[#483] add support for mozilla django OIDC db config (#490)

maykinmedia · Dec 13, 2024 · c855991 · c855991
1 parent a2678c7
commit c855991
Show file tree

Hide file tree

Showing 8 changed files with 49 additions and 5 deletions.
diff --git a/bin/setup_configuration.sh b/bin/setup_configuration.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# setup initial configuration using an yaml file
+# setup initial configuration using a yaml file
 # Run this script from the root of the repository
 
 set -e

diff --git a/docker/setup_configuration/data.yaml b/docker/setup_configuration/data.yaml
@@ -32,3 +32,17 @@ objecttypes:
     - uuid: b427ef84-189d-43aa-9efd-7bb2c459e281
       name: Object Type 1
       service_identifier: objecttypes-api
+
+oidc_db_config_enable: true
+oidc_db_config_admin_auth:
+  items:
+    - identifier: admin-oidc
+      oidc_rp_client_id: client-id
+      oidc_rp_client_secret: secret
+      endpoint_config:
+        oidc_op_authorization_endpoint: https://example.com/realms/test/protocol/openid-connect/auth
+        oidc_op_token_endpoint: https://example.com/realms/test/protocol/openid-connect/token
+        oidc_op_user_endpoint: https://example.com/realms/test/protocol/openid-connect/userinfo
+
+      # workaround for https://github.com/maykinmedia/django-setup-configuration/issues/27
+      userinfo_claims_source: id_token
diff --git a/docs/installation/config_cli.rst b/docs/installation/config_cli.rst
@@ -110,6 +110,29 @@ Tokens configuration
 Mozilla-django-oidc-db
 ----------------------
 
+Create or update the (single) YAML configuration file with your settings:
+
+.. code-block:: yaml
+
+   ...
+    oidc_db_config_enable: true
+    oidc_db_config_admin_auth:
+    items:
+      - identifier: admin-oidc
+        oidc_rp_client_id: client-id
+        oidc_rp_client_secret: secret
+        endpoint_config:
+          oidc_op_authorization_endpoint: https://example.com/realms/test/protocol/openid-connect/auth
+          oidc_op_token_endpoint: https://example.com/realms/test/protocol/openid-connect/token
+          oidc_op_user_endpoint: https://example.com/realms/test/protocol/openid-connect/userinfo
+
+      # workaround for https://github.com/maykinmedia/django-setup-configuration/issues/27
+      userinfo_claims_source: id_token
+   ...
+
+More details about configuring mozilla-django-oidc-db through ``setup_configuration``
+can be found at the _`documentation`: https://mozilla-django-oidc-db.readthedocs.io/en/latest/setup_configuration.html.
+
 Sites configuration
 -------------------
 

diff --git a/requirements/base.in b/requirements/base.in
@@ -8,3 +8,4 @@ furl
 # Common ground libraries
 notifications-api-common[setup-configuration]
 zgw-consumers[setup-configuration]
+mozilla-django-oidc-db[setup-configuration]
diff --git a/requirements/base.txt b/requirements/base.txt
@@ -155,6 +155,7 @@ django-sessionprofile==3.0.0
     # via open-api-framework
 django-setup-configuration==0.4.0
     # via
+    #   mozilla-django-oidc-db
     #   notifications-api-common
     #   open-api-framework
     #   zgw-consumers
@@ -242,8 +243,10 @@ maykin-2fa==1.0.1
     # via open-api-framework
 mozilla-django-oidc==4.0.0
     # via mozilla-django-oidc-db
-mozilla-django-oidc-db==0.19.0
-    # via open-api-framework
+mozilla-django-oidc-db[setup-configuration]==0.21.1
+    # via
+    #   -r requirements/base.in
+    #   open-api-framework
 notifications-api-common[setup-configuration]==0.4.0
     # via
     #   -r requirements/base.in

diff --git a/requirements/ci.txt b/requirements/ci.txt
@@ -242,6 +242,7 @@ django-sessionprofile==3.0.0
 django-setup-configuration==0.4.0
     # via
     #   -r requirements/base.txt
+    #   mozilla-django-oidc-db
     #   notifications-api-common
     #   open-api-framework
     #   zgw-consumers
@@ -398,7 +399,7 @@ mozilla-django-oidc==4.0.0
     # via
     #   -r requirements/base.txt
     #   mozilla-django-oidc-db
-mozilla-django-oidc-db==0.19.0
+mozilla-django-oidc-db[setup-configuration]==0.21.1
     # via
     #   -r requirements/base.txt
     #   open-api-framework

diff --git a/requirements/dev.txt b/requirements/dev.txt
@@ -257,6 +257,7 @@ django-sessionprofile==3.0.0
 django-setup-configuration==0.4.0
     # via
     #   -r requirements/base.txt
+    #   mozilla-django-oidc-db
     #   notifications-api-common
     #   open-api-framework
     #   zgw-consumers
@@ -420,7 +421,7 @@ mozilla-django-oidc==4.0.0
     # via
     #   -r requirements/base.txt
     #   mozilla-django-oidc-db
-mozilla-django-oidc-db==0.19.0
+mozilla-django-oidc-db[setup-configuration]==0.21.1
     # via
     #   -r requirements/base.txt
     #   open-api-framework

diff --git a/src/objects/conf/base.py b/src/objects/conf/base.py
@@ -87,4 +87,5 @@
     "zgw_consumers.contrib.setup_configuration.steps.ServiceConfigurationStep",
     "notifications_api_common.contrib.setup_configuration.steps.NotificationConfigurationStep",
     "objects.setup_configuration.steps.objecttypes.ObjectTypesConfigurationStep",
+    "mozilla_django_oidc_db.setup_configuration.steps.AdminOIDCConfigurationStep",
 )