adding oauth_sign_algo and oauth_jwks_url for OpenID Connect #168

proycon · Feb 18, 2021 · c8a876f · c8a876f
1 parent 91b6d64
commit c8a876f
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 1 deletion.
diff --git a/bootstrap.sh b/bootstrap.sh
@@ -1434,7 +1434,10 @@ oauth_auth_url: \"\" #something like https://your-identity-provider/oauth/authen
 oauth_token_url: \"\" #something like https://your-identity-provider/oauth/token
 oauth_userinfo_url: \"\" #something like https://your-identity-provider/oauth/userinfo
 oauth_revoke_url: \"\" #(optional) something like https://your-identity-provider/oauth/revoke
-oauth_scope: [] #Set this to [ \"openid\", \"email\" ] if you want to use OpenID Connect" >> $STAGEDCONFIG
+oauth_scope: [] #Set this to [ \"openid\", \"email\" ] if you want to use OpenID Connect
+oauth_sign_algo: \"\" #(optional) You can set this to RS256 or HS256, for OpenID Connect
+oauth_jwks_url: \"\" #(optional) something like https://your-identity-provider/oauth/jwks , may be needed for OpenID Connect
+" >> $STAGEDCONFIG
 if [[ $OS == "mac" ]] || [[ "$FLAVOUR" == "remote" ]]; then
     echo "lab: false #Enable Jupyter Lab environment, note that this opens the system to arbitrary code execution and file system access! (provided the below password is known)" >> $STAGEDCONFIG
 else

diff --git a/roles/lamachine-core/defaults/main.yml b/roles/lamachine-core/defaults/main.yml
@@ -41,6 +41,8 @@ oauth_auth_url: "" #something like https://your-identity-provider/oauth/authenti
 oauth_token_url: "" #something like https://your-identity-provider/oauth/token
 oauth_userinfo_url: "" #something like https://your-identity-provider/oauth/userinfo
 oauth_revoke_url: "" #(optional) something like https://your-identity-provider/oauth/revoke
+oauth_sign_algo: "" #(optional) You can set this to RS256 or HS256, for OpenID Connect
+oauth_jwks_url: "" #(optional) something like https://your-identity-provider/oauth/jwks , may be needed for OpenID Connect
 oauth_scope: [] #Set this to [ "openid", "email" ] if you want to use OpenID Connect
 ssh_key_filename: "id_rsa"
 ssh_public_key: "" #ssh public key

diff --git a/roles/languagemachines-python/templates/flat_settings.py b/roles/languagemachines-python/templates/flat_settings.py
@@ -312,6 +312,14 @@
 OIDC_OP_AUTHORIZATION_ENDPOINT = "{{ oauth_auth_url }}"
 OIDC_OP_TOKEN_ENDPOINT = "{{ oauth_token_url }}"
 OIDC_OP_USER_ENDPOINT = "{{ oauth_userinfo_url }}"
+
+{% if oauth_sign_algo %}
+OIDC_RP_SIGN_ALGO = "{{ oauth_sign_algo }}" #should be HS256 or RS256
+{% endif %}
+{% if oauth_jwks_url %}
+OIDC_OP_JWKS_ENDPOINT = "{{ oauth_jwks_url }}"
+{% endif %}
+
 {% else %}
 OIDC = False
 {% endif %}