hzhang
54b6103880
- Generic OIDC (Authlib discovery) Authorization Code flow; backend
issues the existing HS256 JWT on success. Unbound identities are
rejected (no auto-provisioning).
- User.oidc_issuer/oidc_subject (unique together) + startup migration.
- PUT/DELETE /users/{id}/oidc-binding (admin or account-manager;
JWT or API key; 409 on conflict). Self-link /auth/oidc/link
(non-OIDC_ONLY only). Public GET /auth/config.
- HARBORFORGE_OIDC_ONLY: /auth/token rejected, create/update ignore
password (passwordless users; API keys + OIDC still work).
- Dockerfile ARG/ENV HARBORFORGE_OIDC_ONLY; authlib+itsdangerous deps;
SessionMiddleware for OIDC state. Fixed _user_response to expose
the new binding fields.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
17 lines
315 B
Plaintext
17 lines
315 B
Plaintext
fastapi==0.109.0
|
|
uvicorn[standard]==0.27.0
|
|
sqlalchemy==2.0.25
|
|
pymysql==1.1.0
|
|
pydantic==2.5.3
|
|
pydantic-settings==2.1.0
|
|
python-jose[cryptography]==3.3.0
|
|
passlib[bcrypt]==1.7.4
|
|
bcrypt==4.0.1
|
|
python-multipart==0.0.6
|
|
alembic==1.13.1
|
|
python-dotenv==1.0.0
|
|
httpx==0.27.0
|
|
requests==2.31.0
|
|
authlib==1.3.2
|
|
itsdangerous==2.2.0
|