OIDCConfig¶
- pydantic settings gafaelfawr.config.OIDCConfig¶
Configuration for a generic OpenID Connect authentication provider.
- Parameters:
- Fields:
- Validators:
_validate_audience
»audience
- field audience: str [Required]¶
Value of audience (
aud
) claim to expect. If not set, defaults to the client ID.- Validated by:
_validate_audience
- field clientId: str [Required] (name 'client_id')¶
Client ID for talking to the OpenID Connect provider
- field clientSecret: SecretStr [Required] (name 'client_secret')¶
Secret for talking to the OpenID Connect provider
- field enrollmentUrl: HttpUrlString | None = None (name 'enrollment_url')¶
If LDAP username lookup is configured (using
ldap.username_base_dn
) and the user could not be found, redirect the user, after login, to this URL so that they can register
- field issuer: str [Required]¶
Expected issuer claim (
iss
) of the ID token
- field loginParams: dict[str, str] = {} (name 'login_params')¶
Additional parameters to the login URL
- field loginUrl: HttpUrlString [Required] (name 'login_url')¶
URL to which to send the user to initiate authentication
- field redirectUrl: HttpUrlString [Required] (name 'redirect_url')¶
Where the user should be sent after authentication. This must match the URL registered with CILogon. It should be the full URL of the
/login
route.
- field scopes: list[str] = []¶
Scopes to request from the authentication provider. The
openid
scope will always be added and does not need to be specified.
- field tokenUrl: HttpUrlString [Required] (name 'token_url')¶
URL from which to redeem the authentication code for a token
- field usernameClaim: str = 'uid' (name 'username_claim')¶
OpenID Connect ID token claim containing the username