OIDCSettings

pydantic model gafaelfawr.config.OIDCSettings

pydantic model of OpenID Connect configuration.

Parameters:

data (Any)

Show JSON schema
{
   "title": "OIDCSettings",
   "description": "pydantic model of OpenID Connect configuration.",
   "type": "object",
   "properties": {
      "clientId": {
         "title": "Clientid",
         "type": "string"
      },
      "clientSecretFile": {
         "format": "path",
         "title": "Clientsecretfile",
         "type": "string"
      },
      "loginUrl": {
         "format": "uri",
         "minLength": 1,
         "title": "Loginurl",
         "type": "string"
      },
      "loginParams": {
         "additionalProperties": {
            "type": "string"
         },
         "default": {},
         "description": "Additional parameters to the login URL",
         "title": "Additional login parameters",
         "type": "object"
      },
      "redirectUrl": {
         "format": "uri",
         "minLength": 1,
         "title": "Redirecturl",
         "type": "string"
      },
      "tokenUrl": {
         "format": "uri",
         "minLength": 1,
         "title": "Tokenurl",
         "type": "string"
      },
      "enrollmentUrl": {
         "anyOf": [
            {
               "format": "uri",
               "minLength": 1,
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Enrollmenturl"
      },
      "scopes": {
         "default": [],
         "description": "Scopes to request from the authentication provider. The ``openid`` scope will always be added and does not need to be specified.",
         "items": {
            "type": "string"
         },
         "title": "Scopes to request",
         "type": "array"
      },
      "issuer": {
         "title": "Issuer",
         "type": "string"
      },
      "audience": {
         "title": "Audience",
         "type": "string"
      },
      "usernameClaim": {
         "default": "uid",
         "title": "Usernameclaim",
         "type": "string"
      }
   },
   "additionalProperties": false,
   "required": [
      "clientId",
      "clientSecretFile",
      "loginUrl",
      "redirectUrl",
      "tokenUrl",
      "issuer",
      "audience"
   ]
}

Fields:
field audience: str [Required]

Expected audience of the ID token.

field clientId: str [Required] (name 'client_id')

Client ID for talking to the OpenID Connect provider.

field clientSecretFile: Path [Required] (name 'client_secret_file')

File containing secret for talking to the OpenID Connect provider.

field enrollmentUrl: AnyHttpUrl | None = None (name 'enrollment_url')

URL to which the user should be redirected if not enrolled.

If LDAP username lookup is configured (using ldap.username_base_dn) and the user could not be found, redirect the user, after login, to this URL so that they can register.

field issuer: str [Required]

Expected issuer of the ID token.

field loginParams: dict[str, str] = {} (name 'login_params')

Additional parameters to the login URL

field loginUrl: AnyHttpUrl [Required] (name 'login_url')

URL to which to send the user to initiate authentication.

Constraints:
  • allowed_schemes = [‘http’, ‘https’]

field redirectUrl: AnyHttpUrl [Required] (name 'redirect_url')

Return URL to which the authentication provider should send the user.

This should be the full URL of the /login route of Gafaelfawr.

Constraints:
  • allowed_schemes = [‘http’, ‘https’]

field scopes: list[str] = []

Scopes to request from the authentication provider. The openid scope will always be added and does not need to be specified.

field tokenUrl: AnyHttpUrl [Required] (name 'token_url')

URL at which to redeem the authentication code for a token.

Constraints:
  • allowed_schemes = [‘http’, ‘https’]

field usernameClaim: str = 'uid' (name 'username_claim')

Name of claim to use as the username.