Add login page

alukach · alukach · commit 9cbce610a1df · 2025-03-22T20:00:55.000-07:00
diff --git a/examples/mock_oidc_server/app.py b/examples/mock_oidc_server/app.py
@@ -14,13 +14,17 @@
 
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric import rsa
-from fastapi import FastAPI, Form, HTTPException
+from fastapi import FastAPI, Form, HTTPException, Request
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.responses import JSONResponse, RedirectResponse
+from fastapi.templating import Jinja2Templates
 from jose import jwt
 
 app = FastAPI()
 
+# Configure templates
+templates = Jinja2Templates(directory=str(Path(__file__).parent / "templates"))
+
 # Configure CORS
 app.add_middleware(
     CORSMiddleware,
@@ -39,7 +43,7 @@
     "REDIRECT_URI", "http://localhost:8000/docs/oauth2-redirect"
 )
 ISSUER = os.environ.get("ISSUER", "http://localhost:3000")
-SCOPES = os.environ.get("SCOPES", "")
+AVAILABLE_SCOPES = os.environ.get("SCOPES", "")
 KEY_ID = "1"
 
 
@@ -104,6 +108,7 @@ def int_to_base64url(value):
 authorization_codes = {}
 pkce_challenges = {}
 access_tokens = {}
+auth_requests = {}
 
 # Mock client registry
 CLIENT_REGISTRY = {
@@ -125,7 +130,7 @@ async def root():
 @app.get("/.well-known/openid-configuration")
 async def openid_configuration():
     """Return OpenID Connect configuration."""
-    scopes_set = set(["openid", "profile", *SCOPES.split(",")])
+    scopes_set = set(["openid", "profile", *AVAILABLE_SCOPES.split(",")])
     return {
         "issuer": ISSUER,
         "authorization_endpoint": f"{ISSUER}/authorize",
@@ -149,6 +154,7 @@ async def jwks():
 
 @app.get("/authorize")
 async def authorize(
+    request: Request,
     response_type: str,
     client_id: str,
     redirect_uri: str,
@@ -174,23 +180,60 @@ async def authorize(
         if code_challenge_method != "S256":
             raise HTTPException(status_code=400, detail="Only S256 PKCE is supported")
 
+    # Store the auth request details
+    request_id = os.urandom(16).hex()
+    auth_requests[request_id] = {
+        "client_id": client_id,
+        "redirect_uri": redirect_uri,
+        "state": state,
+        "scope": scope,
+        "code_challenge": code_challenge,
+        "code_challenge_method": code_challenge_method,
+    }
+
+    # Show login page
+    scopes = sorted(set(("openid profile " + scope).split()))
+    return templates.TemplateResponse(
+        "login.html",
+        {
+            "request": request,
+            "request_id": request_id,
+            "client_id": client_id,
+            "scopes": scopes,
+        },
+    )
+
+
+@app.post("/login")
+async def login(request_id: str = Form(...)):
+    """Handle login form submission."""
+    # Retrieve the stored auth request
+    if request_id not in auth_requests:
+        raise HTTPException(status_code=400, detail="Invalid request")
+
+    auth_request = auth_requests.pop(request_id)
+
     # Generate authorization code
     code = os.urandom(32).hex()
 
     # Store authorization details
     authorization_codes[code] = {
-        "client_id": client_id,
-        "redirect_uri": redirect_uri,
-        "scope": " ".join(sorted(set(("openid profile " + scope).split(" ")))),
+        "client_id": auth_request["client_id"],
+        "redirect_uri": auth_request["redirect_uri"],
+        "scope": " ".join(
+            sorted(set(("openid profile " + auth_request["scope"]).split(" ")))
+        ),
     }
 
     # Store PKCE challenge if provided
-    if code_challenge:
-        pkce_challenges[code] = code_challenge
+    if auth_request["code_challenge"]:
+        pkce_challenges[code] = auth_request["code_challenge"]
 
     # Redirect back to client with the code
-    params = {"code": code, "state": state}
-    return RedirectResponse(url=f"{redirect_uri}?{urlencode(params)}")
+    params = {"code": code, "state": auth_request["state"]}
+    return RedirectResponse(
+        url=f"{auth_request['redirect_uri']}?{urlencode(params)}", status_code=303
+    )
 
 
 @app.post("/token")
diff --git a/examples/mock_oidc_server/requirements.txt b/examples/mock_oidc_server/requirements.txt
@@ -2,4 +2,5 @@ fastapi==0.109.2
 uvicorn==0.27.1
 python-jose==3.3.0
 python-multipart==0.0.9
-cryptography==42.0.2 
+cryptography==42.0.2 
+Jinja2==3.1.6
diff --git a/examples/mock_oidc_server/templates/login.html b/examples/mock_oidc_server/templates/login.html
@@ -0,0 +1,99 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Mock OIDC Login</title>
+    <style>
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
+            display: flex;
+            justify-content: center;
+            align-items: center;
+            height: 100vh;
+            margin: 0;
+            background-color: #f5f5f5;
+        }
+        .login-container {
+            background: white;
+            padding: 2rem;
+            border-radius: 8px;
+            box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
+            text-align: center;
+            max-width: 400px;
+            width: 100%;
+        }
+        h1 {
+            color: #333;
+            margin-bottom: 1.5rem;
+        }
+        .info {
+            color: #666;
+            margin-bottom: 1rem;
+        }
+        .scopes {
+            background: #f8f9fa;
+            border-radius: 4px;
+            padding: 1rem;
+            margin-bottom: 2rem;
+            text-align: left;
+        }
+        .scopes h2 {
+            color: #495057;
+            font-size: 1rem;
+            margin: 0 0 0.5rem 0;
+        }
+        .scope-list {
+            list-style: none;
+            margin: 0;
+            padding: 0;
+        }
+        .scope-list li {
+            color: #666;
+            padding: 0.25rem 0;
+            font-size: 0.9rem;
+            font-family: monospace;
+        }
+        .scope-list li::before {
+            content: "✓";
+            color: #28a745;
+            margin-right: 0.5rem;
+        }
+        form {
+            display: flex;
+            justify-content: center;
+        }
+        button {
+            background-color: #007bff;
+            color: white;
+            border: none;
+            padding: 0.75rem 2rem;
+            border-radius: 4px;
+            cursor: pointer;
+            font-size: 1rem;
+            transition: background-color 0.2s;
+        }
+        button:hover {
+            background-color: #0056b3;
+        }
+    </style>
+</head>
+<body>
+    <div class="login-container">
+        <h1>Mock OIDC Login</h1>
+        <p class="info">
+            Application <strong>{{ client_id }}</strong> is requesting access to your account.
+        </p>
+        <div class="scopes">
+            <h2>Requested Permissions:</h2>
+            <ul class="scope-list">
+                {% for scope in scopes %}
+                <li>{{ scope }}</li>
+                {% endfor %}
+            </ul>
+        </div>
+        <form method="POST" action="/login">
+            <input type="hidden" name="request_id" value="{{ request_id }}">
+            <button type="submit">Continue with Login</button>
+        </form>
+    </div>
+</body>
+</html> 
