What is PROVIDER_NAME used for?

Question

What is PROVIDER_NAME used for?

Closed this issue 4 years ago · 3 comments

I have successfully set up Flask-pyoidc with keycloak but I simply put a random string as provider name.

Is provider name just for info?
What is the "correct" approach? I'm new to authentication in general.

Based on the example in Flask-pyoidc\tests\test_flask_pyoidc.py my production code looks like this:

#blueprint setup
main_bp = Blueprint('main_bp', __name__,
                    template_folder='templates',
                    static_folder='static')

#auth setup
ISSUER = app.config['KEYCLOAK_DOMAIN']
CLIENT = app.config['KEYCLOAK_CLIENT']
PROVIDER_NAME = "pyoidc complaints if this is null. It would be embarrassing if anyone saw my hack."
PROVIDER_CONFIG = ProviderConfiguration(issuer=ISSUER,
                                         client_metadata=ClientMetadata(CLIENT, app.config['KEYCLOAK_SECRET']))

auth = OIDCAuthentication({PROVIDER_NAME: PROVIDER_CONFIG})
auth.init_app(app)

#routes
@main_bp.route('/profile', methods=['GET'])
@auth.oidc_auth(PROVIDER_NAME)
def profile():
    """Homepage route."""
    user_session = UserSession(flask.session)
    return jsonify(access_token=user_session.access_token,
                   id_token=user_session.id_token,
                   userinfo=user_session.userinfo)

Answer 1 · 2020-04-18T12:22:55.000Z

It's an identifier for each provider configuration. As Flask-pyoidc supports having multiple providers configured (e.g. if you want to offer login both via Google and Facebook), it needs some way to know which provider to use for different endpoints.

In your code you could set PROVIDER_NAME = 'keycloack' or similar. As long as the key in the configuration dictionary ({PROVIDER_NAME: PROVIDER_CONFIG}) matches the value used in the decorator (@auth.oidc_auth(PROVIDER_NAME)) it works.

Answer 2 · 2021-12-10T12:38:40.000Z

I have AWS Cognito as provider.
If I set up PROVIDER environment variable as 'cognito' it just doesn't work.
The PROVIDER_NAME has to be set to something like: 'cognito-idp.eu-central-1.amazonaws.com/eu-central-1_XyXy123'

Answer 3 · 2021-12-10T16:53:37.000Z

@agabriel-dpc As described above, the value ofPROVIDER_NAME is only used internally by the extension to differentiate between different providers you might have in your configuration.

The actual provider URL (cognito-idp.eu-central-1.amazonaws.com/eu-central-1_XyXy123) should go in the ProviderConfiguration object. See the documentation for more details.