Refactored and solved bugs

roles/docker-taiga/tasks/main.yml

@@ -14,17 +14,19 @@
   include_role: 
     name: docker-repository-setup
 
-- name: "template local.py for taiga-contrib-oidc-auth"
+- name: "copy templates {{ settings_files }} for taiga-contrib-oidc-auth"
   template:
-    src: taiga/local.py.j2
-    dest: "{{ docker_compose.directories.config }}taiga-local.py"
-  when: applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'taigaio'
+    src:  "taiga/{{item}}.py.j2"
+    dest: "{{ docker_compose.directories.config }}taiga-{{item}}.py"
+  when:   applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'taigaio'
+  notify: docker compose project build and setup
+  loop:   "{{ settings_files }}"
 
 - name: "create {{docker_compose_init}}"
   template:
     src:	"docker-compose-inits.yml.j2"
     dest:	"{{docker_compose_init}}"
-  notify: docker compose project setup
+  notify: docker compose project build and setup
 
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml

roles/docker-taiga/templates/docker-compose.yml.j2

@@ -44,7 +44,9 @@ services:
 
 {% if applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'taigaio' %}
 
-      - {{ docker_compose.directories.config }}taiga-local.py:/taiga-back/settings/local.py:ro
+{% for item in settings_files %}
+      - {{ docker_compose.directories.config }}taiga-{{ item }}.py:/taiga-back/settings/{{ item }}.py:ro
+{% endfor %}
 
 {% endif %}
 

roles/docker-taiga/templates/env.j2

@@ -53,7 +53,7 @@ ENABLE_TELEMETRY    =   True
 
 # OIDC via taigaio official contrib
 # @See https://github.com/taigaio/taiga-contrib-oidc-auth
-ENABLE_OIDC=True
+
 OIDC_RP_CLIENT_ID="{{ oidc.client.id }}"
 OIDC_RP_CLIENT_SECRET="{{ oidc.client.secret }}"
 OIDC_OP_AUTHORIZATION_ENDPOINT="{{ oidc.client.authorize_url }}"
@@ -61,10 +61,7 @@ OIDC_OP_TOKEN_ENDPOINT="{{ oidc.client.token_url }}"
 OIDC_OP_USER_ENDPOINT="{{ oidc.client.user_info_url }}"
 OIDC_RP_SIGN_ALGO="RS256"
 OIDC_RP_SCOPES="openid profile email"
-OIDC_USE_STATE=True
-OIDC_USE_NONCE=True
-OIDC_RP_CALLBACK_URL="{{ oidc.client.redirect_uri | default('') }}"
-OIDC_OP_JWKS_ENDPOINT="{{ oidc.client.jwks_url | default('') }}"
+OIDC_OP_JWKS_ENDPOINT="{{ oidc.client.certs }}"
 
 {% endif %}
 

roles/docker-taiga/templates/oidc/local.py.j2

@@ -9,16 +9,15 @@ AUTHENTICATION_BACKENDS = list(AUTHENTICATION_BACKENDS) + [
 
 ROOT_URLCONF = "settings.urls"
 
-OIDC_CALLBACK_CLASS = "taiga_contrib_oidc_auth.views.TaigaOIDCAuthenticationCallbackView"
-OIDC_RP_SCOPES = "openid profile email"
-OIDC_RP_SIGN_ALGO = "RS256"
-
-OIDC_BASE_URL = "{{ oidc.base_url }}"
-OIDC_OP_JWKS_ENDPOINT = OIDC_BASE_URL + "/Jwks"
-OIDC_OP_AUTHORIZATION_ENDPOINT = OIDC_BASE_URL + "/Authorization"
-OIDC_OP_TOKEN_ENDPOINT = OIDC_BASE_URL + "/Token"
-OIDC_OP_USER_ENDPOINT = OIDC_BASE_URL + "/UserInfo"
-
 import os
+
+OIDC_CALLBACK_CLASS = "taiga_contrib_oidc_auth.views.TaigaOIDCAuthenticationCallbackView"
+OIDC_RP_SCOPES = os.getenv("OIDC_RP_SCOPES")
+OIDC_RP_SIGN_ALGO = os.getenv("OIDC_RP_SIGN_ALGO")
+#OIDC_BASE_URL = "" @todo remove if not needed
+OIDC_OP_JWKS_ENDPOINT = os.getenv("OIDC_OP_JWKS_ENDPOINT")
+OIDC_OP_AUTHORIZATION_ENDPOINT = os.getenv("OIDC_OP_AUTHORIZATION_ENDPOINT")
+OIDC_OP_TOKEN_ENDPOINT = os.getenv("OIDC_OP_TOKEN_ENDPOINT")
+OIDC_OP_USER_ENDPOINT = os.getenv("OIDC_OP_USER_ENDPOINT")
 OIDC_RP_CLIENT_ID = os.getenv("OIDC_RP_CLIENT_ID")
 OIDC_RP_CLIENT_SECRET = os.getenv("OIDC_RP_CLIENT_SECRET")

roles/docker-taiga/templates/oidc/urls.py

@@ -0,0 +1,4 @@
+from taiga.urls import *
+urlpatterns += [
+    url(r"^oidc/", include("mozilla_django_oidc.urls")),
+]

roles/docker-taiga/vars/main.yml

@@ -11,3 +11,7 @@ taiga_image_frontend: >-
   {{ 'robrotheram/taiga-front-openid' if applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'robrotheram'
      else 'taigaio/taiga-front' }}
 taiga_frontend_conf_path:   "{{docker_compose.directories.config}}conf.json"
+
+settings_files:
+- urls
+- local