Fork: 0
root / navi-1
Transfer to URL with SHA Find file
Newer
Older
navi-1 / navi / auth / client.py
@Eugene Sukhodolskiy Eugene Sukhodolskiy on 3 May 1 KB Multi-user auth via gnexus-auth OAuth + hybrid role/permission model
Raw Blame History 
"""GAuthClient singleton wired to navi config."""

from gnexus_gauth.client import GAuthClient
from gnexus_gauth.config import GAuthConfig
from gnexus_gauth.oauth import HttpTokenEndpoint
from gnexus_gauth.runtime import HttpRuntimeUserProvider
from gnexus_gauth.support import InMemoryPkceStore, InMemoryStateStore
from gnexus_gauth.webhook import HmacWebhookVerifier, JsonWebhookParser

from navi.config import settings

# Singleton instances, lazily created
_gauth_client: GAuthClient | None = None
_state_store: InMemoryStateStore | None = None
_pkce_store: InMemoryPkceStore | None = None


def get_gauth_client() -> GAuthClient:
    global _gauth_client, _state_store, _pkce_store
    if _gauth_client is None:
        config = GAuthConfig(
            base_url=settings.gnexus_auth_base_url,
            client_id=settings.gnexus_auth_client_id,
            client_secret=settings.gnexus_auth_client_secret,
            redirect_uri=settings.gnexus_auth_redirect_uri,
        )
        _state_store = InMemoryStateStore()
        _pkce_store = InMemoryPkceStore()
        _gauth_client = GAuthClient(
            config=config,
            token_endpoint=HttpTokenEndpoint(config),
            runtime_user_provider=HttpRuntimeUserProvider(config),
            webhook_verifier=HmacWebhookVerifier(config),
            webhook_parser=JsonWebhookParser(),
            state_store=_state_store,
            pkce_store=_pkce_store,
        )
    return _gauth_client