providers/oauth2: make iss field configurable

This commit is contained in:
Jens Langhammer 2020-12-27 14:54:27 +01:00
parent dff5eb69c8
commit 55322995a1
5 changed files with 58 additions and 3 deletions

View file

@ -27,6 +27,7 @@ class OAuth2ProviderSerializer(ModelSerializer, MetaNameSerializer):
"redirect_uris",
"sub_mode",
"property_mappings",
"issuer_mode",
"verbose_name",
"verbose_name_plural",
]

View file

@ -53,14 +53,15 @@ class OAuth2ProviderForm(forms.ModelForm):
"client_type",
"client_id",
"client_secret",
"response_type",
"token_validity",
"include_claims_in_id_token",
"jwt_alg",
"response_type",
"property_mappings",
"rsa_key",
"redirect_uris",
"sub_mode",
"property_mappings",
"include_claims_in_id_token",
"issuer_mode",
]
widgets = {
"name": forms.TextInput(),

View file

@ -0,0 +1,28 @@
# Generated by Django 3.1.4 on 2020-12-27 13:54
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("authentik_providers_oauth2", "0007_auto_20201016_1107"),
]
operations = [
migrations.AddField(
model_name="oauth2provider",
name="issuer_mode",
field=models.TextField(
choices=[
("global", "Same identifier is used for all providers"),
(
"per_provider",
"Each provider has a different issuer, based on the application slug.",
),
],
default="per_provider",
help_text="Configure how the issuer field of the ID Token should be filled.",
),
),
]

View file

@ -70,6 +70,15 @@ class SubModes(models.TextChoices):
)
class IssuerMode(models.TextChoices):
"""Configure how the `iss` field is created."""
GLOBAL = "global", _("Same identifier is used for all providers")
PER_PROVIDER = "per_provider", _(
"Each provider has a different issuer, based on the application slug."
)
class ResponseTypes(models.TextChoices):
"""Response Type required by the client."""
@ -193,6 +202,13 @@ class OAuth2Provider(Provider):
)
),
)
issuer_mode = models.TextField(
choices=IssuerMode.choices,
default=IssuerMode.PER_PROVIDER,
help_text=_(
("Configure how the issuer field of the ID Token should be filled.")
),
)
rsa_key = models.ForeignKey(
CertificateKeyPair,
@ -254,6 +270,8 @@ class OAuth2Provider(Provider):
def get_issuer(self, request: HttpRequest) -> Optional[str]:
"""Get issuer, based on request"""
if self.issuer_mode == IssuerMode.GLOBAL:
return request.build_absolute_uri("/")
try:
mountpoint = AuthentikProviderOAuth2Config.mountpoints[
"authentik.providers.oauth2.urls"

View file

@ -7887,6 +7887,13 @@ definitions:
type: string
format: uuid
uniqueItems: true
issuer_mode:
title: Issuer mode
description: Configure how the issuer field of the ID Token should be filled.
type: string
enum:
- global
- per_provider
verbose_name:
title: Verbose name
type: string