uis-cloud-computing/7project/backend/app/oauth/moje_id.py

import json
from typing import Optional, Literal

from httpx_oauth.clients.openid import OpenID
from httpx_oauth.oauth2 import OAuth2Token, GetAccessTokenError, T


# claims=%7B%22id_token%22%3A%7B%22birthdate%22%3A%7B%22essential%22%3Atrue%7D%2C%22name%22%3A%7B%22essential%22%3Atrue%7D%2C%22given_name%22%3A%7B%22essential%22%3Atrue%7D%2C%22family_name%22%3A%7B%22essential%22%3Atrue%7D%2C%22email%22%3A%7B%22essential%22%3Atrue%7D%2C%22address%22%3A%7B%22essential%22%3Afalse%7D%2C%22mojeid_valid%22%3A%7B%22essential%22%3Atrue%7D%7D%7D
class MojeIDOAuth(OpenID):
    def __init__(self, client_id: str, client_secret: str):
        super().__init__(
            client_id,
            client_secret,
            "https://mojeid.regtest.nic.cz/.well-known/openid-configuration/",
            "MojeID",
            base_scopes=["openid", "email", "profile"],
        )

    async def get_authorization_url(
            self,
            redirect_uri: str,
            state: Optional[str] = None,
            scope: Optional[list[str]] = None,
            code_challenge: Optional[str] = None,
            code_challenge_method: Optional[Literal["plain", "S256"]] = None,
            extras_params: Optional[T] = None,
    ) -> str:
        required_fields = {
            'id_token': {
                'name': {'essential': True},
                'given_name': {'essential': True},
                'family_name': {'essential': True},
                'email': {'essential': True},
                'mojeid_valid': {'essential': True},
            }}

        if extras_params is None:
            extras_params = {}
        extras_params["claims"] = json.dumps(required_fields)

        return await super().get_authorization_url(
            redirect_uri,
            state,
            scope,
            code_challenge,
            code_challenge_method,
            extras_params,
        )