Convert Usage to Google OIDC

This commit is contained in:
2026-07-03 15:17:00 +00:00
parent b6c98a3090
commit 183f9d5fec
3 changed files with 5 additions and 35 deletions

View File

@@ -1,30 +0,0 @@
# Authentik OIDC Settings
AUTHENTIK_HOST=https://auth.example.com
AUTHENTIK_CLIENT_ID=your-client-id
AUTHENTIK_CLIENT_SECRET=your-client-secret
# Portal Settings
PORTAL_SECRET_KEY=your-random-secret-key
PORTAL_BASE_URL=https://portal.example.com
# Site configurations (JSON)
SITES='[
{
"id": "jfmt",
"name": "JFMT-PDX",
"unifi_host": "https://192.168.1.1",
"unifi_api_key": "your-api-key",
"unifi_site": "default",
"ssid": "jfmt_guest",
"default_duration_minutes": 1440
},
{
"id": "jfhr",
"name": "JFHR",
"unifi_host": "https://192.168.10.1",
"unifi_api_key": "your-api-key",
"unifi_site": "default",
"ssid": "jfhr_guest",
"default_duration_minutes": 1440
}
]'

View File

@@ -4,7 +4,7 @@ import logging
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
SCOPES = "openid email profile attributes" SCOPES = "openid email profile"
def get_authorization_url(config: AppConfig, state: str) -> str: def get_authorization_url(config: AppConfig, state: str) -> str:
@@ -16,14 +16,14 @@ def get_authorization_url(config: AppConfig, state: str) -> str:
"state": state, "state": state,
} }
query = "&".join(f"{k}={v}" for k, v in params.items()) query = "&".join(f"{k}={v}" for k, v in params.items())
url = f"{config.authentik_host}/application/o/authorize/?{query}" url = f"https://accounts.google.com/o/oauth2/auth?{query}"
logger.info("Authorization URL: %s", url) logger.info("Authorization URL: %s", url)
return url return url
async def exchange_code_for_token(config: AppConfig, code: str) -> dict: async def exchange_code_for_token(config: AppConfig, code: str) -> dict:
async with httpx.AsyncClient() as client: async with httpx.AsyncClient() as client:
response = await client.post( response = await client.post(
f"{config.authentik_host}/application/o/token/", f"https://oauth2.googleapis.com/token",
data={ data={
"grant_type": "authorization_code", "grant_type": "authorization_code",
"code": code, "code": code,
@@ -39,7 +39,7 @@ async def exchange_code_for_token(config: AppConfig, code: str) -> dict:
async def get_userinfo(config: AppConfig, access_token: str) -> dict: async def get_userinfo(config: AppConfig, access_token: str) -> dict:
async with httpx.AsyncClient() as client: async with httpx.AsyncClient() as client:
response = await client.get( response = await client.get(
f"{config.authentik_host}/application/o/userinfo/", f"https://www.googleapis.com/oauth2/v1/userinfo?alt=json",
headers={"Authorization": f"Bearer {access_token}"}, headers={"Authorization": f"Bearer {access_token}"},
) )
response.raise_for_status() response.raise_for_status()