nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-03-11 09:04:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
FreedomBox/plinth/modules/oidc/urls.py
Sunil Mohan Adapa 45076cc603
oidc: New app to implement OpenID Connect Provider 
- Add a component to easily manage registration of client applications.

Tests:

- Package build is successful has dependency on python3-django-auto-toolkit

- python3-django-oauth-toolkit can be installed on stable, testing and unstable
containers

- /.well-known/openid-configuration and /.well-known/jwks.json are servered
properly.

- /o/ URLs don't require login to access

- When logging in list of claims includes 'sub', email, freedombox_groups.

- Logging in using IP address works. Also works with a port.

- Logging in using 127.0.0.1 address works. Also works with a port.

- Logging in using localhost works. Also works with a port.

- Logging in with IPv6 address works. Also works with a port.

- Logging in with IPv6 [::1] address works. Also works with a port.

- Logging in with IPv6 link-local address with zone ID is not possible (as
browsers don't support them).

- When authorization page is enabled, scopes show description as expected.

- When domain name is added/removed, all OIDC components are updated with
expected domains

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2026-03-02 20:50:46 -05:00

32 lines
1.2 KiB
Python
Raw Blame History

# SPDX-License-Identifier: AGPL-3.0-or-later
"""URLs for the OpenID Connect module.
All the '/freedombox/o' URLs are implemented in this module by including them
from django-oauth-toolkit. However, they are included in plinth/urls.py instead
of here because FreedomBox module loading logic automatically namespaces the
URL names. This causes problems when metadata view tries to resolve URLs.
/.well-known/openid-configuration is proxied to
/freedombox/o/.well-known/openid-configuration by Apache2. Similarly,
/.well-known/jwks.json is proxied to /freedombox/o/.well-known/jwks.json.
Important URLs:
- /freedombox/o is the primary URL for identity provider.
- /freedombox/o/.well-known/openid-configuration is the way to discover
additional URLs (such as ./authorize and ./token) needed for OIDC to work.
- /freedombox/o/authorize is used to start the authorization process and get an
authorization code grant.
- /freedombox/o/token is used to get access token and refresh token using the
authorization code. It is also used to get a new access token using the refresh
token.
- /freedombox/o/userinfo provides the claims such as 'sub', 'email',
'freedombox_groups' using an access token.
"""
urlpatterns: list = []
Reference in New Issue View Git Blame Copy Permalink