change flask oidc package and adjusted code & config accordingly to f…

…ree up package requirments / allow newer versions
lzuba · Oct 9, 2023 · 96d88aa · 96d88aa
1 parent 9ebf7e4
commit 96d88aa
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 14 deletions.
diff --git a/app/starter.py b/app/starter.py
@@ -1,8 +1,8 @@
 #!/PATH/TO/YOUR/PYTHON3
 import functools
 import os, logging, Controller, sys, base64, customSessionInterface
-from flask_oidc_ex import OpenIDConnect
-from flask import Flask, request, jsonify, make_response, send_from_directory, render_template, Response
+from flask_oidc import OpenIDConnect
+from flask import Flask, request, jsonify, make_response, send_from_directory, render_template, Response, session
 import flask_wtf.csrf
 from cheroot.wsgi import Server as WSGIServer, PathInfoDispatcher
 from markupsafe import Markup
@@ -21,7 +21,6 @@
             "OIDC_COOKIE_SECURE": True,
             "OIDC_CLIENT_SECRETS": "app/secrets.json",
             "OIDC_ID_TOKEN_COOKIE_SECURE": True,
-            "OIDC_REQUIRE_VERIFIED_EMAIL": True,
             "OIDC_CLOCK_SKEW": 3600,
             "OVERWRITE_REDIRECT_URI": f"https://mlaps.{companyName}.com/oidc_callback",
             "OIDC_RESOURCE_SERVER_VALIDATION_MODE": "online",
@@ -42,10 +41,9 @@
 
     def get_oidc_user_info() -> dict:
         if oidc.user_loggedin:
-            info = oidc.user_getinfo(["groups", "preferred_username", "email"])
-            username = info.get("preferred_username")
-            email = info.get("email")
-            groups = info.get("groups")
+            username = session['oidc_auth_profile']["preferred_username"]
+            email = session['oidc_auth_profile']["email"]
+            groups = session['oidc_auth_profile']["groups"]
             return {"username": username, "email": email, "groups": groups}
         else:
             return None

diff --git a/docker/keycloak/dev.json b/docker/keycloak/dev.json
@@ -504,16 +504,16 @@
   }, {
     "id" : "82e2618a-7b8b-44aa-904b-c8e31990f404",
     "clientId" : "mlaps",
-    "rootUrl" : "https://mlaps.$YOURCOMPANY.com",
-    "adminUrl" : "https://mlaps.$YOURCOMPANY.com",
-    "baseUrl" : "https://mlaps.$YOURCOMPANY.com",
+    "rootUrl" : "https://mlaps.foobar.com",
+    "adminUrl" : "https://mlaps.foobar.com",
+    "baseUrl" : "https://mlaps.foobar.com",
     "surrogateAuthRequired" : false,
     "enabled" : true,
     "alwaysDisplayInConsole" : false,
     "clientAuthenticatorType" : "client-secret",
     "secret" : "7mF1V9zO8wsZIHOicQBAsqsYCaUqJqkC",
-    "redirectUris" : [ "https://mlaps.$YOURCOMPANY.com/oidc_callback" ],
-    "webOrigins" : [ "https://mlaps.$YOURCOMPANY.com" ],
+    "redirectUris" : [ "https://mlaps.foobar.com/authorize" ],
+    "webOrigins" : [ "https://mlaps.foobar.com" ],
     "notBefore" : 0,
     "bearerOnly" : false,
     "consentRequired" : false,

diff --git a/requirements.txt b/requirements.txt
@@ -1,6 +1,6 @@
 Flask
-flask_oidc_ex
-itsdangerous==2.0.1
+flask_oidc
+itsdangerous
 hvac
 Flask-APScheduler
 pyOpenSSL