Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[#483] add support for mozilla django OIDC db config #490

Merged
merged 5 commits into from
Dec 13, 2024
Merged

[#483] add support for mozilla django OIDC db config #490

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
93d6095
[#483] add suport for the mozilla-django-oidc-db configuration step
Dec 12, 2024
7812441
[#483] use latest configuration format in documentation and example file
SonnyBA Dec 13, 2024
0f59a57
[#483] Update setup configuration script
SonnyBA Dec 13, 2024
8e316de
[#483] add workaround for django-setup-configuration/issues/27
SonnyBA Dec 13, 2024
6690bc3
[#483] apply formatting
SonnyBA Dec 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion bin/setup_configuration.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/bin/bash

# setup initial configuration using an yaml file
# setup initial configuration using a yaml file
# Run this script from the root of the repository

set -e
Expand Down
14 changes: 14 additions & 0 deletions docker/setup_configuration/data.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,3 +32,17 @@ objecttypes:
- uuid: b427ef84-189d-43aa-9efd-7bb2c459e281
name: Object Type 1
service_identifier: objecttypes-api

oidc_db_config_enable: true
oidc_db_config_admin_auth:
items:
- identifier: admin-oidc
oidc_rp_client_id: client-id
oidc_rp_client_secret: secret
endpoint_config:
oidc_op_authorization_endpoint: https://example.com/realms/test/protocol/openid-connect/auth
oidc_op_token_endpoint: https://example.com/realms/test/protocol/openid-connect/token
oidc_op_user_endpoint: https://example.com/realms/test/protocol/openid-connect/userinfo
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it just me or does this raise errors because userinfo_claims_source is missing?

Unable to satisfy prerequisites for step: Configuration for admin login via OpenID Connect:
CommandError: Prerequisites for configuration are not fulfilled: Configuration for admin login via OpenID Connect: Failed to load config model for Configuration for admin login via OpenID Connect. Further details:
1 validation error for ConfigSettingsSourceOidc_db_config_admin_auth
oidc_db_config_admin_auth.items.0.userinfo_claims_source
  Input should be 'userinfo_endpoint' or 'id_token' [type=literal_error, input_value=UserInformationClaimsSources.userinfo_endpoint, input_type=UserInformationClaimsSources]
    For further information visit https://errors.pydantic.dev/2.9/v/literal_error

Copy link
Contributor

@danielmursa-dev danielmursa-dev Dec 13, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@stevenbal I also had the same error these days, and I think the problem is related to the right version of pydantic, i think should be pydantic>=2.10

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@danielmursa-dev The PR referenced in this issue fixes it through django-setup-configuration. It might be worthwhile to look at the PR and post your findings, a version bump of pydantic might be a good solution instead of fixing it in django-setup-configuration.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I have a fix for this in the library, validating now and if it works I'll make a release of setup-configuration.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a separate issue it turns out: the library is passing the actual attribute on the underlying TextChoices rather than a literal string. Apparently, Pydantic 2.10 stringifies it somewhere along the lines. I filed an issue for this in maykinmedia/django-setup-configuration#31


# workaround for https://github.com/maykinmedia/django-setup-configuration/issues/27
userinfo_claims_source: id_token
23 changes: 23 additions & 0 deletions docs/installation/config_cli.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,29 @@ Tokens configuration
Mozilla-django-oidc-db
----------------------

Create or update the (single) YAML configuration file with your settings:

.. code-block:: yaml

...
oidc_db_config_enable: true
oidc_db_config_admin_auth:
items:
- identifier: admin-oidc
oidc_rp_client_id: client-id
oidc_rp_client_secret: secret
endpoint_config:
oidc_op_authorization_endpoint: https://example.com/realms/test/protocol/openid-connect/auth
oidc_op_token_endpoint: https://example.com/realms/test/protocol/openid-connect/token
oidc_op_user_endpoint: https://example.com/realms/test/protocol/openid-connect/userinfo

# workaround for https://github.com/maykinmedia/django-setup-configuration/issues/27
userinfo_claims_source: id_token
...

More details about configuring mozilla-django-oidc-db through ``setup_configuration``
can be found at the _`documentation`: https://mozilla-django-oidc-db.readthedocs.io/en/latest/setup_configuration.html.

Sites configuration
-------------------

Expand Down
1 change: 1 addition & 0 deletions requirements/base.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,4 @@ furl
# Common ground libraries
notifications-api-common[setup-configuration]
zgw-consumers[setup-configuration]
mozilla-django-oidc-db[setup-configuration]
7 changes: 5 additions & 2 deletions requirements/base.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,7 @@ django-sessionprofile==3.0.0
# via open-api-framework
django-setup-configuration==0.4.0
# via
# mozilla-django-oidc-db
# notifications-api-common
# open-api-framework
# zgw-consumers
Expand Down Expand Up @@ -242,8 +243,10 @@ maykin-2fa==1.0.1
# via open-api-framework
mozilla-django-oidc==4.0.0
# via mozilla-django-oidc-db
mozilla-django-oidc-db==0.19.0
# via open-api-framework
mozilla-django-oidc-db[setup-configuration]==0.21.1
# via
# -r requirements/base.in
# open-api-framework
notifications-api-common[setup-configuration]==0.4.0
# via
# -r requirements/base.in
Expand Down
3 changes: 2 additions & 1 deletion requirements/ci.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -242,6 +242,7 @@ django-sessionprofile==3.0.0
django-setup-configuration==0.4.0
# via
# -r requirements/base.txt
# mozilla-django-oidc-db
# notifications-api-common
# open-api-framework
# zgw-consumers
Expand Down Expand Up @@ -398,7 +399,7 @@ mozilla-django-oidc==4.0.0
# via
# -r requirements/base.txt
# mozilla-django-oidc-db
mozilla-django-oidc-db==0.19.0
mozilla-django-oidc-db[setup-configuration]==0.21.1
# via
# -r requirements/base.txt
# open-api-framework
Expand Down
3 changes: 2 additions & 1 deletion requirements/dev.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -257,6 +257,7 @@ django-sessionprofile==3.0.0
django-setup-configuration==0.4.0
# via
# -r requirements/base.txt
# mozilla-django-oidc-db
# notifications-api-common
# open-api-framework
# zgw-consumers
Expand Down Expand Up @@ -420,7 +421,7 @@ mozilla-django-oidc==4.0.0
# via
# -r requirements/base.txt
# mozilla-django-oidc-db
mozilla-django-oidc-db==0.19.0
mozilla-django-oidc-db[setup-configuration]==0.21.1
# via
# -r requirements/base.txt
# open-api-framework
Expand Down
1 change: 1 addition & 0 deletions src/objects/conf/base.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,4 +87,5 @@
"zgw_consumers.contrib.setup_configuration.steps.ServiceConfigurationStep",
"notifications_api_common.contrib.setup_configuration.steps.NotificationConfigurationStep",
"objects.setup_configuration.steps.objecttypes.ObjectTypesConfigurationStep",
"mozilla_django_oidc_db.setup_configuration.steps.AdminOIDCConfigurationStep",
)
Loading