oicd now working

auth/__init__.py

@@ -12,10 +12,9 @@ from werkzeug.routing import BuildError
 auth_bp = Blueprint('auth', __name__, url_prefix='/auth', template_folder='templates')
 
 from backend.auth.config import AUTH_PROVIDERS, DEFAULT_PROVIDER
-from backend.auth.oidc import OIDCAuthentication
 from backend.auth.oidc_config import OIDC_PROVIDERS
 
-oidc_auth = OIDCAuthentication(OIDC_PROVIDERS)
+from backend.auth.oidc import oidc_auth
 
 from .basic_auth import *
 

auth/oidc.py

@@ -8,7 +8,9 @@ from flask import jsonify
 from flask_pyoidc.flask_pyoidc import OIDCAuthentication
 from flask_pyoidc.user_session import UserSession
 
-from .import auth_bp
+from backend import app
+from backend.models.user_model import User
+from . import auth_bp
 from .oidc_config import PROVIDER_NAME, OIDC_PROVIDERS
 
 
@@ -21,12 +23,29 @@ OIDCAuthentication.oidc_auth = oidc_auth_default_provider
 
 oidc_auth = OIDCAuthentication(OIDC_PROVIDERS)
 
-@auth_bp.route('/oidc', methods=['GET', 'POST'])
+
+def create_or_retrieve_user_from_userinfo(userinfo):
+    try:
+        email = userinfo["email"]
+    except KeyError:
+        return None
+    user = User.get_by_identifier(email)
+
+    if user is not None:
+        app.logger("user found")
+        return user
+
+    user = User(email=email, first_name=userinfo.get("given_name", ""),
+                last_name=userinfo.get("family_name", ""))
+
+
+
+@auth_bp.route('/oidc', methods=['GET'])
 @oidc_auth.oidc_auth()
 def oidc():
-    pass
     user_session = UserSession(flask.session)
-    access_token = user_session.access_token
-    
+    create_or_retrieve_user_from_userinfo(user_session.userinfo)
     #login_user(user)
-    return jsonify(id_token=flask.session['id_token'], access_token=flask.session['access_token'])
+    return jsonify(id_token=user_session.id_token,
+                   access_token=flask.session['access_token'],
+                   userinfo=user_session.userinfo)

auth/oidc_config.py

@@ -9,6 +9,7 @@ CLIENT_METADATA = ClientMetadata(REG_RESPONSE_CLIENT_ID, REG_RESPONSE_CLIENT_SEC
 PROVIDER_URL = "https://oidc.scc.kit.edu/auth/realms/kit"
 PROVIDER_NAME = 'kit_oidc'
 PROVIDER_CONFIG = ProviderConfiguration(issuer=PROVIDER_URL,
-                                        client_metadata=CLIENT_METADATA)
+                                        client_metadata=CLIENT_METADATA,
+                                        auth_request_params={'scope': ['openid', 'email', 'profile']})
 
 OIDC_PROVIDERS = {PROVIDER_NAME: PROVIDER_CONFIG}