verdan
commented
4 years ago My suggestion here is to remove these variables setting part from Config altogether and use the environment variables instead. This is much more flexible to set and customise. I am going to implement all the variables for flask-oidc and also flaskoidc both via environment variables to remove the confusion. This way we'll be able to use all the flask-oidc config variables via environment variables without prefixing or postfixing extra strings too.
cc: @pPanda-beta @caddac
pPanda-beta
Right now the support is given for a few OpenIDConnect configurations. But some important ones are missed.
Another problem is hardcoded value of SESSION_TYPE.
Where?
https://github.com/verdan/flaskoidc/blob/76d168d680d11bd29456825075a4b5e71c79b7bf/flaskoidc/config.py
What?
Support providing any number of configurations without knowing the keys. Some important ones are :
How?
Follow a pattern of
FLASK_OIDC_some_magic_key=same_fancy_valueto generateBaseConfig.som_magic_key = some_fancy_valueand scrape all env vars. Its good to have default values but bad to hardcode those and not giving a choice to override. Tomorrow if flask_oidc introduces a new config variable, u dont have to maintain ur lib for that.Context?
I was using amundsen frontend with flaskoidc as auth layer wrapper, and following is the kubernetes deployment architecture :
Browser(Client) --(HTTPS)--> Nginx Ingress Controller --(HTTP, port:5000)--> Amundsen-Frontend-Pod
So flask_oidc was detecting the wrong redirect_uri, (which I was able to fix by using proxy_redirect, aka find and replace in location header for 3xx) as well as it is sending a "state" variable which holds the redirect_uri in a JWT. So no escape by hacking the nginx router. Only solution is injecting OVERWRITE_REDIRECT_URI.
Also as I'm using k8s, things are under extreme isolation and high security. So I dont want to slow down my website with a sqlite session store. So want SESSION_TYPE also configurable.
Current hack