Skip to content

middleware

ies_pi_predict.api.middleware

init_oidc 

init_oidc(
    app: Flask,
    oidc_api_client_id: str,
    oauth2_redirect_url: str,
)

init_oidc sets up the OIDC authentication (see https://www.microsoft.com/en-us/security/business/security-101/what-is-openid-connect-oidc)

Parameters:

Name Type Description Default
app Flask

the flask application

 required
oidc_api_client_id str

the oidc client id

 required
oauth2_redirect_url str

the oauth2 redirect url

 required
Source code in src/ies_pi_predict/api/middleware.py 
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
def init_oidc(app: Flask, oidc_api_client_id: str, oauth2_redirect_url: str): # pragma: no cover
    """
    init_oidc sets up the OIDC authentication (see 
    https://www.microsoft.com/en-us/security/business/security-101/what-is-openid-connect-oidc)

    Args:
        app (Flask): the flask application
        oidc_api_client_id (str): the oidc client id
        oauth2_redirect_url (str): the oauth2 redirect url
    """    
    oidc_issuer_url = "https://connect.iesve.cloud/connect.iesve.cloud/B2C_1A_SIGNUP_SIGNIN/v2.0/"

    try:
        oidc_config = requests.get(f"{oidc_issuer_url}/.well-known/openid-configuration").json()
        jwks_uri = requests.get(oidc_config["jwks_uri"]).json()
    except requests.exceptions.RequestException as e:
        raise RuntimeError(f"Failed to fetch OIDC config: {e}")

    for key in jwks_uri["keys"]:
        if key["use"] == "sig":
            app.config["JWT_PUBLIC_KEY"] = RSAAlgorithm.from_jwk(dumps(key))
            break

    app.config["JWT_ALGORITHM"] = "RS256"
    app.config["oauth2RedirectUrl"] = oauth2_redirect_url
    app.config["JWT_DECODE_AUDIENCE"] = oidc_api_client_id
    app.config["JWT_IDENTITY_CLAIM"] = "azp"

    JWTManager(app)

init_swagger 

init_swagger(
    app: Flask,
    app_name: str,
    oidc_swagger_client_id: str,
    oidc_api_client_id: str,
    oauth2_redirect_url: str,
)

init_swagger sets up the swagger file

Parameters:

Name Type Description Default
app Flask

the flask application

 required
app_name str

the name of the app

 required
oidc_swagger_client_id str

the oidc client id for Swagger

 required
oidc_api_client_id str

the oidc client id for the API

 required
oauth2_redirect_url str

the oauth2 redirect url

 required
Source code in src/ies_pi_predict/api/middleware.py 
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
def init_swagger(app: Flask, app_name: str, oidc_swagger_client_id: str, oidc_api_client_id: str, oauth2_redirect_url: str): # pragma: no cover
    """
    init_swagger sets up the swagger file

    Args:
        app (Flask):the flask application
        app_name (str): the name of the app
        oidc_swagger_client_id (str): the oidc client id for Swagger
        oidc_api_client_id (str): the oidc client id for the API
        oauth2_redirect_url (str): the oauth2 redirect url
    """
    swagger_url = "/swagger"
    swagger_blueprint = get_swaggerui_blueprint(
        swagger_url,
        "/static/swagger.yaml",
        config={
            "app_name": app_name,
            "oauth2RedirectUrl": oauth2_redirect_url,
        },
        oauth_config={
            "clientId": oidc_swagger_client_id,
            "appName": app_name,
            "usePkceWithAuthorizationCodeGrant": True,
            "scopeSeparator": " ",
            "scopes": f"openid offline_access email https://connect.iesve.cloud/{oidc_api_client_id}/access_as_user"
        },
    )
    app.register_blueprint(swagger_blueprint, url_prefix=swagger_url)