Simplify app by removing concept of client id & secret

alukach · alukach · commit 8f07eb79bbd1 · 2025-03-22T20:14:33.000-07:00
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -61,9 +61,6 @@ services:
     build:
       context: ./examples/mock_oidc_server
     environment:
-      CLIENT_ID: stac
-      CLIENT_SECRET: secret
-      REDIRECT_URI: http://localhost:8000/docs/oauth2-redirect
       ISSUER: http://localhost:8888
       SCOPES: item:create,item:update,item:delete,collection:create,collection:update,collection:delete
       PORT: 8888
diff --git a/examples/mock_oidc_server/app.py b/examples/mock_oidc_server/app.py
@@ -37,11 +37,6 @@
 )
 
 # Configuration
-CLIENT_ID = os.environ.get("CLIENT_ID", "stac")
-CLIENT_SECRET = os.environ.get("CLIENT_SECRET", "secret")
-REDIRECT_URI = os.environ.get(
-    "REDIRECT_URI", "http://localhost:8000/docs/oauth2-redirect"
-)
 ISSUER = os.environ.get("ISSUER", "http://localhost:3000")
 AVAILABLE_SCOPES = os.environ.get("SCOPES", "")
 KEY_ID = "1"
@@ -110,15 +105,6 @@ def int_to_base64url(value):
 access_tokens = {}
 auth_requests = {}
 
-# Mock client registry
-CLIENT_REGISTRY = {
-    CLIENT_ID: {
-        "client_secret": CLIENT_SECRET,
-        "redirect_uris": [REDIRECT_URI],
-        "grant_types": ["authorization_code"],
-    }
-}
-
 
 @app.get("/")
 async def root():
@@ -167,14 +153,6 @@ async def authorize(
     if response_type != "code":
         raise HTTPException(status_code=400, detail="Invalid response type")
 
-    # Validate client
-    if client_id not in CLIENT_REGISTRY:
-        raise HTTPException(status_code=400, detail="Invalid client_id")
-
-    # Validate redirect URI
-    if redirect_uri not in CLIENT_REGISTRY[client_id]["redirect_uris"]:
-        raise HTTPException(status_code=400, detail="Invalid redirect_uri")
-
     # Validate PKCE if provided
     if code_challenge is not None:
         if code_challenge_method != "S256":
@@ -277,13 +255,6 @@ async def token(
 
         if computed_challenge != code_challenge:
             raise HTTPException(status_code=400, detail="Invalid code verifier")
-    else:
-        # If not PKCE, verify client secret
-        if not client_secret:
-            raise HTTPException(status_code=400, detail="Client secret required")
-
-        if client_secret != CLIENT_REGISTRY[client_id]["client_secret"]:
-            raise HTTPException(status_code=400, detail="Invalid client secret")
 
     # Clean up the used code and PKCE challenge
     del authorization_codes[code]
