This repository contains an example of how to use the pyoidc library to provide simple OpenID Connect authentication (using the "Code Flow").
The extension support both static and dynamic provider configuration discovery as well as static and dynamic client registration. The different modes of provider configuration can be combined in any way with the different client registration modes.
- Static provider configuration:
OIDCAuthentication(provider_configuration_info=provider_config), whereprovider_configis a dictionary containing the provider metadata. - Dynamic provider configuration:
OIDCAuthentication(issuer=issuer_url), whereissuer_urlis the issuer URL of the provider. - Static client registration:
OIDCAuthentication(client_registration_info=client_info), whereclient_infois all the registered metadata about the client. Theredirect_urisregistered with the provider MUST include<flask_url>/redirect_uri, where<flask_url>is the URL for the Flask application.
The application using this extension MUST set the following builtin configuration values of Flask:
SERVER_NAME(MUST be the same as<flask_url>if using static client registration)SECRET_KEY(this extension relies on Flask sessions, which requiresSECRET_KEY)
You may also configure the way Flask sessions handles the user session:
PERMANENT_SESSION(added by this extension; makes the session cookie expire after a configurable length of time instead of being tied to the browser session)PERMANENT_SESSION_LIFETIME(the lifetime of a permanent session)
See the Flask documentation for an exhaustive list of configuration options.
Have a look at the example Flask app in app.py for an idea of how to use it.