I signed up for IBM Cloud App ID to protect access to my cloud application. There is a sample that shows that the service can be used with Python. However, I want to use one of the (standard) OpenID Connect modules. How can I configure, e.g., Flask-pyoidc to work with App ID? It requires a couple of parameters and I am unsure how they relate to what App ID provides.
provider_config = {
'issuer': 'https://op.example.com',
'authorization_endpoint': 'https://op.example.com/authorize',
'token_endpoint': 'https://op.example.com/token',
'userinfo_endpoint': 'https://op.example.com/userinfo'
}
auth = OIDCAuthentication(provider_configuration_info=provider_config)
Here is how the provider_config can be configured.
provider_config={
"issuer": "appid-oauth.ng.bluemix.net",
"authorization_endpoint": appIDInfo['oauthServerUrl']+"/authorization",
"token_endpoint": appIDInfo['oauthServerUrl']+"/token",
"userinfo_endpoint": appIDInfo['profilesUrl']+"/api/v1/attributes",
"jwks_uri": appIDInfo['oauthServerUrl']+"/publickeys"
}
appIDInfo is either obtained from the Cloud Foundry environment on IBM Cloud or can be configured manually with a structure like the following:
"AppID": {
"clientId": "your App ID client Id",
"managementUrl": "https://appid-management.ng.bluemix.net/management/v4/-----tenantID----",
"oauthServerUrl": "https://appid-oauth.ng.bluemix.net/oauth/v3/-----tenantID----",
"profilesUrl": "https://appid-profiles.ng.bluemix.net",
"secret": "the App ID secret",
"tenantId": "-----tenantID----",
"version": 3
}
The clientId and secret would then be used to populate the client_info object required by Flask-pyoidc. I have sample code using Flask-pyoidc with App ID in a GitHub repository. It shows all the steps from the configuration to using the decorators to protect the app routes in Flask.