OIDCConfig¶

pydantic settings gafaelfawr.config.OIDCConfig¶

Configuration for a generic OpenID Connect authentication provider.

Parameters:

_case_sensitive (bool | None, default: None)
_nested_model_default_partial_update (bool | None, default: None)
_env_prefix (str | None, default: None)
_env_file (Union[Path, str, Sequence[Union[Path, str]], None], default: PosixPath('.'))
_env_file_encoding (str | None, default: None)
_env_ignore_empty (bool | None, default: None)
_env_nested_delimiter (str | None, default: None)
_env_parse_none_str (str | None, default: None)
_env_parse_enums (bool | None, default: None)
_cli_prog_name (str | None, default: None)
_cli_parse_args (bool | list[str] | tuple[str, ...] | None, default: None)
_cli_settings_source (Optional[CliSettingsSource[Any]], default: None)
_cli_parse_none_str (str | None, default: None)
_cli_hide_none_type (bool | None, default: None)
_cli_avoid_json (bool | None, default: None)
_cli_enforce_required (bool | None, default: None)
_cli_use_class_docs_for_groups (bool | None, default: None)
_cli_exit_on_error (bool | None, default: None)
_cli_prefix (str | None, default: None)
_cli_flag_prefix_char (str | None, default: None)
_cli_implicit_flags (bool | None, default: None)
_cli_ignore_unknown_args (bool | None, default: None)
_secrets_dir (Union[Path, str, Sequence[Union[Path, str]], None], default: None)
values (Any)

Fields:

audience (str)
clientId (str)
clientSecret (pydantic.types.SecretStr)
enrollmentUrl (pydantic.networks.HttpUrl | None)
issuer (str)
loginParams (dict[str, str])
loginUrl (pydantic.networks.HttpUrl)
redirectUrl (pydantic.networks.HttpUrl)
scopes (list[str])
tokenUrl (pydantic.networks.HttpUrl)
usernameClaim (str)

Validators:

_validate_audience » audience

field audience: str [Required]¶

Value of audience (aud) claim to expect. If not set, defaults to the client ID.

Validated by:

_validate_audience

field clientId: str [Required] (name 'client_id')¶: Client ID for talking to the OpenID Connect provider

field clientSecret: SecretStr [Required] (name 'client_secret')¶: Secret for talking to the OpenID Connect provider

field enrollmentUrl: HttpUrl | None = None (name 'enrollment_url')¶: If LDAP username lookup is configured (using ldap.username_base_dn) and the user could not be found, redirect the user, after login, to this URL so that they can register

field issuer: str [Required]¶: Expected issuer claim (iss) of the ID token

field loginParams: dict[str, str] = {} (name 'login_params')¶: Additional parameters to the login URL

field loginUrl: HttpUrl [Required] (name 'login_url')¶: URL to which to send the user to initiate authentication

field redirectUrl: HttpUrl [Required] (name 'redirect_url')¶: Where the user should be sent after authentication. This must match the URL registered with CILogon. It should be the full URL of the /login route.

field scopes: list[str] = []¶: Scopes to request from the authentication provider. The openid scope will always be added and does not need to be specified.

field tokenUrl: HttpUrl [Required] (name 'token_url')¶: URL from which to redeem the authentication code for a token

field usernameClaim: str = 'uid' (name 'username_claim')¶: OpenID Connect ID token claim containing the username