studio/sbbb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(lasuite): configure people for Production Django settings and correct OIDC redirect URI

Browse Source 
- oidc-clients.yaml: change people redirect URI from /oidc/callback/ to
  /api/v1.0/callback/ (the actual path the Django app registers)
- people-values.yaml: set DJANGO_CONFIGURATION=Production so Django trusts
  X-Forwarded-Proto from Pingora and generates https:// URLs; add
  ALLOWED_HOSTS and DJANGO_CSRF_TRUSTED_ORIGINS for the people subdomain
This commit is contained in:
Sienna Meridian Satterwhite
2026-03-03 02:01:31 +00:00
parent 419a45b3a7
commit 9092e2711b
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
base/lasuite/oidc-clients.yaml
View File

@@ -119,7 +119,7 @@ spec:
- code - code
scope: openid email profile scope: openid email profile
redirectUris: redirectUris:
- https://people.DOMAIN_SUFFIX/oidc/callback/ - https://people.DOMAIN_SUFFIX/api/v1.0/callback/
tokenEndpointAuthMethod: client_secret_basic tokenEndpointAuthMethod: client_secret_basic
secretName: oidc-people secretName: oidc-people
skipConsent: true skipConsent: true

5
base/lasuite/people-values.yaml
View File

@@ -118,6 +118,11 @@ backend:
secretKeyRef: secretKeyRef:
name: people-django-secret name: people-django-secret
key: DJANGO_SECRET_KEY key: DJANGO_SECRET_KEY
# Production settings class enables SECURE_PROXY_SSL_HEADER so Django builds
# https:// URLs when Pingora forwards X-Forwarded-Proto: https.
DJANGO_CONFIGURATION: Production
# Production's ALLOWED_HOSTS reads ALLOWED_HOSTS (no DJANGO_ prefix).
ALLOWED_HOSTS: people.DOMAIN_SUFFIX
DJANGO_ALLOWED_HOSTS: people.DOMAIN_SUFFIX DJANGO_ALLOWED_HOSTS: people.DOMAIN_SUFFIX
DJANGO_CSRF_TRUSTED_ORIGINS: https://people.DOMAIN_SUFFIX DJANGO_CSRF_TRUSTED_ORIGINS: https://people.DOMAIN_SUFFIX