# token (porchlight gates it behind this scope).
scope: str = os.environ.get("OIDC_RP_SCOPE", "openid profile email offline_access")
# Secret used to sign the session-id cookie (NOT the OIDC client_secret).
session_secret: str = os.environ.get(
"OIDC_RP_SESSION_SECRET", "dev-only-rp-session-secret-change-me"
)
# Allowed clock skew (seconds) when validating exp/iat.
leeway: int = int(os.environ.get("OIDC_RP_LEEWAY", "30"))