Move back to AuthSCH

b6ba4c16 · Pomucz Tamás András · 09a85e9d · b6ba4c16 · b6ba4c16 · b6ba4c16
Commit b6ba4c16 authored 1 month ago by Pomucz Tamás András
--- a/k8s/templates/backend.yaml
+++ b/k8s/templates/backend.yaml
@@ -172,14 +172,14 @@ data:

  MINIO_STATIC_BUCKET: "kepzes-static"
  MINIO_MEDIA_BUCKET: "kepzes-media"
-  CSRF_TRUSTED_ORIGINS: {{ printf "https://%s" .Values.url }}
-  SECRET_KEY: {{ .Values.backend.secretKey }}
-  OIDC_CLIENT_ID: {{ .Values.backend.oidc.OIDC_CLIENT_ID }}
-  OIDC_AUTHORIZATION_ENDPOINT: {{ .Values.backend.oidc.OIDC_AUTHORIZATION_ENDPOINT }}
-  OIDC_TOKEN_ENDPOINT: {{ .Values.backend.oidc.OIDC_TOKEN_ENDPOINT }}
-  OIDC_USERINFO_ENDPOINT: {{ .Values.backend.oidc.OIDC_USERINFO_ENDPOINT }}
-  OIDC_JWKS_ENDPOINT: {{ .Values.backend.oidc.OIDC_JWKS_ENDPOINT }}
-  OIDC_SIGN_ALGO: {{ .Values.backend.oidc.OIDC_SIGN_ALGO }}
+  CSRF_TRUSTED_ORIGINS: {{ printf "https://%s" .Values.url | quote }}
+  SECRET_KEY: {{ .Values.backend.secretKey | quote }}
+  OIDC_CLIENT_ID: {{ .Values.backend.oidc.OIDC_CLIENT_ID | quote }}
+  OIDC_AUTHORIZATION_ENDPOINT: {{ .Values.backend.oidc.OIDC_AUTHORIZATION_ENDPOINT | quote }}
+  OIDC_TOKEN_ENDPOINT: {{ .Values.backend.oidc.OIDC_TOKEN_ENDPOINT | quote }}
+  OIDC_USERINFO_ENDPOINT: {{ .Values.backend.oidc.OIDC_USERINFO_ENDPOINT | quote }}
+  OIDC_JWKS_ENDPOINT: {{ .Values.backend.oidc.OIDC_JWKS_ENDPOINT | quote }}
+  OIDC_SIGN_ALGO: {{ .Values.backend.oidc.OIDC_SIGN_ALGO | quote }}
 ---
 apiVersion: v1
 kind: Secret

--- a/k8s/values.yaml
+++ b/k8s/values.yaml
@@ -8,10 +8,10 @@ backend:
  oidc:
    OIDC_CLIENT_ID: "${OIDC_CLIENT_ID}"
    OIDC_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}"
-    OIDC_AUTHORIZATION_ENDPOINT: "https://login.microsoftonline.com/79f0ae63-ef51-49f5-9f51-78a3346e1507/oauth2/v2.0/authorize"
-    OIDC_TOKEN_ENDPOINT: "https://login.microsoftonline.com/79f0ae63-ef51-49f5-9f51-78a3346e1507/oauth2/v2.0/token"
-    OIDC_USERINFO_ENDPOINT: "https://graph.microsoft.com/oidc/userinfo"
-    OIDC_JWKS_ENDPOINT: "https://login.microsoftonline.com/79f0ae63-ef51-49f5-9f51-78a3346e1507/discovery/v2.0/keys"
+    OIDC_AUTHORIZATION_ENDPOINT: "https://auth.sch.bme.hu/site/login"
+    OIDC_TOKEN_ENDPOINT: "https://auth.sch.bme.hu/oauth2/token"
+    OIDC_USERINFO_ENDPOINT: "https://auth.sch.bme.hu/oidc/userinfo"
+    OIDC_JWKS_ENDPOINT: "https://auth.sch.bme.hu/oidc/jwks"
    OIDC_SIGN_ALGO: "RS256"

 frontend: # The frontend is deployed by the CI in the frontend repo, but this chart can also deploy it if needed

--- a/src/kszkepzes/settings/base.py
+++ b/src/kszkepzes/settings/base.py
@@ -154,6 +154,8 @@ OIDC_OP_TOKEN_ENDPOINT = os.environ.get('OIDC_TOKEN_ENDPOINT')
 OIDC_OP_USER_ENDPOINT = os.environ.get('OIDC_USERINFO_ENDPOINT')
 OIDC_OP_JWKS_ENDPOINT = os.environ.get('OIDC_JWKS_ENDPOINT')
 OIDC_RP_SIGN_ALGO = os.environ.get('OIDC_SIGN_ALGO', 'RS256')
+OIDC_RP_SCOPES = os.environ.get('OIDC_RP_SCOPES', 'openid email profile offline_access')
+OIDC_VERIFY_KID = "False"
 OIDC_EXEMPT_URLS = ["/healthz/", "/admin/", "/oidc/"]
 LOGIN_REDIRECT_URL = "/"
 LOGOUT_REDIRECT_URL = "/"