OIDCConfig#
- class gafaelfawr.config.OIDCConfig(client_id, client_secret, login_url, login_params, redirect_url, token_url, enrollment_url, scopes, issuer, audience, username_claim, uid_claim, gid_claim, groups_claim)#
Bases:
object
Configuration for OpenID Connect authentication.
- Parameters:
Attributes Summary
Expected audience of the ID token.
Client ID for talking to the OpenID Connect provider.
Secret for talking to the OpenID Connect provider.
URL to which the user should be redirected if not enrolled.
Token claim from which to take the primary GID.
Token claim from which to take the group membership.
Expected issuer of the ID token.
Additional parameters to the login URL.
URL to which to send the user to initiate authentication.
Return URL to which the authentication provider should send the user.
Scopes to request from the authentication provider.
URL at which to redeem the authentication code for a token.
Token claim from which to take the UID.
Token claim from which to take the username.
Attributes Documentation
-
enrollment_url:
Optional
[str
]# URL to which the user should be redirected if not enrolled.
If LDAP username lookup is configured (using
ldap.username_base_dn
) and the user could not be found, redirect the user, after login, to this URL so that they can register.
-
redirect_url:
str
# Return URL to which the authentication provider should send the user.
This should be the full URL of the /login route of Gafaelfawr.