🐛 Generic OIDC authentication

itskovacs · itskovacs · commit aaf4a2cc6bff · 2025-07-24T18:55:18.000+02:00
diff --git a/backend/trip/config.py b/backend/trip/config.py
@@ -19,10 +19,8 @@ class Settings(BaseSettings):
 
     REGISTER_ENABLE: bool = True
     OIDC_DISCOVERY_URL: str = ""
-    OIDC_PROTOCOL: str = "https"
     OIDC_CLIENT_ID: str = ""
     OIDC_CLIENT_SECRET: str = ""
-    OIDC_HOST: str = ""
     OIDC_REDIRECT_URI: str = ""
 
     class Config:
diff --git a/backend/trip/routers/auth.py b/backend/trip/routers/auth.py
@@ -16,7 +16,7 @@
 async def auth_params() -> AuthParams:
     data = {"oidc": None, "register_enabled": settings.REGISTER_ENABLE}
 
-    if settings.OIDC_HOST and settings.OIDC_CLIENT_ID and settings.OIDC_CLIENT_SECRET:
+    if settings.OIDC_CLIENT_ID and settings.OIDC_CLIENT_SECRET:
         oidc_config = await get_oidc_config()
         auth_endpoint = oidc_config.get("authorization_endpoint")
         data["oidc"] = (
@@ -28,7 +28,7 @@ async def auth_params() -> AuthParams:
 
 @router.post("/oidc/login", response_model=Token)
 async def oidc_login(session: SessionDep, code: str = Body(..., embed=True)) -> Token:
-    if not (settings.OIDC_HOST or settings.OIDC_CLIENT_ID or settings.OIDC_CLIENT_SECRET):
+    if not (settings.OIDC_CLIENT_ID or settings.OIDC_CLIENT_SECRET):
         raise HTTPException(status_code=400, detail="Partial OIDC config")
 
     oidc_config = await get_oidc_config()
diff --git a/backend/trip/security.py b/backend/trip/security.py
@@ -71,9 +71,9 @@ async def get_oidc_config():
     if OIDC_CONFIG:
         return OIDC_CONFIG
 
-    discovery_url = f"{settings.OIDC_PROTOCOL}://{settings.OIDC_HOST}/.well-known/openid-configuration"
-    if settings.OIDC_DISCOVERY_URL:
-        discovery_url = settings.OIDC_DISCOVERY_URL
+    discovery_url = settings.OIDC_DISCOVERY_URL
+    if not discovery_url:
+        raise HTTPException(status_code=500, detail="OIDC_DISCOVERY_URL not configured")
 
     OIDC_CONFIG = await httpx_get(discovery_url)
     return OIDC_CONFIG
