🐛 Generic OIDC authentication

2025-07-24 18:55:18 +02:00 · 2025-07-24 18:55:18 +02:00 · aaf4a2cc6b
commit aaf4a2cc6b
parent 9ab27e78b9
3 changed files with 5 additions and 7 deletions
--- a/backend/trip/config.py
+++ b/backend/trip/config.py
@ -19,10 +19,8 @@ class Settings(BaseSettings):

    REGISTER_ENABLE: bool = True
    OIDC_DISCOVERY_URL: str = ""
-    OIDC_PROTOCOL: str = "https"
    OIDC_CLIENT_ID: str = ""
    OIDC_CLIENT_SECRET: str = ""
-    OIDC_HOST: str = ""
    OIDC_REDIRECT_URI: str = ""

    class Config:
--- a/backend/trip/routers/auth.py
+++ b/backend/trip/routers/auth.py
@ -16,7 +16,7 @@ router = APIRouter(prefix="/api/auth", tags=["auth"])
 async def auth_params() -> AuthParams:
    data = {"oidc": None, "register_enabled": settings.REGISTER_ENABLE}

-    if settings.OIDC_HOST and settings.OIDC_CLIENT_ID and settings.OIDC_CLIENT_SECRET:
+    if settings.OIDC_CLIENT_ID and settings.OIDC_CLIENT_SECRET:
        oidc_config = await get_oidc_config()
        auth_endpoint = oidc_config.get("authorization_endpoint")
        data["oidc"] = (
@ -28,7 +28,7 @@ async def auth_params() -> AuthParams:

@router.post("/oidc/login", response_model=Token)
 async def oidc_login(session: SessionDep, code: str = Body(..., embed=True)) -> Token:
-    if not (settings.OIDC_HOST or settings.OIDC_CLIENT_ID or settings.OIDC_CLIENT_SECRET):
+    if not (settings.OIDC_CLIENT_ID or settings.OIDC_CLIENT_SECRET):
        raise HTTPException(status_code=400, detail="Partial OIDC config")

    oidc_config = await get_oidc_config()
--- a/backend/trip/security.py
+++ b/backend/trip/security.py
@ -71,9 +71,9 @@ async def get_oidc_config():
    if OIDC_CONFIG:
        return OIDC_CONFIG

-    discovery_url = f"{settings.OIDC_PROTOCOL}://{settings.OIDC_HOST}/.well-known/openid-configuration"
-    if settings.OIDC_DISCOVERY_URL:
-        discovery_url = settings.OIDC_DISCOVERY_URL
+    discovery_url = settings.OIDC_DISCOVERY_URL
+    if not discovery_url:
+        raise HTTPException(status_code=500, detail="OIDC_DISCOVERY_URL not configured")

    OIDC_CONFIG = await httpx_get(discovery_url)
    return OIDC_CONFIG