summaryrefslogtreecommitdiffstats
path: root/aurweb/routers
diff options
context:
space:
mode:
Diffstat (limited to 'aurweb/routers')
-rw-r--r--aurweb/routers/__init__.py5
-rw-r--r--aurweb/routers/sso.py30
2 files changed, 35 insertions, 0 deletions
diff --git a/aurweb/routers/__init__.py b/aurweb/routers/__init__.py
new file mode 100644
index 00000000..35d43c03
--- /dev/null
+++ b/aurweb/routers/__init__.py
@@ -0,0 +1,5 @@
+"""
+API routers for FastAPI.
+
+See https://fastapi.tiangolo.com/tutorial/bigger-applications/
+"""
diff --git a/aurweb/routers/sso.py b/aurweb/routers/sso.py
new file mode 100644
index 00000000..b16edffb
--- /dev/null
+++ b/aurweb/routers/sso.py
@@ -0,0 +1,30 @@
+import fastapi
+
+from authlib.integrations.starlette_client import OAuth
+from starlette.requests import Request
+
+import aurweb.config
+
+router = fastapi.APIRouter()
+
+oauth = OAuth()
+oauth.register(
+ name="sso",
+ server_metadata_url=aurweb.config.get("sso", "openid_configuration"),
+ client_kwargs={"scope": "openid"},
+ client_id=aurweb.config.get("sso", "client_id"),
+ client_secret=aurweb.config.get("sso", "client_secret"),
+)
+
+
+@router.get("/sso/login")
+async def login(request: Request):
+ redirect_uri = aurweb.config.get("options", "aur_location") + "/sso/authenticate"
+ return await oauth.sso.authorize_redirect(request, redirect_uri, prompt="login")
+
+
+@router.get("/sso/authenticate")
+async def authenticate(request: Request):
+ token = await oauth.sso.authorize_access_token(request)
+ user = await oauth.sso.parse_id_token(request, token)
+ return dict(user)