Convert Usage to Google OIDC
This commit is contained in:
30
.env.example
30
.env.example
@@ -1,30 +0,0 @@
|
|||||||
# Authentik OIDC Settings
|
|
||||||
AUTHENTIK_HOST=https://auth.example.com
|
|
||||||
AUTHENTIK_CLIENT_ID=your-client-id
|
|
||||||
AUTHENTIK_CLIENT_SECRET=your-client-secret
|
|
||||||
|
|
||||||
# Portal Settings
|
|
||||||
PORTAL_SECRET_KEY=your-random-secret-key
|
|
||||||
PORTAL_BASE_URL=https://portal.example.com
|
|
||||||
|
|
||||||
# Site configurations (JSON)
|
|
||||||
SITES='[
|
|
||||||
{
|
|
||||||
"id": "jfmt",
|
|
||||||
"name": "JFMT-PDX",
|
|
||||||
"unifi_host": "https://192.168.1.1",
|
|
||||||
"unifi_api_key": "your-api-key",
|
|
||||||
"unifi_site": "default",
|
|
||||||
"ssid": "jfmt_guest",
|
|
||||||
"default_duration_minutes": 1440
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"id": "jfhr",
|
|
||||||
"name": "JFHR",
|
|
||||||
"unifi_host": "https://192.168.10.1",
|
|
||||||
"unifi_api_key": "your-api-key",
|
|
||||||
"unifi_site": "default",
|
|
||||||
"ssid": "jfhr_guest",
|
|
||||||
"default_duration_minutes": 1440
|
|
||||||
}
|
|
||||||
]'
|
|
||||||
@@ -4,7 +4,7 @@ import logging
|
|||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
SCOPES = "openid email profile attributes"
|
SCOPES = "openid email profile"
|
||||||
|
|
||||||
|
|
||||||
def get_authorization_url(config: AppConfig, state: str) -> str:
|
def get_authorization_url(config: AppConfig, state: str) -> str:
|
||||||
@@ -16,14 +16,14 @@ def get_authorization_url(config: AppConfig, state: str) -> str:
|
|||||||
"state": state,
|
"state": state,
|
||||||
}
|
}
|
||||||
query = "&".join(f"{k}={v}" for k, v in params.items())
|
query = "&".join(f"{k}={v}" for k, v in params.items())
|
||||||
url = f"{config.authentik_host}/application/o/authorize/?{query}"
|
url = f"https://accounts.google.com/o/oauth2/auth?{query}"
|
||||||
logger.info("Authorization URL: %s", url)
|
logger.info("Authorization URL: %s", url)
|
||||||
return url
|
return url
|
||||||
|
|
||||||
async def exchange_code_for_token(config: AppConfig, code: str) -> dict:
|
async def exchange_code_for_token(config: AppConfig, code: str) -> dict:
|
||||||
async with httpx.AsyncClient() as client:
|
async with httpx.AsyncClient() as client:
|
||||||
response = await client.post(
|
response = await client.post(
|
||||||
f"{config.authentik_host}/application/o/token/",
|
f"https://oauth2.googleapis.com/token",
|
||||||
data={
|
data={
|
||||||
"grant_type": "authorization_code",
|
"grant_type": "authorization_code",
|
||||||
"code": code,
|
"code": code,
|
||||||
@@ -39,7 +39,7 @@ async def exchange_code_for_token(config: AppConfig, code: str) -> dict:
|
|||||||
async def get_userinfo(config: AppConfig, access_token: str) -> dict:
|
async def get_userinfo(config: AppConfig, access_token: str) -> dict:
|
||||||
async with httpx.AsyncClient() as client:
|
async with httpx.AsyncClient() as client:
|
||||||
response = await client.get(
|
response = await client.get(
|
||||||
f"{config.authentik_host}/application/o/userinfo/",
|
f"https://www.googleapis.com/oauth2/v1/userinfo?alt=json",
|
||||||
headers={"Authorization": f"Bearer {access_token}"},
|
headers={"Authorization": f"Bearer {access_token}"},
|
||||||
)
|
)
|
||||||
response.raise_for_status()
|
response.raise_for_status()
|
||||||
|
|||||||
Reference in New Issue
Block a user