oidc working again (getting less info to limit cookie size)

2020-07-28 15:09:08 +02:00
parent de398d189a
commit cc334f1727
8 changed files with 40 additions and 18 deletions
--- a/backend/auth/oidc.py
+++ b/backend/auth/oidc.py
@@ -18,7 +18,7 @@ from .oidc_config import PROVIDER_NAME, OIDC_PROVIDERS
 OIDCAuthentication.oidc_auth_orig = OIDCAuthentication.oidc_auth
 OIDCAuthentication.oidc_logout_orig = OIDCAuthentication.oidc_logout

-
+'''
 def oidc_auth_default_provider(self):
    """monkey patch oidc_auth"""
    return self.oidc_auth_orig(PROVIDER_NAME)
@@ -31,6 +31,7 @@ def oidc_logout_default_provider(self):

 OIDCAuthentication.oidc_auth = oidc_auth_default_provider
 OIDCAuthentication.oidc_logout = oidc_logout_default_provider
+'''

 oidc_auth = OIDCAuthentication(OIDC_PROVIDERS)

@@ -40,6 +41,7 @@ def create_or_retrieve_user_from_userinfo(userinfo):
    try:
        email = userinfo["email"]
    except KeyError:
+        app.logger.error("email is missing in OIDC userinfo! Can't create user!")
        return None
    user = User.get_by_identifier(email)

@@ -62,7 +64,7 @@ def create_or_retrieve_user_from_userinfo(userinfo):


@auth_bp.route('/oidc', methods=['GET'])
-@oidc_auth.oidc_auth()
+@oidc_auth.oidc_auth(provider_name=PROVIDER_NAME)
 def oidc():
    user_session = UserSession(flask.session)
    app.logger.info(user_session.userinfo)
@@ -78,8 +80,10 @@ def oidc():


@auth_bp.route('/oidc_logout', methods=['GET'])
+@oidc_auth.oidc_logout
 def oidc_logout():
-    oidc_auth.oidc_logout()
+    # oidc_auth.oidc_logout()
+    app.logger.debug("Logging out current user!")
    return redirect('/')


--- a/backend/auth/oidc_config.py
+++ b/backend/auth/oidc_config.py
@@ -10,6 +10,10 @@ PROVIDER_URL = "https://oidc.scc.kit.edu/auth/realms/kit"
 PROVIDER_NAME = 'kit_oidc'
 PROVIDER_CONFIG = ProviderConfiguration(issuer=PROVIDER_URL,
                                        client_metadata=CLIENT_METADATA,
-                                        auth_request_params={'scope': ['openid', 'email', 'profile']})
+                                        auth_request_params={'scope': ['openid', 'email']}
+                                        # auth_request_params={'scope': ['openid', 'profile']}  # avoid to get profile
+                                        # -> cookie is getting too large
+                                        # auth_request_params={'scope': ['openid', 'email', 'profile']}
+                                        )

 OIDC_PROVIDERS = {PROVIDER_NAME: PROVIDER_CONFIG}