OIDCSettings#

pydantic model gafaelfawr.config.OIDCSettings#

pydantic model of OpenID Connect configuration.

Parameters:

data (Any) –

Show JSON schema
{
   "title": "OIDCSettings",
   "description": "pydantic model of OpenID Connect configuration.",
   "type": "object",
   "properties": {
      "clientId": {
         "title": "Clientid",
         "type": "string"
      },
      "clientSecretFile": {
         "format": "path",
         "title": "Clientsecretfile",
         "type": "string"
      },
      "loginUrl": {
         "format": "uri",
         "minLength": 1,
         "title": "Loginurl",
         "type": "string"
      },
      "loginParams": {
         "additionalProperties": {
            "type": "string"
         },
         "default": {},
         "description": "Additional parameters to the login URL",
         "title": "Additional login parameters",
         "type": "object"
      },
      "redirectUrl": {
         "format": "uri",
         "minLength": 1,
         "title": "Redirecturl",
         "type": "string"
      },
      "tokenUrl": {
         "format": "uri",
         "minLength": 1,
         "title": "Tokenurl",
         "type": "string"
      },
      "enrollmentUrl": {
         "anyOf": [
            {
               "format": "uri",
               "minLength": 1,
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Enrollmenturl"
      },
      "scopes": {
         "default": [],
         "description": "Scopes to request from the authentication provider. The `openid` scope will always be added and does not need to be specified.",
         "items": {
            "type": "string"
         },
         "title": "Scopes to request",
         "type": "array"
      },
      "issuer": {
         "title": "Issuer",
         "type": "string"
      },
      "audience": {
         "title": "Audience",
         "type": "string"
      },
      "usernameClaim": {
         "default": "uid",
         "title": "Usernameclaim",
         "type": "string"
      },
      "uidClaim": {
         "default": "uidNumber",
         "title": "Uidclaim",
         "type": "string"
      },
      "gidClaim": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Gidclaim"
      },
      "groupsClaim": {
         "default": "isMemberOf",
         "title": "Groupsclaim",
         "type": "string"
      }
   },
   "required": [
      "clientId",
      "clientSecretFile",
      "loginUrl",
      "redirectUrl",
      "tokenUrl",
      "issuer",
      "audience"
   ]
}

Fields:
field audience: str [Required]#

Expected audience of the ID token.

field clientId: str [Required] (name 'client_id')#

Client ID for talking to the OpenID Connect provider.

field clientSecretFile: Path [Required] (name 'client_secret_file')#

File containing secret for talking to the OpenID Connect provider.

field enrollmentUrl: AnyHttpUrl | None = None (name 'enrollment_url')#

URL to which the user should be redirected if not enrolled.

If LDAP username lookup is configured (using ldap.username_base_dn) and the user could not be found, redirect the user, after login, to this URL so that they can register.

field gidClaim: str | None = None (name 'gid_claim')#

Name of claim to use as the primary GID.

field groupsClaim: str = 'isMemberOf' (name 'groups_claim')#

Name of claim to use for the group membership.

field issuer: str [Required]#

Expected issuer of the ID token.

field loginParams: dict[str, str] = {} (name 'login_params')#

Additional parameters to the login URL

field loginUrl: AnyHttpUrl [Required] (name 'login_url')#

URL to which to send the user to initiate authentication.

Constraints:
  • allowed_schemes = [‘http’, ‘https’]

field redirectUrl: AnyHttpUrl [Required] (name 'redirect_url')#

Return URL to which the authentication provider should send the user.

This should be the full URL of the /login route of Gafaelfawr.

Constraints:
  • allowed_schemes = [‘http’, ‘https’]

field scopes: list[str] = []#

Scopes to request from the authentication provider. The openid scope will always be added and does not need to be specified.

field tokenUrl: AnyHttpUrl [Required] (name 'token_url')#

URL at which to redeem the authentication code for a token.

Constraints:
  • allowed_schemes = [‘http’, ‘https’]

field uidClaim: str = 'uidNumber' (name 'uid_claim')#

Name of claim to use as the UID.

field usernameClaim: str = 'uid' (name 'username_claim')#

Name of claim to use as the username.

model_dump(**kwargs)#

Export the model as a dictionary.

Overridden to change the default of by_alias from False to True, so that by default the exported dictionary uses camel-case.

Parameters:

kwargs (Any) –

Return type:

dict[str, Any]

model_dump_json(**kwargs)#

Export the model as JSON.

Overridden to change the default of by_alias from False to True, so that by default the exported dictionary uses camel-case.

Parameters:

kwargs (Any) –

Return type:

str