work in progress: oidc auth - redirect to oidc provider OK, start processing callback

demo/config.py

@@ -20,5 +20,7 @@ dbschema = getenv('DBSCHEMA', 'demo')
 
 # authentication settings
 oidc_params = dict(
-    clientid=getenv('OIDC_CLIENTID', '311613119816392525')
+    provider_url=getenv('OIDC_PROVIDER_URL', 'https://a1.cy7.de/oauth/v2/authorize'),
+    client_id=getenv('OIDC_CLIENT_ID', '311613119816392525'),
+    callback_url=getenv('OIDC_CALLBACK_URL', 'https://demo.cy7.de/auth/callback'),
 )

scopes/server/app.py

@@ -1,5 +1,7 @@
 # scopes.server.app
 
+from zope.i18n.interfaces import IUserPreferredCharsets
+from zope.interface import implementer
 from zope.publisher.base import DefaultPublication
 from zope.publisher.browser import BrowserRequest
 from zope.publisher.interfaces import NotFound
@@ -11,12 +13,19 @@ import scopes.storage.concept # register container classes
 from scopes.storage.folder import Root
 
 
+@implementer(IUserPreferredCharsets)
+class Request(BrowserRequest):
+    def getPreferredCharsets(self):
+        return ['UTF-8']
+
+
 def zope_app_factory(config):
     storageFactory = config.StorageFactory(config)
     def zope_app(environ, start_response):
         storage = storageFactory(config.dbschema)
         appRoot = Root(storage)
-        request = BrowserRequest(environ['wsgi.input'], environ)
+        #request = BrowserRequest(environ['wsgi.input'], environ)
+        request = Request(environ['wsgi.input'], environ)
         request.setPublication(Publication(appRoot))
         request = publish(request, True)
         response = request.response

scopes/server/auth.py

@@ -1,5 +1,8 @@
 # scopes.server.auth
 
+from oic import oic, rndstr
+from oic.oic.message import AuthorizationResponse
+
 from zope.authentication.interfaces import IAuthentication
 from zope.interface import implementer
 from zope.publisher.interfaces import Unauthorized
@@ -56,7 +59,27 @@ class Authenticator(DummyFolder):
     def login(self, request):
         params = config.oidc_params
         print('*** login', self, request.getTraversalStack(), request['PATH_INFO'])
-        print('***', dir(request))
+        #print('***', dir(request))
+        client = oic.Client()
+        #providerInfo = client.provider_config(params['provider_url'])
+        #print('***', providerInfo)
+        #client.register(providerInfo['registration_endpoint'], application_type='web')
+        requestArgs = dict(
+                client_id=params['client_id'],
+                response_type='code', # 'code id_token token',
+                state=rndstr(), nonce=rndstr(),
+                scope=['openid', 'profile'],
+                redirect_uri=params['callback_url'],
+        )
+        authReq = client.construct_AuthorizationRequest(request_args=requestArgs)
+        #loginUrl = authReq.request(client.authorization_endpoint)
+        loginUrl = authReq.request(params['provider_url'])
+        print('***', loginUrl)
+        request.response.redirect(loginUrl, trusted=True)
+
+    def callback(self, request):
+        print('*** callback', self, request.form)
+        code = request.form['code']
 
 
 @register('auth', Root)
@@ -70,11 +93,11 @@ def login(context, request):
     return DefaultView(context, request)
 
 @register('callback', Authenticator)
-def login(context, request):
-    print('*** callback', context, request['PATH_INFO'], request.getTraversalStack())
+def callback(context, request):
+    context.callback(request)
     return DefaultView(context, request)
 
 @register('logout', Authenticator)
-def login(context, request):
+def logout(context, request):
     print('*** logout', context, request['PATH_INFO'], request.getTraversalStack())
     return DefaultView(context, request)