From 7c1736f36aadf9e0bffda6d0bcb13ff1758ca48e Mon Sep 17 00:00:00 2001
From: Sonny Bakker <sonny@maykinmedia.nl>
Date: Thu, 12 Dec 2024 12:37:42 +0100
Subject: [PATCH] [#483] add suport for the mozilla-django-oidc-db
 configuration step

---
 docker/setup_configuration/data.yaml |  9 +++++++++
 docs/installation/config_cli.rst     | 21 +++++++++++++++++++++
 requirements/base.in                 |  1 +
 requirements/base.txt                |  7 +++++--
 requirements/ci.txt                  |  3 ++-
 requirements/dev.txt                 |  3 ++-
 src/objects/conf/base.py             |  1 +
 7 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/docker/setup_configuration/data.yaml b/docker/setup_configuration/data.yaml
index 3853ff5f..563693eb 100644
--- a/docker/setup_configuration/data.yaml
+++ b/docker/setup_configuration/data.yaml
@@ -13,3 +13,12 @@ zgw_consumers:
     api_connection_check_path: objecttypes
     api_type: orc
     auth_type: api_key
+
+oidc_db_config_enable: true
+oidc_db_config_admin_auth:
+  oidc_rp_client_id: client-id
+  oidc_rp_client_secret: secret
+  endpoint_config:
+    oidc_op_authorization_endpoint: https://example.com/realms/test/protocol/openid-connect/auth
+    oidc_op_token_endpoint: https://example.com/realms/test/protocol/openid-connect/token
+    oidc_op_user_endpoint: https://example.com/realms/test/protocol/openid-connect/userinfo
diff --git a/docs/installation/config_cli.rst b/docs/installation/config_cli.rst
index 46d76a15..fb50f579 100644
--- a/docs/installation/config_cli.rst
+++ b/docs/installation/config_cli.rst
@@ -77,6 +77,27 @@ created. An example of a configuration could be seen below:
         auth_type: api_key
    ....
 
+Mozilla-django-oidc-db
+----------------------
+
+Create or update the (single) YAML configuration file with your settings:
+
+.. code-block:: yaml
+
+   ...
+    oidc_db_config_enable: true
+    oidc_db_config_admin_auth:
+    items:
+      - identifier: admin-oidc
+        oidc_rp_client_id: client-id
+        oidc_rp_client_secret: secret
+        endpoint_config:
+          oidc_op_discovery_endpoint: https://keycloak.local/protocol/openid-connect/
+   ...
+
+More details about configuring mozilla-django-oidc-db through ``setup_configuration``
+can be found at the _`documentation`: https://mozilla-django-oidc-db.readthedocs.io/en/latest/setup_configuration.html.
+
 Execution
 =========
 
diff --git a/requirements/base.in b/requirements/base.in
index 8621c029..ecb02afa 100644
--- a/requirements/base.in
+++ b/requirements/base.in
@@ -8,3 +8,4 @@ furl
 # Common ground libraries
 notifications-api-common
 zgw-consumers[setup-configuration]
+mozilla-django-oidc-db[setup-configuration]
diff --git a/requirements/base.txt b/requirements/base.txt
index 716ada15..99908f94 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -155,6 +155,7 @@ django-sessionprofile==3.0.0
     # via open-api-framework
 django-setup-configuration==0.4.0
     # via
+    #   mozilla-django-oidc-db
     #   open-api-framework
     #   zgw-consumers
 django-simple-certmanager==1.4.1
@@ -240,8 +241,10 @@ maykin-2fa==1.0.1
     # via open-api-framework
 mozilla-django-oidc==4.0.0
     # via mozilla-django-oidc-db
-mozilla-django-oidc-db==0.19.0
-    # via open-api-framework
+mozilla-django-oidc-db[setup-configuration]==0.21.1
+    # via
+    #   -r requirements/base.in
+    #   open-api-framework
 notifications-api-common==0.3.1
     # via
     #   -r requirements/base.in
diff --git a/requirements/ci.txt b/requirements/ci.txt
index f7f994b2..e76d786a 100644
--- a/requirements/ci.txt
+++ b/requirements/ci.txt
@@ -242,6 +242,7 @@ django-sessionprofile==3.0.0
 django-setup-configuration==0.4.0
     # via
     #   -r requirements/base.txt
+    #   mozilla-django-oidc-db
     #   open-api-framework
     #   zgw-consumers
 django-simple-certmanager==1.4.1
@@ -396,7 +397,7 @@ mozilla-django-oidc==4.0.0
     # via
     #   -r requirements/base.txt
     #   mozilla-django-oidc-db
-mozilla-django-oidc-db==0.19.0
+mozilla-django-oidc-db[setup-configuration]==0.21.1
     # via
     #   -r requirements/base.txt
     #   open-api-framework
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 6d358b47..fae21901 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -257,6 +257,7 @@ django-sessionprofile==3.0.0
 django-setup-configuration==0.4.0
     # via
     #   -r requirements/base.txt
+    #   mozilla-django-oidc-db
     #   open-api-framework
     #   zgw-consumers
 django-simple-certmanager==1.4.1
@@ -418,7 +419,7 @@ mozilla-django-oidc==4.0.0
     # via
     #   -r requirements/base.txt
     #   mozilla-django-oidc-db
-mozilla-django-oidc-db==0.19.0
+mozilla-django-oidc-db[setup-configuration]==0.21.1
     # via
     #   -r requirements/base.txt
     #   open-api-framework
diff --git a/src/objects/conf/base.py b/src/objects/conf/base.py
index b9bfa55a..37c3f14d 100644
--- a/src/objects/conf/base.py
+++ b/src/objects/conf/base.py
@@ -86,4 +86,5 @@
 SETUP_CONFIGURATION_STEPS = (
     "zgw_consumers.contrib.setup_configuration.steps.ServiceConfigurationStep"
     "objects.setup_configuration.steps.sites.SitesConfigurationStep",
+    "mozilla_django_oidc_db.setup_configuration.steps.AdminOIDCConfigurationStep",
 )