testing sso in admin

admin/docker/requirements.pip3

@@ -25,4 +25,6 @@ diceware==0.9.6
 python-engineio==3.8.1
 python-socketio==4.1.0
 
-minio==7.0.3
+minio==7.0.3
+
+flask-oidc==1.4.0

admin/src/admin/auth/authentication.py

@@ -1,12 +1,34 @@
 from admin import app
 from flask_login import LoginManager, UserMixin
 
-import os
-
+from flask_login import login_required
+from flask_oidc import OpenIDConnect
 login_manager = LoginManager()
 login_manager.init_app(app)
 login_manager.login_view = "login"
 
+app.config.update({
+    'SECRET_KEY': 'u\x91\xcf\xfa\x0c\xb9\x95\xe3t\xba2K\x7f\xfd\xca\xa3\x9f\x90\x88\xb8\xee\xa4\xd6\xe4',
+    'TESTING': True,
+    'DEBUG': True,
+    'OIDC_CLIENT_SECRETS': 'client_secrets.json',
+    'OIDC_ID_TOKEN_COOKIE_SECURE': False,
+    'OIDC_REQUIRE_VERIFIED_EMAIL': False,
+    'OIDC_VALID_ISSUERS': ['https://sso.santantoni.duckdns.org:8080/auth/realms/master'],
+    'OIDC_OPENID_REALM': 'https://sso.santantoni.duckdns.org/isard-sso-admin/custom_callback',
+    'OVERWRITE_REDIRECT_URI': 'https://sso.santantoni.duckdns.org/isard-sso-admin/custom_callback',
+})
+    # 'OVERWRITE_REDIRECT_URI': 'https://sso.santantoni.duckdns.org/isard-sso-admin/custom_callback',
+        # 'OIDC_CALLBACK_ROUTE': '/isard-sso-admin/custom_callback'
+oidc = OpenIDConnect(app)
+
+import os
+
+# login_manager = LoginManager()
+# login_manager.init_app(app)
+login_manager.login_view = "login"
+
+
 ram_users={
   os.environ["ADMINAPP_USER"]: {
     'id': os.environ["ADMINAPP_USER"],

admin/src/admin/views/MenuViews.py

@@ -17,6 +17,36 @@ from pprint import pprint
 #     close_room, rooms, disconnect, send
 # socketio = SocketIO(app)
 
+# from flask_login import login_required
+# from flask_oidc import OpenIDConnect
+
+from ..auth.authentication import oidc
+
+@app.route('/isard-sso-admin/custom_callback')
+@oidc.custom_callback
+def callback(data):
+    return 'Hello. You submitted %s' % data
+
+@app.route('/isard-sso-admin/private')
+@oidc.require_login
+def hello_me():
+    info = oidc.user_getinfo(['email', 'openid_id'])
+    return ('Hello, %s (%s)! <a href="/">Return</a>' %
+            (info.get('email'), info.get('openid_id')))
+
+
+@app.route('/isard-sso-admin/api')
+@oidc.accept_token(True, ['openid'])
+def hello_api():
+    return json.dumps({'hello': 'Welcome %s' % g.oidc_token_info['sub']})
+
+
+@app.route('/isard-sso-admin/logout')
+def logoutoidc():
+    oidc.logout()
+    return 'Hi, you have been logged out! <a href="/">Return</a>'
+
+
 @app.route('/isard-sso-admin/resync')
 @login_required
 def resync():

admin/src/client_secrets.json

@@ -0,0 +1,13 @@
+{
+    "web": {
+        "auth_uri": "https://sso.santantoni.duckdns.org/auth/realms/master/protocol/openid-connect/auth",
+        "client_id": "adminapp",
+        "client_secret": "8a9e5a2e-3be9-43e3-9c47-1796f0d5ab72",
+        "redirect_uris": [
+            "https://sso.santantoni.duckdns.org/isard-sso-admin/custom_callback"
+        ],
+        "userinfo_uri": "https://sso.santantoni.duckdns.org/auth/realms/master/protocol/openid-connect/userinfo",
+        "token_uri": "https://sso.santantoni.duckdns.org/auth/realms/master/protocol/openid-connect/token",
+        "token_introspection_uri": "https://sso.santantoni.duckdns.org/auth/realms/master/protocol/openid-connect/token/introspect"
+    }
+}

admin/src/start.py

@@ -13,7 +13,10 @@ from admin import app
 
 # from admin.views.Socketio import *
 
+
+
 app.socketio = SocketIO(app)
+
 # app.socketio.init_app(app, cors_allowed_origins="*")
 @app.socketio.on('connect', namespace='/isard-sso-admin/sio')
 def socketio_connect():
@@ -33,4 +36,6 @@ def socketio_domains_disconnect():
     None
 
 if __name__ == '__main__':
-    app.socketio.run(app,host='0.0.0.0', port=9000, debug=False, cors_allowed_origins="*", async_mode="threading") #, logger=logger, engineio_logger=engineio_logger)
+    app.socketio.run(app,host='0.0.0.0', port=9000, debug=False, cors_allowed_origins="*", ssl_context='adhoc', async_mode="threading") #, logger=logger, engineio_logger=engineio_logger)
+
+# /usr/lib/python3.8/site-packages/certifi