OIDCSettings¶
- pydantic model gafaelfawr.config.OIDCSettings¶
pydantic model of OpenID Connect configuration.
- Parameters:
data (
Any
)
Show JSON schema
{ "title": "OIDCSettings", "description": "pydantic model of OpenID Connect configuration.", "type": "object", "properties": { "clientId": { "title": "Clientid", "type": "string" }, "clientSecretFile": { "format": "path", "title": "Clientsecretfile", "type": "string" }, "loginUrl": { "format": "uri", "minLength": 1, "title": "Loginurl", "type": "string" }, "loginParams": { "additionalProperties": { "type": "string" }, "default": {}, "description": "Additional parameters to the login URL", "title": "Additional login parameters", "type": "object" }, "redirectUrl": { "format": "uri", "minLength": 1, "title": "Redirecturl", "type": "string" }, "tokenUrl": { "format": "uri", "minLength": 1, "title": "Tokenurl", "type": "string" }, "enrollmentUrl": { "anyOf": [ { "format": "uri", "minLength": 1, "type": "string" }, { "type": "null" } ], "default": null, "title": "Enrollmenturl" }, "scopes": { "default": [], "description": "Scopes to request from the authentication provider. The ``openid`` scope will always be added and does not need to be specified.", "items": { "type": "string" }, "title": "Scopes to request", "type": "array" }, "issuer": { "title": "Issuer", "type": "string" }, "audience": { "title": "Audience", "type": "string" }, "usernameClaim": { "default": "uid", "title": "Usernameclaim", "type": "string" }, "uidClaim": { "default": "uidNumber", "title": "Uidclaim", "type": "string" }, "gidClaim": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Gidclaim" }, "groupsClaim": { "default": "isMemberOf", "title": "Groupsclaim", "type": "string" } }, "required": [ "clientId", "clientSecretFile", "loginUrl", "redirectUrl", "tokenUrl", "issuer", "audience" ] }
- Fields:
- field audience: str [Required]¶
Expected audience of the ID token.
- field clientId: str [Required] (name 'client_id')¶
Client ID for talking to the OpenID Connect provider.
- field clientSecretFile: Path [Required] (name 'client_secret_file')¶
File containing secret for talking to the OpenID Connect provider.
- field enrollmentUrl: AnyHttpUrl | None = None (name 'enrollment_url')¶
URL to which the user should be redirected if not enrolled.
If LDAP username lookup is configured (using
ldap.username_base_dn
) and the user could not be found, redirect the user, after login, to this URL so that they can register.
- field gidClaim: str | None = None (name 'gid_claim')¶
Name of claim to use as the primary GID.
- field groupsClaim: str = 'isMemberOf' (name 'groups_claim')¶
Name of claim to use for the group membership.
- field issuer: str [Required]¶
Expected issuer of the ID token.
- field loginParams: dict[str, str] = {} (name 'login_params')¶
Additional parameters to the login URL
- field loginUrl: AnyHttpUrl [Required] (name 'login_url')¶
URL to which to send the user to initiate authentication.
- Constraints:
allowed_schemes = [‘http’, ‘https’]
- field redirectUrl: AnyHttpUrl [Required] (name 'redirect_url')¶
Return URL to which the authentication provider should send the user.
This should be the full URL of the /login route of Gafaelfawr.
- Constraints:
allowed_schemes = [‘http’, ‘https’]
- field scopes: list[str] = []¶
Scopes to request from the authentication provider. The
openid
scope will always be added and does not need to be specified.
- field tokenUrl: AnyHttpUrl [Required] (name 'token_url')¶
URL at which to redeem the authentication code for a token.
- Constraints:
allowed_schemes = [‘http’, ‘https’]
- field uidClaim: str = 'uidNumber' (name 'uid_claim')¶
Name of claim to use as the UID.
- field usernameClaim: str = 'uid' (name 'username_claim')¶
Name of claim to use as the username.