From 3b347d3989592293661a47a5bac7645afb8d61d6 Mon Sep 17 00:00:00 2001
From: Frédéric Mangano-Tarumi <fmang@mg0.fr>
Date: Thu, 4 Jun 2020 22:00:20 +0200
Subject: Crude OpenID Connect client using Authlib

Developers can go to /sso/login to get redirected to the SSO. On
successful login, the ID token is displayed.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
---
 conf/config.defaults | 8 ++++++++
 conf/config.dev      | 9 +++++++++
 2 files changed, 17 insertions(+)

(limited to 'conf')

diff --git a/conf/config.defaults b/conf/config.defaults
index 447dacac..49259754 100644
--- a/conf/config.defaults
+++ b/conf/config.defaults
@@ -68,6 +68,14 @@ username-regex = [a-zA-Z0-9]+[.\-_]?[a-zA-Z0-9]+$
 git-serve-cmd = /usr/local/bin/aurweb-git-serve
 ssh-options = restrict
 
+[sso]
+openid_configuration =
+client_id =
+client_secret =
+
+[fastapi]
+session_secret =
+
 [serve]
 repo-path = /srv/http/aurweb/aur.git/
 repo-regex = [a-z0-9][a-z0-9.+_-]*$
diff --git a/conf/config.dev b/conf/config.dev
index d752f61f..893e8fd6 100644
--- a/conf/config.dev
+++ b/conf/config.dev
@@ -20,6 +20,12 @@ aur_location = http://127.0.0.1:8080
 disable_http_login = 0
 enable-maintenance = 0
 
+; Single sign-on
+[sso]
+openid_configuration = http://127.0.0.1:8083/auth/realms/aurweb/.well-known/openid-configuration
+client_id = aurweb
+client_secret =
+
 [php]
 ; Address PHP should bind when spawned in development mode by aurweb.spawn.
 bind_address = 127.0.0.1:8081
@@ -30,3 +36,6 @@ htmldir = YOUR_AUR_ROOT/web/html
 [fastapi]
 ; Address uvicorn should bind when spawned in development mode by aurweb.spawn.
 bind_address = 127.0.0.1:8082
+
+; Passphrase FastAPI uses to sign client-side sessions.
+session_secret = secret
-- 
cgit v1.2.3-24-g4f1b