➕(backend) add django-lasuite dependency

Use the OIDC backend from the new library and add settings to setup OIDC token storage required for later calls to OIDC Resource Servers.
2025-01-27 15:21:39 +01:00
parent df173c3ce6
commit 2557c6bc77
13 changed files with 126 additions and 609 deletions
--- a/docs/env.md
+++ b/docs/env.md
@@ -78,8 +78,8 @@ These are the environmental variables you can set for the impress-backend contai
 | OIDC_FALLBACK_TO_EMAIL_FOR_IDENTIFICATION       | faillback to email for identification                                                         | true                                                    |
 | OIDC_ALLOW_DUPLICATE_EMAILS                     | Allow dupplicate emails                                                                       | false                                                   |
 | USER_OIDC_ESSENTIAL_CLAIMS                      | essential claims in OIDC token                                                                | []                                                      |
-| USER_OIDC_FIELDS_TO_FULLNAME                    | OIDC token claims to create full name                                                         | ["first_name", "last_name"]                             |
-| USER_OIDC_FIELD_TO_SHORTNAME                    | OIDC token claims to create shortname                                                         | first_name                                              |
+| OIDC_USERINFO_FULLNAME_FIELDS                   | OIDC token claims to create full name                                                         | ["first_name", "last_name"]                             |
+| OIDC_USERINFO_SHORTNAME_FIELD                   | OIDC token claims to create shortname                                                         | first_name                                              |
 | ALLOW_LOGOUT_GET_METHOD                         | Allow get logout method                                                                       | true                                                    |
 | AI_API_KEY                                      | AI key to be used for AI Base url                                                             |                                                         |
 | AI_BASE_URL                                     | OpenAI compatible AI base url                                                                 |                                                         |
--- a/docs/examples/impress.values.yaml
+++ b/docs/examples/impress.values.yaml
@@ -33,8 +33,8 @@ backend:
    OIDC_RP_SIGN_ALGO: RS256
    OIDC_RP_SCOPES: "openid email"
    OIDC_VERIFY_SSL: False
-    USER_OIDC_FIELD_TO_SHORTNAME: "given_name"
-    USER_OIDC_FIELDS_TO_FULLNAME: "given_name,usual_name"
+    OIDC_USERINFO_SHORTNAME_FIELD: "given_name"
+    OIDC_USERINFO_FULLNAME_FIELDS: "given_name,usual_name"
    OIDC_REDIRECT_ALLOWED_HOSTS: https://impress.127.0.0.1.nip.io
    OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
    LOGIN_REDIRECT_URL: https://impress.127.0.0.1.nip.io