providers/oauth2: add ACR support
This commit is contained in:
parent
43bb29e16a
commit
6c8e9fb553
|
@ -17,3 +17,5 @@ SCOPE_GITHUB_USER_READ = "read:user"
|
|||
SCOPE_GITHUB_USER_EMAIL = "user:email"
|
||||
# Read info about teams
|
||||
SCOPE_GITHUB_ORG_READ = "read:org"
|
||||
|
||||
ACR_AUTHENTIK_DEFAULT = "goauthentik.io/providers/oauth2/default"
|
||||
|
|
|
@ -27,6 +27,7 @@ from authentik.events.utils import get_user
|
|||
from authentik.lib.utils.template import render_to_string
|
||||
from authentik.lib.utils.time import timedelta_from_string, timedelta_string_validator
|
||||
from authentik.providers.oauth2.apps import AuthentikProviderOAuth2Config
|
||||
from authentik.providers.oauth2.constants import ACR_AUTHENTIK_DEFAULT
|
||||
from authentik.providers.oauth2.generators import (
|
||||
generate_client_id,
|
||||
generate_client_secret,
|
||||
|
@ -392,6 +393,7 @@ class IDToken:
|
|||
exp: Optional[int] = None
|
||||
iat: Optional[int] = None
|
||||
auth_time: Optional[int] = None
|
||||
acr: Optional[str] = ACR_AUTHENTIK_DEFAULT
|
||||
|
||||
nonce: Optional[str] = None
|
||||
at_hash: Optional[str] = None
|
||||
|
|
|
@ -135,6 +135,7 @@ class OAuthAuthorizationParams:
|
|||
code_challenge_method=query_dict.get("code_challenge_method"),
|
||||
)
|
||||
|
||||
# pylint: disable=too-many-branches
|
||||
def __post_init__(self):
|
||||
try:
|
||||
self.provider: OAuth2Provider = OAuth2Provider.objects.get(
|
||||
|
|
|
@ -7,6 +7,7 @@ from django.views import View
|
|||
from structlog import get_logger
|
||||
|
||||
from authentik.core.models import Application
|
||||
from authentik.providers.oauth2.constants import ACR_AUTHENTIK_DEFAULT
|
||||
from authentik.providers.oauth2.models import OAuth2Provider
|
||||
|
||||
LOGGER = get_logger()
|
||||
|
@ -54,6 +55,7 @@ class ProviderInfoView(View):
|
|||
"client_secret_post",
|
||||
"client_secret_basic",
|
||||
],
|
||||
"acr_values_supported": [ACR_AUTHENTIK_DEFAULT],
|
||||
}
|
||||
|
||||
# pylint: disable=unused-argument
|
||||
|
|
Reference in a new issue