member/member-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(keycloak): remove authentik naming and switch to keycloak-only paths

Browse Source
This commit is contained in:
Chris
2026-04-01 02:01:41 +08:00
parent 34fc865b30
commit 0bc667847d
21 changed files with 368 additions and 681 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
app/core/config.py
View File

@@ -17,17 +17,7 @@ class Settings(BaseSettings):
db_user: str = "member_ose"
db_password: str = ""
authentik_base_url: str = ""
authentik_admin_token: str = ""
authentik_verify_tls: bool = False
authentik_issuer: str = ""
authentik_jwks_url: str = ""
authentik_audience: str = ""
authentik_client_id: str = ""
authentik_client_secret: str = ""
authentik_token_endpoint: str = ""
authentik_userinfo_endpoint: str = ""
# Keycloak (preferred when configured)
# Keycloak only
keycloak_base_url: str = ""
keycloak_realm: str = ""
keycloak_verify_tls: bool = True
@@ -71,79 +61,53 @@ class Settings(BaseSettings):
f"{self.db_user}:{self.db_password}@{self.db_host}:{self.db_port}/{self.db_name}"
)
@property
def use_keycloak(self) -> bool:
return bool(self.keycloak_base_url and self.keycloak_realm)
@property
def idp_base_url(self) -> str:
if self.use_keycloak:
return self.keycloak_base_url.rstrip("/")
return self.authentik_base_url.rstrip("/")
return self.keycloak_base_url.rstrip("/")
@property
def idp_verify_tls(self) -> bool:
if self.use_keycloak:
return self.keycloak_verify_tls
return self.authentik_verify_tls
return self.keycloak_verify_tls
@property
def idp_issuer(self) -> str:
if self.use_keycloak:
if self.keycloak_issuer:
return self.keycloak_issuer.rstrip("/")
return f"{self.idp_base_url}/realms/{self.keycloak_realm}"
return self.authentik_issuer.rstrip("/")
if self.keycloak_issuer:
return self.keycloak_issuer.rstrip("/")
return f"{self.idp_base_url}/realms/{self.keycloak_realm}"
@property
def idp_jwks_url(self) -> str:
if self.use_keycloak:
if self.keycloak_jwks_url:
return self.keycloak_jwks_url
return f"{self.idp_issuer}/protocol/openid-connect/certs"
return self.authentik_jwks_url
if self.keycloak_jwks_url:
return self.keycloak_jwks_url
return f"{self.idp_issuer}/protocol/openid-connect/certs"
@property
def idp_audience(self) -> str:
if self.use_keycloak:
return self.keycloak_audience
return self.authentik_audience or self.authentik_client_id
return self.keycloak_audience
@property
def idp_client_id(self) -> str:
if self.use_keycloak:
return self.keycloak_client_id
return self.authentik_client_id
return self.keycloak_client_id
@property
def idp_client_secret(self) -> str:
if self.use_keycloak:
return self.keycloak_client_secret
return self.authentik_client_secret
return self.keycloak_client_secret
@property
def idp_token_endpoint(self) -> str:
if self.use_keycloak:
if self.keycloak_token_endpoint:
return self.keycloak_token_endpoint
return f"{self.idp_issuer}/protocol/openid-connect/token"
return self.authentik_token_endpoint or (f"{self.idp_base_url}/application/o/token/" if self.idp_base_url else "")
if self.keycloak_token_endpoint:
return self.keycloak_token_endpoint
return f"{self.idp_issuer}/protocol/openid-connect/token"
@property
def idp_userinfo_endpoint(self) -> str:
if self.use_keycloak:
if self.keycloak_userinfo_endpoint:
return self.keycloak_userinfo_endpoint
return f"{self.idp_issuer}/protocol/openid-connect/userinfo"
return self.authentik_userinfo_endpoint or (
f"{self.idp_base_url}/application/o/userinfo/" if self.idp_base_url else ""
)
if self.keycloak_userinfo_endpoint:
return self.keycloak_userinfo_endpoint
return f"{self.idp_issuer}/protocol/openid-connect/userinfo"
@property
def idp_authorize_endpoint(self) -> str:
if self.use_keycloak:
return f"{self.idp_issuer}/protocol/openid-connect/auth"
return f"{self.idp_base_url}/application/o/authorize/" if self.idp_base_url else ""
return f"{self.idp_issuer}/protocol/openid-connect/auth"
@lru_cache