Skip to content

Commit

Permalink
chore: default OIDC_API_REQUIRE_SCOPE_FOR_AUTHENTICATION to False
Browse files Browse the repository at this point in the history 
These used to be required with Tunnistamo, but kKeycloak based
authentication does not normally use API scopes.
  • Loading branch information
@voneiden
voneiden committed Jan 4, 2024
1 parent 3a1dae8 commit 620ad7a
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 2 deletions.
2 changes: 1 addition & 1 deletion config_dev.toml.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ COOKIE_PREFIX=kkdev
# to Tunnistamo instance.
OIDC_API_AUDIENCE=https://auth.example.com/kerrokantasi
OIDC_API_SCOPE_PREFIX=kerrokantasi
OIDC_API_REQUIRE_SCOPE_FOR_AUTHENTICATION=True
OIDC_API_REQUIRE_SCOPE_FOR_AUTHENTICATION=False
OIDC_API_ISSUER=https://tunnistamo.example.com/openid
OIDC_API_AUTHORIZATION_FIELD=https://auth.example.com

Expand Down
2 changes: 1 addition & 1 deletion kerrokantasi/settings/base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ def get_git_revision_hash():
HELUSERS_BACK_CHANNEL_LOGOUT_ENABLED=(bool, False),
OIDC_API_AUDIENCE=(list, [""]),
OIDC_API_SCOPE_PREFIX=(list, ["kerrokantasi"]),
OIDC_API_REQUIRE_SCOPE_FOR_AUTHENTICATION=(bool, True),
OIDC_API_REQUIRE_SCOPE_FOR_AUTHENTICATION=(bool, False),
OIDC_API_ISSUER=(list, [""]),
OIDC_API_AUTHORIZATION_FIELD=(list, [""]),
SOCIAL_AUTH_TUNNISTAMO_KEY=(str, ""),
Expand Down
1 change: 1 addition & 0 deletions kerrokantasi/settings/test_settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
OIDC_API_TOKEN_AUTH = globals()["OIDC_API_TOKEN_AUTH"]
OIDC_API_TOKEN_AUTH["API_AUTHORIZATION_FIELD"] = ["authorization.permissions.scopes"]
OIDC_API_TOKEN_AUTH["ISSUER"] = ["http://test.local:8000/openid"]
OIDC_API_TOKEN_AUTH["REQUIRE_API_SCOPE_FOR_AUTHENTICATION"] = False

0 comments on commit 620ad7a

Please sign in to comment.