atoti.config.authentication.oidc module¶
- class atoti.config.authentication.oidc.OidcConfig(provider_id, issuer_url, client_id, client_secret, name_claim=None, paths_to_authorities=None, scopes=None, role_mapping=None)¶
The OpenID Connect configuration.
Atoti+ is compliant with any OpenID Connect OAuth2 authentication provider (Auth0, Google, Keycloak, etc.).
Example
>>> config = { ... "authentication": { ... "oidc": { ... "provider_id": "auth0", ... "issuer_url": "https://example.auth0.com", ... "client_id": "some client ID", ... "client_secret": "some client secret", ... "name_claim": "email", ... "scopes": ["email", "profile"], ... "paths_to_authorities": ["paths/to/authorities"], ... "role_mapping": { ... "dev_team": {"ROLE_USER", "ROLE_DEV"}, ... "admin": {"ROLE_ADMIN"}, ... }, ... } ... } ... }
- issuer_url: str¶
The issuer URL parameter from the provider’s OpenID Connect configuration endpoint.
- name_claim: Optional[str] = None¶
The name of the claim in the ID token to use as the name of the user.
- paths_to_authorities: Optional[Sequence[str]] = None¶
The path to the authorities to use in atoti in the returned access token or ID token.
- provider_id: str¶
The name of the provider.
It is used to build the redirect URL:
f"{session_url}/login/oauth2/code/{provider_id}"
.