Davide Scaini
42bc476882
Add OIDC/OAuth2 endpoints to bincio-auth so it acts as a full IdP: GET /.well-known/openid-configuration GET /.well-known/jwks.json GET /oauth2/authorize (auth-code flow, redirects to /login/ if no session) POST /oauth2/token (exchanges code for RS256 id_token; PKCE supported) GET /oauth2/userinfo (Bearer token → profile claims) Infrastructure: - oauth2_clients + oauth2_codes tables in db.py with CRUD helpers - RS256 sign/verify helpers in tokens.py (create_id_token, get_jwks) - oidc_private_key_pem / oidc_issuer state + _issue_id_token in deps.py - serve_cmd reads BINCIO_OIDC_PRIVATE_KEY_FILE / BINCIO_OIDC_ISSUER env vars - `bincio-auth client add/list` commands for managing OAuth2 clients
53 lines
993 B
TOML
53 lines
993 B
TOML
[build-system]
|
|
requires = ["hatchling"]
|
|
build-backend = "hatchling.build"
|
|
|
|
[project]
|
|
name = "bincio-auth"
|
|
version = "0.1.0"
|
|
description = "Central authentication service for the Bincio platform"
|
|
requires-python = ">=3.12"
|
|
license = { text = "MIT" }
|
|
authors = [{ name = "Davide Brugali" }]
|
|
|
|
dependencies = [
|
|
"fastapi>=0.110",
|
|
"uvicorn[standard]>=0.29",
|
|
"python-multipart>=0.0.9",
|
|
"bcrypt>=4.1",
|
|
"PyJWT[crypto]>=2.8",
|
|
"cryptography>=42.0",
|
|
"click>=8.1",
|
|
"rich>=13.0",
|
|
]
|
|
|
|
[project.optional-dependencies]
|
|
dev = [
|
|
"pytest>=9.0",
|
|
"ruff>=0.9",
|
|
"mypy>=1.11",
|
|
"httpx>=0.28",
|
|
]
|
|
|
|
[project.scripts]
|
|
bincio-auth = "bincio.auth.cli:main"
|
|
|
|
[tool.hatch.build.targets.wheel]
|
|
packages = ["bincio"]
|
|
|
|
[tool.ruff]
|
|
line-length = 100
|
|
target-version = "py312"
|
|
|
|
[tool.ruff.lint]
|
|
select = ["E", "F", "I", "UP", "B", "SIM"]
|
|
ignore = ["E501"]
|
|
|
|
[tool.mypy]
|
|
python_version = "3.12"
|
|
strict = true
|
|
ignore_missing_imports = true
|
|
|
|
[tool.pytest.ini_options]
|
|
testpaths = ["tests"]
|