Skip to content

Oauth2/OIDC client configuration

Dear @philipp.sommer

Due to the change in Helmholtz AAI's registration address, I wished to bring up a concern here. Oauth2/OIDC clients can currently log in at ~~~~~~~~https://login-dev.helmholtz.de~~~~\~\~\~\~.

I found The Helmholtz AAI registration address has not changed; however, there are two distinct locations where the Oauth2/OIDC client can be obtained. one with a login subdomain and the other with a login-dev subdomain. I have no clue what the distinction between them is! :)

There is an option to alter the HELMHOLTZ_AAI_CONF_URL address, but it cannot be changed. Because it has been considered as a constant, not as an attribute in app_settings.py.

#: openid configuration url of the Helmholtz AAI
#:
#: Can also be overwritten using the :attr:`HELMHOLTZ_CLIENT_KWS` setting.
#:
#: .. setting:: HELMHOLTZ_AAI_CONF_URL
HELMHOLTZ_AAI_CONF_URL = (
    "https://login.helmholtz.de/oauth2/.well-known/openid-configuration"
)

It can be changed like this to be configurable in settings.py:


HELMHOLTZ_AAI_CONF_URL : str = getattr(
    settings, 
    "HELMHOLTZ_AAI_CONF_URL", "https://login.helmholtz.de/oauth2/.well-known/openid-configuration"
)

By authentication, however, the client is redirected to the login-dev page where the token cannot be obtained for non-Oauth2/OIDC clients.

Another issue is receiving MismatchingStateError from localhost:8000/helmholtz-aai/auth/, while I already defined localhost:8000 and localhost:8000/helmholtz-aai/auth/ as OAuth client return URLs in my Oauth2/OIDC client account.

Edited by Mostafa Hadizadeh

A HIFIS Service | Privacy | Imprint | Support | Documentation | Changelog