feat(sync): update oidc client generation urls to better auth standard

Author: Yuxiang-Huang

__meta/synchronizer/synchronizer/services/keycloak_synchronizer.py

@@ -12,10 +12,8 @@
 from synchronizer.utils import (
     ENVS,
     ENVS_LITERAL,
-    get_dev_server_url,
-    get_local_server_url,
-    get_prod_server_url,
-    get_staging_server_url,
+    get_frontend_url,
+    get_server_url,
 )
 
 from .abstract_synchronizer import AbstractSynchronizer
@@ -129,36 +127,16 @@ def create_client(
         self, client_id: str, website_slug: str, env: ENVS_LITERAL
     ) -> None:
         # Generate the URIs for the client
-        root_url = None
-        match env:
-            case "dev":
-                root_url = f"https://{website_slug}.slabs-dev.org"
-                server_url = get_dev_server_url(website_slug)
-            case "staging":
-                root_url = f"https://{website_slug}.slabs-staging.org"
-                server_url = get_staging_server_url(website_slug)
-            case "prod":
-                root_url = f"https://{website_slug}.scottylabs.org"
-                server_url = get_prod_server_url(website_slug)
-
-        if env == "local":
-            redirect_uris = [f"{get_local_server_url()}/auth/callback"]
-            post_logout_redirect_uris = "http://localhost:3000/*"
-        else:
-            redirect_uris = [f"{server_url}/auth/callback"]
-            # Permit any post-logout redirect URI with the same origin
-            post_logout_redirect_uris = "/*"
+        root_url = get_frontend_url(website_slug, env)
+        server_url = get_server_url(website_slug, env)
+        redirect_uris = [f"{server_url}/api/auth/oauth2/callback/keycloak"]
 
         # Create the client
         self.keycloak_admin.create_client(
             payload={
                 "clientId": client_id,
                 "rootUrl": root_url,
                 "redirectUris": redirect_uris,
-                # https://github.com/keycloak/keycloak/discussions/19087#discussioncomment-5338785
-                "attributes": {
-                    "post.logout.redirect.uris": post_logout_redirect_uris,
-                },
                 "serviceAccountsEnabled": True,
                 "frontchannelLogout": True,
                 "protocolMappers": [

__meta/synchronizer/synchronizer/utils/__init__.py

@@ -1,19 +1,13 @@
 from .env_urls import (
     ENVS,
     ENVS_LITERAL,
-    get_dev_server_url,
-    get_local_server_url,
-    get_prod_server_url,
+    get_frontend_url,
     get_server_url,
-    get_staging_server_url,
 )
 
 __all__ = [
     "ENVS",
     "ENVS_LITERAL",
-    "get_dev_server_url",
-    "get_local_server_url",
-    "get_prod_server_url",
+    "get_frontend_url",
     "get_server_url",
-    "get_staging_server_url",
 ]

__meta/synchronizer/synchronizer/utils/env_urls.py

@@ -31,3 +31,31 @@ def get_staging_server_url(website_slug: str) -> str:
 
 def get_prod_server_url(website_slug: str) -> str:
     return f"https://api.{website_slug}.scottylabs.org"
+
+
+def get_frontend_url(website_slug: str, env: ENVS_LITERAL) -> str:
+    match env:
+        case "local":
+            return get_local_frontend_url()
+        case "dev":
+            return get_dev_frontend_url(website_slug)
+        case "staging":
+            return get_staging_frontend_url(website_slug)
+        case "prod":
+            return get_prod_frontend_url(website_slug)
+
+
+def get_local_frontend_url() -> str:
+    return "http://localhost:3000"
+
+
+def get_dev_frontend_url(website_slug: str) -> str:
+    return f"https://{website_slug}.slabs-dev.org"
+
+
+def get_staging_frontend_url(website_slug: str) -> str:
+    return f"https://{website_slug}.slabs-staging.org"
+
+
+def get_prod_frontend_url(website_slug: str) -> str:
+    return f"https://{website_slug}.scottylabs.org"