Skip to content

Singleton #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ski7777 wants to merge 12 commits into
base: main
Choose a base branch
from
Open

Singleton #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
5fa3577
oidc discovery
ski7777 Aug 21, 2025
072dfdf
rework config error handling
ski7777 Aug 21, 2025
7c8b09b
docu
ski7777 Aug 21, 2025
7e28f73
bugfix
ski7777 Aug 21, 2025
8902ebd
Revert "bugfix"
ski7777 Aug 21, 2025
456fa07
bugfix jwks_uri
ski7777 Aug 21, 2025
c4abf19
bugfix value handling
ski7777 Aug 21, 2025
3d0b4ca
bugfix override value handling
ski7777 Aug 21, 2025
8c69332
more bugfixes
ski7777 Aug 21, 2025
bb41f17
resolve https://github.com/thegcat/pretix-oidc/pull/11/files/8c693320…
ski7777 Dec 9, 2025
4662851
resolve https://github.com/thegcat/pretix-oidc/pull/11/files/8c693320…
ski7777 Dec 9, 2025
fcdfba0
build singleton
ski7777 Dec 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,14 @@ your `pretix.cfg`. Add the OIDC configuration to that same file in a new
# label on the login button,
# default: Login with OpenID connect
title=
# issuer must be set
issuer=
# all endpoints are normally autodiscovered
# autodiscover might be disabled by setting skip_provider_discovery=True
skip_provider_discovery=
# OIDC URIs, can generally be found unter .well-known/openid-configuration
# of your OIDC endpoint
issuer=
# to override autodiscovered values or manually seeting them when autodiscover is disabled, set them manually
authorization_endpoint=
token_endpoint=
userinfo_endpoint=
Expand Down
41 changes: 34 additions & 7 deletions pretix_oidc/auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,16 @@ def __init__(self):
"oidc", "title", fallback="Login with OpenID connect"
)

# setting config.get to None and ProviderConfigurationResponse handles empty string as unset we can use this
# object as override values
op_info = ProviderConfigurationResponse(
version="1.0",
issuer=config.get("oidc", "issuer"),
authorization_endpoint=config.get("oidc", "authorization_endpoint"),
token_endpoint=config.get("oidc", "token_endpoint"),
userinfo_endpoint=config.get("oidc", "userinfo_endpoint"),
end_session_endpoint=config.get("oidc", "end_session_endpoint"),
jwks_uri=config.get("oidc", "jwks_uri"),
authorization_endpoint=config.get("oidc", "authorization_endpoint", fallback=""),
token_endpoint=config.get("oidc", "token_endpoint", fallback=""),
userinfo_endpoint=config.get("oidc", "userinfo_endpoint", fallback=""),
end_session_endpoint=config.get("oidc", "end_session_endpoint", fallback=""),
jwks_uri=config.get("oidc", "jwks_uri", fallback=""),
)

client_reg = RegistrationResponse(
Expand All @@ -39,15 +41,38 @@ def __init__(self):
)

self.client = Client(client_authn_method=CLIENT_AUTHN_METHOD)
if not config.get("oidc", "skip_provider_discovery", fallback=False):
# If skip_provider_discovery is set, we do not fetch the provider config
# but use the provided information directly.
self.client.provider_config(op_info["issuer"])
self.client.handle_provider_config(op_info, op_info["issuer"])

missing_endpoints = {
"authorization_endpoint",
"token_endpoint",
"userinfo_endpoint",
"end_session_endpoint"
} - {
k
for k,v
in self.client.__dict__.items()
if k.endswith("_endpoint") and v is not None
}
if len(missing_endpoints)>0:
logger.error("Please specify " + ", ".join(sorted(missing_endpoints)) + " in [oidc] section in pretix.cfg")
# check whether we have at least one key for the issuer
if len(self.client.keyjar.get_issuer_keys(self.client.issuer)) == 0:
logger.error(
"Please specify jwks_uri in [oidc] section in pretix.cfg or ensure that the issuer supports jwks_uri discovery."
)
self.client.handle_provider_config(op_info, op_info["issuer"])
self.client.store_registration_info(client_reg)
self.client.redirect_uris = [None]

self.scopes = config.get("oidc", "scopes", fallback="openid").split(",")
except (NoSectionError, NoOptionError):
logger.error(
"Please specify issuer, authorization_endpoint, token_endpoint, userinfo_endpoint, end_session_endpoint, jwks_uri, client_id and client_secret "
"in [oidc] section in pretix.cfg"
"Please specify issuer, client_id and client_secret in [oidc] section in pretix.cfg"
)

@property
Expand Down Expand Up @@ -128,3 +153,5 @@ def process_callback(self, request):
}

return [user_data, id_token]

auth_backend = OIDCAuthBackend()
3 changes: 1 addition & 2 deletions pretix_oidc/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,12 @@
from pretix.helpers.compat import CompatDeleteView
from pretix.settings import config

from .auth import OIDCAuthBackend # NOQA
from .auth import auth_backend # NOQA
from .forms import OIDCAssignmentRuleForm
from .models import OIDCTeamAssignmentRule


def oidc_callback(request):
auth_backend = OIDCAuthBackend()
user_data, id_token = auth_backend.process_callback(request)

if user_data is None:
Expand Down
Loading