-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pass the configuration options in init_app
#171
Comments
RuntimeError: Working outside of application context.
This typically means that you attempted to use functionality that needed
the current application. To solve this, set up an application context
with app.app_context(). See the documentation for more information. So, this line 👇 won't work: >>> current_app.init_app({"default": user_provider_configuration}) You need access to the ...
post_logout_redirect_uris=url_for("endpoints.logout", _external=True),
... This 👆 won't work and not even this 👇: with app.app_context():
...
post_logout_redirect_uris=url_for("endpoints.logout", _external=True)
... This is because in order for the You need to restructure your code:
|
post_logout_redirect_uris = client._provider_configuration._client_registration_info.get( | |
'post_logout_redirect_uris') | |
if not post_logout_redirect_uris: | |
client._provider_configuration._client_registration_info[ | |
'post_logout_redirect_uris'] = self._get_urls_for_logout_views() | |
logger.debug( | |
f'''registering with post_logout_redirect_uris = { | |
client._provider_configuration._client_registration_info[ | |
'post_logout_redirect_uris']}''') | |
client.register() |
But it is recommended to explicitly declare it so that someone else reading your code can know it upfront.
Thank you for your answer. In my original post I actually oversimplified my actual code to get to the point. My real usecase has a setup closer to the run.py/auth.py/views.py you describe. The issue I have with your example is that the
This is why I suggest to pass the To be able to use views.pyfrom flask import Blueprint
from auth import auth
bp = Blueprint("endpoints", __name__)
@bp.get("/")
def index():
return "hello flask"
@bp.get("/logout")
@auth.oidc_logout
def logout():
return "You have been logged out!" run.pyfrom flask_pyoidc import OIDCAuthentication
from flask_pyoidc.provider_configuration import ClientMetadata, ProviderConfiguration
app = Flask(__name__)
auth = OIDCAuthentication({"default": None})
def setup_auth(app):
with app.app_context():
logout_url = url_for("myendpoint.logout", _external=True)
client_metadata = ClientMetadata(
client_id="client123",
client_secret="some_secret123",
post_logout_redirect_uris=[logout_url]
)
default_provider_config = ProviderConfiguration(issuer="https://idp.example.com", client_metadata=client_metadata)
auth._provider_configurations = {
"default": default_provider_configuration,
}
auth.init_app(app)
def create_app():
app.register_blueprint(blueprint=bp)
setup_auth(app)
return app
if __name__ == "__main__":
create_app().run() The hacky part being I would love to be able to initialize flask-pyoidc this way: app = Flask(__name__)
auth = OIDCAuthentication()
def setup_auth(app):
...
auth.init_app(app, {
"default": default_provider_configuration,
})
... |
Addresses zamzterz#171 Instead of hardcoding complete post logout redirect URI, oidc_logout should be able to resolve URL from the endpoint name of the view function. We are already doing this for routes that are directly created on app instance. This feature extends the functionality for routes created by Bueprints.
I think the bigger problem was that there was no way to dynamically resolve post logout redirect URI when logout routes are created by blueprints. The linked PR resolves that problem so you won't have to specify |
Thank you putting efforts in helping me to find a solution. I really appreciate this 🙇 There is another thing I forgot to mention: some of the values passed to I really think the ideal solution would be to be able to initialize an This two-steps configuration is a common pattern among other libraries like flask-babel, flask-caching, flask-cors or authlib. This is an example of implementation in a project with huge quantities of legacy code I have no control over, including configuring the OIDC settings by the configuration: https://github.com/numerique-gouv/b3desk/blob/main/web/b3desk/__init__.py#L182-L220 |
I encounter issues when initializing flask-pyoidc and using
url_for
to define callbacks URLs.There is a cycling dependency here, the
logout
endpoint needs aOIDCAuthentication
object, that needs aProviderConfiguration
, that callsurl_for
, that needs the endpoint to be initialized.I think this can be mitigated by delaying the
ProviderConfiguration
part, for instance with the help ofinit_app
. I suggest to pass the configuration options toinit_app
so this would be valid:What do you think?
The text was updated successfully, but these errors were encountered: