Skip to content

Commit 8a3ec88

Browse files
candlerbnijel
candlerb
authored and
nijel
committed
Add backend for Hashicorp Vault OIDC Provider
1 parent 77dcf3b commit 8a3ec88

File tree

2 files changed

+59
-0
lines changed

2 files changed

+59
-0
lines changed

social_core/backends/vault.py

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
"""
2+
Backend for Hashicorp Vault OIDC Identity Provider in Vault 1.9+
3+
https://www.vaultproject.io/docs/secrets/identity/oidc-provider
4+
"""
5+
import base64
6+
7+
from social_core.backends.open_id_connect import OpenIdConnectAuth
8+
from social_core.utils import cache
9+
10+
11+
12+
class VaultOpenIdConnect(OpenIdConnectAuth):
13+
"""
14+
Vault OIDC authentication backend
15+
16+
This is an alias for the generic OIDC backend
17+
"""
18+
name = 'vault'

social_core/tests/backends/test_vault.py

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
import json
2+
3+
from httpretty import HTTPretty
4+
5+
from .oauth import OAuth2Test
6+
from .test_open_id_connect import OpenIdConnectTestMixin
7+
8+
class VaultOpenIdConnectTest(OpenIdConnectTestMixin, OAuth2Test):
9+
backend_path = \
10+
'social_core.backends.vault.VaultOpenIdConnect'
11+
issuer = 'https://vault.example.net:8200/v1/identity/oidc/provider/default'
12+
openid_config_body = json.dumps({
13+
'issuer': 'https://vault.example.net:8200/v1/identity/oidc/provider/default',
14+
'jwks_uri': 'https://vault.example.net:8200/v1/identity/oidc/provider/default/.well-known/keys',
15+
'authorization_endpoint': 'https://vault.example.net:8200/ui/vault/identity/oidc/provider/default/authorize',
16+
'token_endpoint': 'https://vault.example.net:8200/v1/identity/oidc/provider/default/token',
17+
'userinfo_endpoint': 'https://vault.example.net:8200/v1/identity/oidc/provider/default/userinfo',
18+
'request_uri_parameter_supported': False,
19+
'grant_types_supported': [ 'authorization_code' ],
20+
'token_endpoint_auth_methods_supported': [ 'client_secret_basic' ],
21+
})
22+
23+
expected_username = 'cartman'
24+
25+
def extra_settings(self):
26+
settings = super().extra_settings()
27+
settings.update({
28+
f'SOCIAL_AUTH_{self.name}_OIDC_ENDPOINT': 'https://vault.example.net:8200/v1/identity/oidc/provider/default',
29+
})
30+
return settings
31+
32+
def pre_complete_callback(self, start_url):
33+
super().pre_complete_callback(start_url)
34+
HTTPretty.register_uri('GET',
35+
uri=self.backend.userinfo_url(),
36+
status=200,
37+
body=json.dumps({'preferred_username': self.expected_username}),
38+
content_type='text/json')
39+
40+
def test_everything_works(self):
41+
self.do_login()

0 commit comments

Comments
 (0)