OIDCConfig¶
- pydantic settings gafaelfawr.config.OIDCConfig¶
Configuration for a generic OpenID Connect authentication provider.
- Parameters:
_nested_model_default_partial_update (
bool
|None
, default:None
)_env_file (
Union
[Path
,str
,Sequence
[Union
[Path
,str
]],None
], default:PosixPath('.')
)_cli_parse_args (
bool
|list
[str
] |tuple
[str
,...
] |None
, default:None
)_cli_settings_source (
Optional
[CliSettingsSource
[Any
]], default:None
)_secrets_dir (
Union
[Path
,str
,Sequence
[Union
[Path
,str
]],None
], default:None
)values (
Any
)
- Fields:
- Validators:
_validate_audience
»audience
- field audience: str [Required]¶
Value of audience (
aud
) claim to expect. If not set, defaults to the client ID.- Validated by:
_validate_audience
- field clientId: str [Required] (name 'client_id')¶
Client ID for talking to the OpenID Connect provider
- field clientSecret: SecretStr [Required] (name 'client_secret')¶
Secret for talking to the OpenID Connect provider
- field enrollmentUrl: HttpUrl | None = None (name 'enrollment_url')¶
If LDAP username lookup is configured (using
ldap.username_base_dn
) and the user could not be found, redirect the user, after login, to this URL so that they can register
- field issuer: str [Required]¶
Expected issuer claim (
iss
) of the ID token
- field loginParams: dict[str, str] = {} (name 'login_params')¶
Additional parameters to the login URL
- field loginUrl: HttpUrl [Required] (name 'login_url')¶
URL to which to send the user to initiate authentication
- Constraints:
max_length = 2083
allowed_schemes = [‘http’, ‘https’]
- field redirectUrl: HttpUrl [Required] (name 'redirect_url')¶
Where the user should be sent after authentication. This must match the URL registered with CILogon. It should be the full URL of the
/login
route.- Constraints:
max_length = 2083
allowed_schemes = [‘http’, ‘https’]
- field scopes: list[str] = []¶
Scopes to request from the authentication provider. The
openid
scope will always be added and does not need to be specified.
- field tokenUrl: HttpUrl [Required] (name 'token_url')¶
URL from which to redeem the authentication code for a token
- Constraints:
max_length = 2083
allowed_schemes = [‘http’, ‘https’]
- field usernameClaim: str = 'uid' (name 'username_claim')¶
OpenID Connect ID token claim containing the username