OIDC is ready? I think?

2025-10-04 00:06:18 +00:00 · 2025-06-29 16:11:05 +08:00
parent 3d75f6bbbd
commit 299d84b16a
51 changed files with 353 additions and 146 deletions
--- a/src/modules/DashboardOIDC.py
+++ b/src/modules/DashboardOIDC.py
@@ -23,6 +23,17 @@ class DashboardOIDC:
                f.write(encoder.encode(self.__default))
        
        self.ReadFile()
+        
+    def GetProviders(self):
+        providers = {}
+        for k in self.providers.keys():
+            if all([self.providers[k]['client_id'], self.providers[k]['client_secret'], self.providers[k]['issuer']]):
+                providers[k] = {
+                    'client_id': self.providers[k]['client_id'],
+                    'issuer': self.providers[k]['issuer'].strip('/')
+                }
+        
+        return providers
    
    def VerifyToken(self, provider, code, redirect_uri):
        if not all([provider, code, redirect_uri]):
@@ -32,7 +43,7 @@ class DashboardOIDC:
            return False, "Provider does not exist"
        
        provider = self.providers.get(provider)
-        oidc_config = requests.get(f"{provider.get('issuer')}.well-known/openid-configuration").json()
+        oidc_config = requests.get(f"{provider.get('issuer').strip('/')}/.well-known/openid-configuration").json()

        data = {
            "grant_type": "authorization_code",
@@ -42,30 +53,24 @@ class DashboardOIDC:
            "client_secret": provider.get('client_secret')
        }

-        tokens = requests.post(oidc_config.get('token_endpoint'), data=data).json()
-
-
+        try:
+            tokens = requests.post(oidc_config.get('token_endpoint'), data=data).json()
+            if not all([tokens.get('access_token'), tokens.get('id_token')]):
+                return False, tokens.get('error_description', None)
+        except Exception as e:
+            return False, str(e)
+        
+    
+        
        id_token = tokens.get('id_token')
-
-
-
-
-
        jwks_uri = oidc_config.get("jwks_uri")
        issuer = oidc_config.get("issuer")
        jwks = requests.get(jwks_uri).json()
-
-        from jose.utils import base64url_decode
-        from jose.backends.cryptography_backend import CryptographyRSAKey
-        
-        # Choose the right key based on `kid` in token header
        headers = jwt.get_unverified_header(id_token)
        kid = headers["kid"]
        
-        # Find the key with the correct `kid`
        key = next(k for k in jwks["keys"] if k["kid"] == kid)
        
-        # Use the key to verify token
        payload = jwt.decode(
            id_token,
            key,
@@ -74,7 +79,7 @@ class DashboardOIDC:
            issuer=issuer
        )
        
-        print(payload)  # This contains the user's claims
+        return True, payload
        
    
    def ReadFile(self):