Update OIDC config to match dotnet utils (#73)

* Allow multiple scopes * Configurable authority
cognitedata · Oct 20, 2020 · 68760c9 · 68760c9
1 parent d915ee6
commit 68760c9
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 9 deletions.
diff --git a/cognite/extractorutils/__init__.py b/cognite/extractorutils/__init__.py
@@ -16,4 +16,4 @@
 Cognite extractor utils is a Python package that simplifies the development of new extractors.
 """
 
-__version__ = "1.2.0"
+__version__ = "1.2.1"
diff --git a/cognite/extractorutils/authentication.py b/cognite/extractorutils/authentication.py
@@ -22,7 +22,8 @@ class from ``cognite.extractorutils.configtools`` your extractor will be configu
 import logging
 import time
 from dataclasses import dataclass
-from typing import Any, Dict
+from typing import Any, Dict, List
+from urllib.parse import urljoin
 
 import requests
 
@@ -32,13 +33,14 @@ class from ``cognite.extractorutils.configtools`` your extractor will be configu
 @dataclass
 class AuthenticatorConfig:
     """
-    Configuration parameters for Azure AD
+    Configuration parameters for an OIDC flow
     """
 
     tenant: str
     client_id: str
-    scope: str
+    scopes: List[str]
     secret: str
+    authority: str = "https://login.microsoftonline.com/"
     min_ttl: float = 30  # minimum time to live: refresh token ahead of expiration
 
 
@@ -67,9 +69,11 @@ def _request(self) -> Dict[str, Any]:
             "tenant": self._config.tenant,
             "client_secret": self._config.secret,
             "grant_type": "client_credentials",
-            "scope": self._config.scope,
+            "scope": " ".join(self._config.scopes),
         }
-        url = f"https://login.microsoftonline.com/{self._config.tenant}/oauth2/v2.0/token"
+        base_url = urljoin(self._config.authority, self._config.tenant)
+
+        url = f"{base_url}/oauth2/v2.0/token"
         r = requests.post(url, data=body)
         _logger.debug("Request AAD token: %d %s", r.status_code, r.reason)
         return r.json()

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "cognite-extractor-utils"
-version = "1.2.0"
+version = "1.2.1"
 description = "Utilities for easier development of extractors for CDF"
 authors = ["Mathias Lohne <[email protected]>"]
 license = "Apache-2.0"

diff --git a/tests/tests_unit/test_authentication.py b/tests/tests_unit/test_authentication.py
@@ -18,7 +18,7 @@
 
 from cognite.extractorutils.authentication import Authenticator, AuthenticatorConfig
 
-config = AuthenticatorConfig(tenant="tid", client_id="cid", scope="scp", secret="scrt",)
+config = AuthenticatorConfig(tenant="tid", client_id="cid", scopes=["scp"], secret="scrt",)
 
 
 def token(expires_in: int, t: str):

diff --git a/tests/tests_unit/test_configtools.py b/tests/tests_unit/test_configtools.py
@@ -175,7 +175,8 @@ def test_get_cognite_client_from_aad(self):
             tenant: foo
             client_id: cid
             secret: scrt
-            scope: scp
+            scopes: 
+                - scp
             min_ttl: 40
         project: tenant-name
         external-id-prefix: "test_"