feat(auth): add BankID OAuth provider

2026-03-22 15:12:08 +01:00 · 2025-10-11 21:16:53 +02:00
parent 32764ab1b0
commit a91aea805f
5 changed files with 107 additions and 4 deletions
--- a/7project/backend/app/oauth/bank_id.py
+++ b/7project/backend/app/oauth/bank_id.py
@@ -0,0 +1,49 @@
+import secrets
+from typing import Optional, Literal
+
+from httpx_oauth.clients.openid import OpenID
+from httpx_oauth.oauth2 import T
+
+
+class BankID(OpenID):
+    def __init__(self, client_id: str, client_secret: str):
+        super().__init__(
+            client_id,
+            client_secret,
+            "https://oidc.sandbox.bankid.cz/.well-known/openid-configuration",
+            "BankID",
+            base_scopes=["openid", "profile.email", "profile.name"],
+        )
+
+    async def get_user_info(self, token: str) -> dict:
+        info = await self.get_profile(token)
+
+        return {
+            "first_name": info.get("given_name"),
+            "last_name": info.get("family_name"),
+        }
+
+    async def get_authorization_url(
+            self,
+            redirect_uri: str,
+            state: Optional[str] = None,
+            scope: Optional[list[str]] = None,
+            code_challenge: Optional[str] = None,
+            code_challenge_method: Optional[Literal["plain", "S256"]] = None,
+            extras_params: Optional[T] = None,
+    ) -> str:
+        if extras_params is None:
+            extras_params = {}
+
+        # BankID requires random nonce parameter for security
+        # https://developer.bankid.cz/docs/security_sep
+        extras_params["nonce"] = secrets.token_urlsafe()
+
+        return await super().get_authorization_url(
+            redirect_uri,
+            state,
+            scope,
+            code_challenge,
+            code_challenge_method,
+            extras_params,
+        )