public/hass-oidc-auth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2131fe5d368aec6d1d40ac0ddcf977d250c179dc
hass-oidc-auth/custom_components/auth_oidc/__init__.py
Baptiste Roux 2131fe5d36 fix: group mapping (#13)
2025-01-01 16:28:48 +01:00

77 lines
2.2 KiB
Python
Raw Blame History

"""OIDC Integration for Home Assistant."""
import logging
from typing import OrderedDict
from homeassistant.core import HomeAssistant
# Import and re-export config schema explictly
# pylint: disable=useless-import-alias
from .config import (
CONFIG_SCHEMA as CONFIG_SCHEMA,
DOMAIN,
DEFAULT_TITLE,
CLIENT_ID,
CLIENT_SECRET,
DISCOVERY_URL,
DISPLAY_NAME,
ID_TOKEN_SIGNING_ALGORITHM,
FEATURES,
CLAIMS,
)
# pylint: enable=useless-import-alias
from .endpoints.welcome import OIDCWelcomeView
from .endpoints.redirect import OIDCRedirectView
from .endpoints.finish import OIDCFinishView
from .endpoints.callback import OIDCCallbackView
from .oidc_client import OIDCClient
from .provider import OpenIDAuthProvider
_LOGGER = logging.getLogger(__name__)
async def async_setup(hass: HomeAssistant, config):
"""Add the OIDC Auth Provider to the providers in Home Assistant"""
my_config = config[DOMAIN]
providers = OrderedDict()
# Use private APIs until there is a real auth platform
# pylint: disable=protected-access
provider = OpenIDAuthProvider(hass, hass.auth._store, my_config)
providers[(provider.type, provider.id)] = provider
providers.update(hass.auth._providers)
hass.auth._providers = providers
# pylint: enable=protected-access
_LOGGER.info("Registered OIDC provider")
# We only use openid, profile & groups, never email
scope = "openid profile groups"
oidc_client = oidc_client = OIDCClient(
discovery_url=my_config.get(DISCOVERY_URL),
client_id=my_config.get(CLIENT_ID),
scope=scope,
client_secret=my_config.get(CLIENT_SECRET),
id_token_signing_alg=my_config.get(ID_TOKEN_SIGNING_ALGORITHM),
features=my_config.get(FEATURES, {}),
claims=my_config.get(CLAIMS, {}),
)
# Register the views
name = config[DOMAIN].get(DISPLAY_NAME, DEFAULT_TITLE)
hass.http.register_view(OIDCWelcomeView(name))
hass.http.register_view(OIDCRedirectView(oidc_client))
hass.http.register_view(OIDCCallbackView(oidc_client, provider))
hass.http.register_view(OIDCFinishView())
_LOGGER.info("Registered OIDC views")
return True
Reference in New Issue View Git Blame Copy Permalink