Authentication service with OpenID Connect.
Environment variables (single tenant):
| Variable | Description | Default value |
|---|---|---|
ISSUER_URL |
OpenID Connect Issuer URL | - |
CLIENT_ID |
Client ID | - |
CLIENT_SECRET |
Client secret | - |
- JSON schema
- File location:
$CONFIG_PATH/<tenant>/oidcAuthConfig.json
Example:
{
"$schema": "https://github.com/qwc-services/qwc-oidc-auth/raw/main/schemas/qwc-oidc-auth.json",
"service": "oidc-auth",
"config": {
"issuer_url": "https://qwc2-dev.onelogin.com/oidc/2",
"client_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxx",
"client_secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
}The service expects authentication service information at $ISSUER_URL/.well-known/openid-configuration
See JSON schema for optional configuration options.
CLIENT_ID and CLIENT_SECRET are defined on identity provider side.
The Redirect URI is the public base URL with the endpoint /callback (Example: https://qwc2.sourcepole.ch/oauth/callback).
This redirect URI can be manually configured with redirect_uri.
Create a virtual environment:
python3 -m venv .venv
Activate virtual environment:
source .venv/bin/activate
Install requirements:
pip install -r requirements.txt
Configure environment:
echo FLASK_ENV=development >.flaskenv
Start local service:
python src/server.py
Run standalone application:
python src/server.py
Login: http://127.0.0.1:5017/login