SOGIS my.so.ch Authentication

Authenticates through a my.so.ch JWE token.

The service will decrypt/decode the JWE, then:

Check whether the iss claim of the token matches one of the configured allowed_iss
Extract the userid from the claims (first non-empty claim of the configured userid_claims)
Validate whether the userid exists using the configured userid_verify_sql query, or check whether the userid shall be autoregistered using autoregistration_allowed_query and autoregistration_query.
Issue a JWT for QWC

Configuration

See sogis-mysoch-auth.json configuration schema.

All configuration options can also be set with the respective UPPER_CASE environment variables.

Install dependencies and run service:

uv run src/server.py

With config path:

CONFIG_PATH=/PATH/TO/CONFIGS/ uv run src/server.py

Name		Name	Last commit message	Last commit date
Latest commit History 34 Commits
.github/workflows		.github/workflows
schemas		schemas
src		src
.dockerignore		.dockerignore
Dockerfile		Dockerfile
README.md		README.md
pyproject.toml		pyproject.toml
requirements.txt		requirements.txt
uv.lock		uv.lock