diff options
Diffstat (limited to 'keystone/conf/oauth2.py')
-rw-r--r-- | keystone/conf/oauth2.py | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/keystone/conf/oauth2.py b/keystone/conf/oauth2.py new file mode 100644 index 000000000..dbe26cf59 --- /dev/null +++ b/keystone/conf/oauth2.py @@ -0,0 +1,52 @@ +# Copyright 2022 OpenStack Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from oslo_config import cfg + +from keystone.conf import utils + +oauth2_authn_methods = cfg.ListOpt( + 'oauth2_authn_methods', + default=['tls_client_auth', 'client_secret_basic'], + help=utils.fmt(""" +The OAuth2.0 authentication method supported by the system when user obtains +an access token through the OAuth2.0 token endpoint. This option can be set to +certificate or secret. If the option is not set, the default value is +certificate. When the option is set to secret, the OAuth2.0 token endpoint +uses client_secret_basic method for authentication, otherwise tls_client_auth +method is used for authentication. +""")) + +oauth2_cert_dn_mapping_id = cfg.StrOpt( + 'oauth2_cert_dn_mapping_id', + default='oauth2_mapping', + help=utils.fmt(""" +Used to define the mapping rule id. When not set, the mapping rule id is +oauth2_mapping. +""")) + + +GROUP_NAME = __name__.split('.')[-1] +ALL_OPTS = [ + oauth2_authn_methods, + oauth2_cert_dn_mapping_id +] + + +def register_opts(conf): + conf.register_opts(ALL_OPTS, group=GROUP_NAME) + + +def list_opts(): + return {GROUP_NAME: ALL_OPTS} |