Files
oidc2fer/docker-compose.yml
T
Jonathan Perret b50126675a 🔒️(oidc) return JWT from userinfo endpoint
AgentConnect apparently requires the userinfo endpoint to return a
signed JWT.
2024-04-29 16:35:33 +02:00

73 lines
2.2 KiB
YAML

services:
app-dev:
build:
context: .
target: development
args:
DOCKER_USER: ${DOCKER_USER:-1000}
user: ${DOCKER_USER:-1000}
image: oidc2fer:development
environment:
PYLINTHOME: /app/.pylint.d
BASE_URL: https://satosa.traefik.me
CLIENT_DB_JSON: |
{
"oidc-test-client": {
"response_types": [
"id_token",
"code"
],
"redirect_uris": [
"https://oidc-test-client.traefik.me/redirect_uri"
],
"client_secret": "oidc-test-secret",
"token_endpoint_auth_method": "client_secret_post"
}
}
env_file:
- env.d/development/common
- env.d/development/satosa
volumes:
- ./src/satosa:/app
oidc-test-client:
build: docker/oidc-test-client
depends_on:
- nginx # nginx must be up to override satosa.traefik.me resolution
- app-dev
stop_signal: SIGKILL
volumes:
- ./docker/oidc-test-client:/app
- ./env.d/development/certs/mkcert-root-ca.pem:/usr/local/share/ca-certificates/mkcert-root-ca.crt
# - run update-ca-certificates to make mkcert certificates valid
# - add startup delay because IDP must be available on boot
entrypoint: |
/bin/bash -c '
cat /usr/local/share/ca-certificates/mkcert-root-ca.crt >> $(python -m certifi)
sleep 1
cd /app
exec python app.py
'
environment:
OIDC_ROOT_URL: https://oidc-test-client.traefik.me
OIDC_PROVIDER: https://satosa.traefik.me
#OIDC_PROVIDER: https://oidc2fer-staging.beta.numerique.gouv.fr
OIDC_CLIENT_ID: oidc-test-client
OIDC_CLIENT_SECRET: oidc-test-secret
OIDC_SCOPES: openid,uid,given_name,usual_name,email
nginx:
image: nginx:1.25
ports:
- "443:443"
- "8081:8081"
volumes:
- ./docker/files/etc/nginx/conf.d:/etc/nginx/conf.d:ro
- ./env.d/development/certs:/etc/nginx/certs:ro
networks:
default:
aliases:
# expose proxy internally as the public names to make internal HTTPS work
- satosa.traefik.me
- oidc-test-client.traefik.me