work in progress. send user data to identity provider: basic fixes, prepare tests

2025-07-26 17:43:58 +02:00 · 2025-07-26 17:43:58 +02:00 · c23069a3c1
commit c23069a3c1
parent 2698a578df
6 changed files with 11 additions and 5 deletions
--- a/scopes/org/user.py
+++ b/scopes/org/user.py
@ -2,6 +2,7 @@

 """Basic user account (principal) definitions + access to identity provider."""

+from dataclasses import dataclass, field
 from scopes.web import client
 from scopes import util

@ -26,11 +27,12 @@ class ExtUser:

    provider = 'zitatel'
    endpoints = dict(
-            users='v2/users',
+            users='v2/users/human',
    )

-    def __init__(self, user, organization, userId=None, userIdPrefix=''):
+    def __init__(self, user, organization, userId=None, userIdPrefix='', grants=None):
        self.user = user
+        self.grants = grants or []

    def asDict(self):
        return dict(username=self.user.name)
@ -40,4 +42,3 @@ class ExtUser:
        data = self.asDict()
        res = clt.post(config.oidc_provider_endpoints['users'], data)

-   grants: List[str]
--- a/scopes/tests/config.py
+++ b/scopes/tests/config.py
@ -46,6 +46,7 @@ oidc_params = dict(
    op_config_url=oidc_provider + '/.well-known/openid-configuration',
    op_uris=None,
    op_keys=None,
+    op_project_scope='urn:zitadel:iam:org:project:id:zitadel:aud',
    callback_url=getenv('OIDC_CALLBACK_URL', base_url + '/auth/callback'),
    client_id=oidc_client_id,
    principal_prefix=getenv('OIDC_PRINCIPAL_PREFIX', 'loops.'),
--- a/scopes/tests/test_standard.py
+++ b/scopes/tests/test_standard.py
@ -33,6 +33,7 @@ class Test(unittest.TestCase):
    def test_013_web(self):
        tlib_web.test_app(self, config)
        tlib_web.test_auth(self, config)
+        tlib_web.test_user_data(self, config)


 def suite():
--- a/scopes/tests/tlib_web.py
+++ b/scopes/tests/tlib_web.py
@ -40,3 +40,6 @@ def test_auth(self, config):
    uri = config.oidc_params['op_uris']['jwks_uri']
    keys = oidc.loadOidcKeys(uri)
    logger.info('test_auth keys: %s', keys)
+
+def test_user_data(self, config):
+    from scopes.org import user
--- a/scopes/web/auth/oidc.py
+++ b/scopes/web/auth/oidc.py
@ -265,7 +265,7 @@ def authenticateClient(paramsName='oidc_params'):
                         headers=dict(alg='RS256', kid=keyId))
    data = dict(
            grant_type='urn:ietf:params:oauth:grant-type:jwt-bearer',
-            scope=' '.join(('openid', params['op_project_scope']))
+            scope=' '.join(('openid', params['op_project_scope'])),
            assertion=jwToken,
    )
    headers = {'Content-Type': 'application/x-www-form-urlencoded'}
--- a/scopes/web/client.py
+++ b/scopes/web/client.py
@ -14,7 +14,7 @@ class ApiClient:
        self.authToken = None

    def authentication(self):
-        if self.authToken = None:
+        if self.authToken == None:
            self.authToken = oidc.authenticateClient()
        return dict(Authorization=f'Bearer {self.authToken}')