Skip to content

Commit

Permalink
feat: add OIDC_AUTH_URL and AFTER_LOGIN_URL env variables
Browse files Browse the repository at this point in the history
These variables are required by the OIDC Authservice to correctly redirect users along the
authentication flow.
* OIDC_AUTH_URL: is used as the URL tht Authservice will hit for initiating the auth flow
* AFTER_LOGIN_URL: is used for redirecting after login
These variables are required because the default behaviour of OIDC Authservice is to redirect to
URLs that can be undesired, by setting them up, we have a deterministic way of setting where users
should be redirected.

Part of canonical/bundle-kubeflow#608
  • Loading branch information
DnPlas committed Feb 23, 2024
1 parent 3d761e7 commit 93726f7
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions src/charm.py
Original file line number Diff line number Diff line change
Expand Up @@ -77,9 +77,13 @@ def service_environment(self):
dex_skip_urls = "/dex/" if not skip_urls else "/dex/," + skip_urls

ret_env_vars = {
"AFTER_LOGOUT_URL": self.model.config["public-url"],
"AFTER_LOGIN_URL": "/"
"AUTHSERVICE_URL_PREFIX": "/authservice/",
"CLIENT_ID": self.model.config["client-id"],
"CLIENT_SECRET": secret_key,
"DISABLE_USERINFO": True,
"OIDC_AUTH_URL": "/dex/auth",
"OIDC_PROVIDER": f"{self.public_url}/dex",
"OIDC_SCOPES": self.model.config["oidc-scopes"],
"SERVER_PORT": self._http_port,
Expand All @@ -90,8 +94,6 @@ def service_environment(self):
# Added to fix https://github.com/canonical/oidc-gatekeeper-operator/issues/64
"OIDC_STATE_STORE_PATH": "oidc_state.db",
"SKIP_AUTH_URLS": dex_skip_urls,
"AUTHSERVICE_URL_PREFIX": "/authservice/",
"AFTER_LOGOUT_URL": self.model.config["public-url"],
}

if self.model.config["ca-bundle"]:
Expand Down

0 comments on commit 93726f7

Please sign in to comment.