brut/bincio-auth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: OIDC Identity Provider — Phase 1 endpoints

Browse Source 
Add OIDC/OAuth2 endpoints to bincio-auth so it acts as a full IdP:
  GET  /.well-known/openid-configuration
  GET  /.well-known/jwks.json
  GET  /oauth2/authorize  (auth-code flow, redirects to /login/ if no session)
  POST /oauth2/token      (exchanges code for RS256 id_token; PKCE supported)
  GET  /oauth2/userinfo   (Bearer token → profile claims)

Infrastructure:
  - oauth2_clients + oauth2_codes tables in db.py with CRUD helpers
  - RS256 sign/verify helpers in tokens.py (create_id_token, get_jwks)
  - oidc_private_key_pem / oidc_issuer state + _issue_id_token in deps.py
  - serve_cmd reads BINCIO_OIDC_PRIVATE_KEY_FILE / BINCIO_OIDC_ISSUER env vars
  - `bincio-auth client add/list` commands for managing OAuth2 clients
This commit is contained in:
Davide Scaini
2026-06-03 15:11:43 +02:00
parent c341c27ad4
commit 42bc476882
7 changed files with 525 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
bincio/auth/server.py
+2 -2
View File
@@ -6,7 +6,7 @@ from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware
from fastapi.middleware.gzip import GZipMiddleware
from bincio.auth.routers import admin, auth, invites
from bincio.auth.routers import admin, auth, invites, oidc
app = FastAPI(title="bincio-auth")
@@ -19,5 +19,5 @@ app.add_middleware(
allow_headers=["Content-Type", "Authorization"],
)
for _router in [auth.router, invites.router, admin.router]:
for _router in [auth.router, invites.router, admin.router, oidc.router]:
app.include_router(_router)