cco/py-scopes
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

work in progress. send user data to identity provider: basic fixes, prepare tests

Browse source
This commit is contained in:
Helmut Merz 2025-07-26 17:43:58 +02:00
parent 2698a578df
commit c23069a3c1
6 changed files with 11 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
scopes/org/user.py
View file

@ -2,6 +2,7 @@
"""Basic user account (principal) definitions + access to identity provider.""" """Basic user account (principal) definitions + access to identity provider."""
from dataclasses import dataclass, field
from scopes.web import client from scopes.web import client
from scopes import util from scopes import util
@ -26,11 +27,12 @@ class ExtUser:
provider = 'zitatel' provider = 'zitatel'
endpoints = dict( endpoints = dict(
users='v2/users', users='v2/users/human',
) )
def __init__(self, user, organization, userId=None, userIdPrefix=''): def __init__(self, user, organization, userId=None, userIdPrefix='', grants=None):
self.user = user self.user = user
self.grants = grants or []
def asDict(self): def asDict(self):
return dict(username=self.user.name) return dict(username=self.user.name)
@ -40,4 +42,3 @@ class ExtUser:
data = self.asDict() data = self.asDict()
res = clt.post(config.oidc_provider_endpoints['users'], data) res = clt.post(config.oidc_provider_endpoints['users'], data)
grants: List[str]

1
scopes/tests/config.py
View file

@ -46,6 +46,7 @@ oidc_params = dict(
op_config_url=oidc_provider + '/.well-known/openid-configuration', op_config_url=oidc_provider + '/.well-known/openid-configuration',
op_uris=None, op_uris=None,
op_keys=None, op_keys=None,
op_project_scope='urn:zitadel:iam:org:project:id:zitadel:aud',
callback_url=getenv('OIDC_CALLBACK_URL', base_url + '/auth/callback'), callback_url=getenv('OIDC_CALLBACK_URL', base_url + '/auth/callback'),
client_id=oidc_client_id, client_id=oidc_client_id,
principal_prefix=getenv('OIDC_PRINCIPAL_PREFIX', 'loops.'), principal_prefix=getenv('OIDC_PRINCIPAL_PREFIX', 'loops.'),

1
scopes/tests/test_standard.py
View file

@ -33,6 +33,7 @@ class Test(unittest.TestCase):
def test_013_web(self): def test_013_web(self):
tlib_web.test_app(self, config) tlib_web.test_app(self, config)
tlib_web.test_auth(self, config) tlib_web.test_auth(self, config)
tlib_web.test_user_data(self, config)
def suite(): def suite():

3
scopes/tests/tlib_web.py
View file

@ -40,3 +40,6 @@ def test_auth(self, config):
uri = config.oidc_params['op_uris']['jwks_uri'] uri = config.oidc_params['op_uris']['jwks_uri']
keys = oidc.loadOidcKeys(uri) keys = oidc.loadOidcKeys(uri)
logger.info('test_auth keys: %s', keys) logger.info('test_auth keys: %s', keys)
def test_user_data(self, config):
from scopes.org import user

2
scopes/web/auth/oidc.py
View file

@ -265,7 +265,7 @@ def authenticateClient(paramsName='oidc_params'):
headers=dict(alg='RS256', kid=keyId)) headers=dict(alg='RS256', kid=keyId))
data = dict( data = dict(
grant_type='urn:ietf:params:oauth:grant-type:jwt-bearer', grant_type='urn:ietf:params:oauth:grant-type:jwt-bearer',
scope=' '.join(('openid', params['op_project_scope'])) scope=' '.join(('openid', params['op_project_scope'])),
assertion=jwToken, assertion=jwToken,
) )
headers = {'Content-Type': 'application/x-www-form-urlencoded'} headers = {'Content-Type': 'application/x-www-form-urlencoded'}

2
scopes/web/client.py
View file

@ -14,7 +14,7 @@ class ApiClient:
self.authToken = None self.authToken = None
def authentication(self): def authentication(self):
if self.authToken = None: if self.authToken == None:
self.authToken = oidc.authenticateClient() self.authToken = oidc.authenticateClient()
return dict(Authorization=f'Bearer {self.authToken}') return dict(Authorization=f'Bearer {self.authToken}')