fix oauth2 secret handling
create allways a new one as we have access to the oauth2 server
This commit is contained in:
parent
8f17883b52
commit
2ca56b6df7
|
@ -22,7 +22,6 @@ HYDRA_PUBLIC_URL = 'http://127.0.0.1:4444'
|
||||||
SUBJECT_PREFIX = 'something random'
|
SUBJECT_PREFIX = 'something random'
|
||||||
|
|
||||||
OAUTH_ID = 'identiy_provider'
|
OAUTH_ID = 'identiy_provider'
|
||||||
OAUTH_SECRET = 'ThisIsNotSafe'
|
|
||||||
|
|
||||||
|
|
||||||
[LENTICULAR_CLOUD_SERVICES.jabber]
|
[LENTICULAR_CLOUD_SERVICES.jabber]
|
||||||
|
|
|
@ -1,9 +1,13 @@
|
||||||
|
from secrets import token_hex
|
||||||
from flask import Flask
|
from flask import Flask
|
||||||
from ory_hydra_client import Client
|
from ory_hydra_client import Client
|
||||||
from typing import Optional
|
from typing import Optional
|
||||||
from ory_hydra_client.api.o_auth_2 import list_o_auth_2_clients, create_o_auth_2_client
|
from ory_hydra_client.api.o_auth_2 import list_o_auth_2_clients, create_o_auth_2_client, set_o_auth_2_client
|
||||||
from ory_hydra_client.models.o_auth_20_client import OAuth20Client
|
from ory_hydra_client.models.o_auth_20_client import OAuth20Client
|
||||||
|
|
||||||
|
import logging
|
||||||
|
|
||||||
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
class HydraService:
|
class HydraService:
|
||||||
|
|
||||||
|
@ -19,7 +23,7 @@ class HydraService:
|
||||||
self.set_hydra_client(Client(base_url=app.config['HYDRA_ADMIN_URL']))
|
self.set_hydra_client(Client(base_url=app.config['HYDRA_ADMIN_URL']))
|
||||||
|
|
||||||
client_name = app.config['OAUTH_ID']
|
client_name = app.config['OAUTH_ID']
|
||||||
client_secret = app.config['OAUTH_SECRET']
|
client_secret = token_hex(16)
|
||||||
|
|
||||||
clients = list_o_auth_2_clients.sync_detailed(_client=self.hydra_client).parsed
|
clients = list_o_auth_2_clients.sync_detailed(_client=self.hydra_client).parsed
|
||||||
if clients is None:
|
if clients is None:
|
||||||
|
@ -45,6 +49,11 @@ class HydraService:
|
||||||
ret = create_o_auth_2_client.sync(json_body=client, _client=self.hydra_client)
|
ret = create_o_auth_2_client.sync(json_body=client, _client=self.hydra_client)
|
||||||
if ret is None:
|
if ret is None:
|
||||||
raise RuntimeError("could not crate account")
|
raise RuntimeError("could not crate account")
|
||||||
|
else:
|
||||||
|
client.client_secret = client_secret
|
||||||
|
ret = set_o_auth_2_client.sync(id=client.client_id,json_body=client, _client=self.hydra_client)
|
||||||
|
if ret is None:
|
||||||
|
raise RuntimeError("could not crate account")
|
||||||
if type(client.client_id) is not str:
|
if type(client.client_id) is not str:
|
||||||
raise RuntimeError("could not parse client_id from ory-hydra")
|
raise RuntimeError("could not parse client_id from ory-hydra")
|
||||||
self.client_id = client.client_id
|
self.client_id = client.client_id
|
||||||
|
|
|
@ -92,7 +92,7 @@ def init_login_manager(app: Flask) -> None:
|
||||||
oauth2.register(
|
oauth2.register(
|
||||||
name="custom",
|
name="custom",
|
||||||
client_id=hydra_service.client_id,
|
client_id=hydra_service.client_id,
|
||||||
client_secret=app.config['OAUTH_SECRET'],
|
client_secret=hydra_service.client_secret,
|
||||||
server_metadata_url=f'{base_url}/.well-known/openid-configuration',
|
server_metadata_url=f'{base_url}/.well-known/openid-configuration',
|
||||||
access_token_url=f"{base_url}/oauth2/token",
|
access_token_url=f"{base_url}/oauth2/token",
|
||||||
authorize_url=f"{base_url}/oauth2/auth",
|
authorize_url=f"{base_url}/oauth2/auth",
|
||||||
|
|
Loading…
Reference in a new issue