Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add OIDC_CLIENT_SECRET and other changes for v2 #4254

Merged
merged 27 commits into from
Oct 5, 2024
Merged
Changes from 1 commit
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
c9723eb
initial impl
cmintey May 3, 2024
e76b1fe
working implementation
cmintey Aug 13, 2024
a5f387a
refine implementation
cmintey Sep 10, 2024
06ae181
hide client secret from logging and set session secret
cmintey Sep 10, 2024
1867194
allow admin users to sign in without the users group
cmintey Sep 14, 2024
26c3775
update docs
cmintey Sep 14, 2024
7832e19
execute callback earlier and reset url on failure
cmintey Sep 14, 2024
21bc5b7
remove oidc api
cmintey Sep 14, 2024
d33f153
add claims check and remove async from authenticate method
cmintey Sep 14, 2024
46e5808
add unit tests
cmintey Sep 14, 2024
4cd3345
exclude session secret from logs
cmintey Sep 21, 2024
08a9c79
enable PKCE
cmintey Sep 21, 2024
46fa494
update auth config
cmintey Sep 23, 2024
45935cc
only go to direct login on failure or user logout action
cmintey Sep 23, 2024
c9adc6b
fix group claims requirements
cmintey Sep 23, 2024
f30b900
update api docs
cmintey Sep 23, 2024
feddea6
update e2e docker
cmintey Sep 23, 2024
f48a91d
update lock file
cmintey Sep 23, 2024
30c6c06
set secure cookie
cmintey Sep 23, 2024
c13cc71
fix test
cmintey Sep 23, 2024
a7938e2
Merge remote-tracking branch 'upstream/mealie-next' into server-side-…
cmintey Oct 1, 2024
c51b72e
update lock file and api docs
cmintey Oct 1, 2024
b9fc128
fix doc links
cmintey Oct 3, 2024
c82f30d
Merge remote-tracking branch 'upstream/mealie-next' into server-side-…
cmintey Oct 3, 2024
0dc2249
remove unused env var for signing algorithm
cmintey Oct 3, 2024
962e629
fallback to OIDC_USER_CLAIM for username creation
cmintey Oct 3, 2024
ac47712
Merge branch 'mealie-next' into server-side-oidc
boc-the-git Oct 5, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fallback to OIDC_USER_CLAIM for username creation
cmintey committed Oct 3, 2024
commit 962e629de897e40bb19da2790742eed92acc67cb
7 changes: 5 additions & 2 deletions mealie/core/security/providers/openid_provider.py
Original file line number Diff line number Diff line change
@@ -61,9 +61,12 @@ def authenticate(self) -> tuple[str, timedelta] | None:
self._logger.debug("[OIDC] No user found. Creating new OIDC user.")

try:
# some IdPs don't provide a username (looking at you Google), so if we don't have the claim,
# we'll create the user with whatever the USER_CLAIM is (default email)
username = claims.get("preferred_username", claims.get(settings.OIDC_USER_CLAIM))
user = repos.users.create(
{
"username": claims.get("preferred_username"),
"username": username,
"password": "OIDC",
"full_name": claims.get("name"),
"email": claims.get("email"),
@@ -93,7 +96,7 @@ def authenticate(self) -> tuple[str, timedelta] | None:
def required_claims(self):
settings = get_app_settings()

claims = {"preferred_username", "name", "email", settings.OIDC_USER_CLAIM}
claims = {"name", "email", settings.OIDC_USER_CLAIM}
if settings.OIDC_REQUIRES_GROUP_CLAIM:
claims.add(settings.OIDC_GROUPS_CLAIM)
return claims