|
| 1 | +# BASE = "https://lingon.ladok.umu.se" |
| 2 | + |
| 3 | +PORT = 8089 |
| 4 | + |
| 5 | +# If PORT and not default port |
| 6 | +BASEURL = "https://localhost:{}".format(PORT) |
| 7 | +# else |
| 8 | +# BASEURL = "https://localhost" |
| 9 | + |
| 10 | +# If BASE is https these has to be specified |
| 11 | +SERVER_CERT = "certs/cert.pem" |
| 12 | +SERVER_KEY = "certs/key.pem" |
| 13 | +CA_BUNDLE = None |
| 14 | + |
| 15 | +VERIFY_SSL = False |
| 16 | + |
| 17 | +KEYDEFS = [ |
| 18 | + {"type": "RSA", "key": '', "use": ["sig"]}, |
| 19 | + {"type": "EC", "crv": "P-256", "use": ["sig"]} |
| 20 | +] |
| 21 | + |
| 22 | +PRIVATE_JWKS_PATH = "jwks_dir/jwks.json" |
| 23 | +PUBLIC_JWKS_PATH = 'static/jwks.json' |
| 24 | +# information used when registering the client, this may be the same for all OPs |
| 25 | + |
| 26 | +SERVICES = ['ProviderInfoDiscovery', 'Registration', 'Authorization', |
| 27 | + 'AccessToken', 'RefreshAccessToken', 'UserInfo'] |
| 28 | + |
| 29 | +SERVICES_DICT = {'accesstoken': {'class': 'oidcservice.oidc.access_token.AccessToken', |
| 30 | + 'kwargs': {}}, |
| 31 | + 'authorization': {'class': 'oidcservice.oidc.authorization.Authorization', |
| 32 | + 'kwargs': {}}, |
| 33 | + 'discovery': {'class': 'oidcservice.oidc.provider_info_discovery.ProviderInfoDiscovery', |
| 34 | + 'kwargs': {}}, |
| 35 | + 'end_session': {'class': 'oidcservice.oidc.end_session.EndSession', |
| 36 | + 'kwargs': {}}, |
| 37 | + 'refresh_accesstoken': {'class': 'oidcservice.oidc.refresh_access_token.RefreshAccessToken', |
| 38 | + 'kwargs': {}}, |
| 39 | + 'registration': {'class': 'oidcservice.oidc.registration.Registration', |
| 40 | + 'kwargs': {}}, |
| 41 | + 'userinfo': {'class': 'oidcservice.oidc.userinfo.UserInfo', 'kwargs': {}}} |
| 42 | + |
| 43 | +CLIENT_PREFS = { |
| 44 | + "application_type": "web", |
| 45 | + "application_name": "rphandler", |
| 46 | + "contacts": ["ops@example.com"], |
| 47 | + "response_types": ["code", "id_token", "id_token token", "code id_token", |
| 48 | + "code id_token token", "code token"], |
| 49 | + "scope": ["openid", "profile", "email", "address", "phone"], |
| 50 | + "token_endpoint_auth_method": "client_secret_basic", |
| 51 | + 'services': SERVICES_DICT |
| 52 | +} |
| 53 | + |
| 54 | +# The keys in this dictionary are the OPs short user friendly name |
| 55 | +# not the issuer (iss) name. |
| 56 | + |
| 57 | +CLIENTS = { |
| 58 | + # The ones that support webfinger, OP discovery and client registration |
| 59 | + # This is the default, any client that is not listed here is expected to |
| 60 | + # support dynamic discovery and registration. |
| 61 | + "": { |
| 62 | + "client_preferences": CLIENT_PREFS, |
| 63 | + "redirect_uris": None, |
| 64 | + "services": { |
| 65 | + 'WebFinger': {}, |
| 66 | + 'ProviderInfoDiscovery': {}, |
| 67 | + 'Registration': {}, |
| 68 | + 'Authorization': {}, |
| 69 | + 'AccessToken': {}, |
| 70 | + 'RefreshAccessToken': {}, |
| 71 | + 'UserInfo': {} |
| 72 | + } |
| 73 | + }, |
| 74 | + 'flop': |
| 75 | + { |
| 76 | + 'client_preferences': CLIENT_PREFS, |
| 77 | + 'issuer': 'https://127.0.0.1:5000/', |
| 78 | + 'redirect_uris': ['https://127.0.0.1:8090/authz_cb/flop'], |
| 79 | + 'services': SERVICES_DICT |
| 80 | + } |
| 81 | +} |
| 82 | + |
| 83 | +# Whether an attempt to fetch the userinfo should be made |
| 84 | +USERINFO = True |
0 commit comments