Add SSO variables to configuration file, so they can be added to the environment files

[SaschaSchwarzK]

Desired Behavior

We are using the docker version of netbox and SSO with a Okta backend.

We have to change configuration.py to get the authentication settings from the environment variables.

I think it would be much more convenient for all users if they can simply add the settings for SSO(at least for the integrations outlined in the netbox documentation) in the environment variables, instead of editing the configuration.py. Just like this is done for most other settings as well.

Contrast to Current Behavior

Currently only the basic REMOTE_AUTH settings can be set in the environment variables.

Required Changes

I suggest to change the file configurations.py and add the lines below to support at least the SSO integrations outlined in the documentation.

SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY = environ.get('SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY')
SOCIAL_AUTH_OKTA_OPENIDCONNECT_SECRET = environ.get('SOCIAL_AUTH_OKTA_OPENIDCONNECT_SECRET')
SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL = environ.get('SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL')
SOCIAL_AUTH_AZUREAD_OAUTH2_KEY = environ.get('SOCIAL_AUTH_AZUREAD_OAUTH2_KEY')
SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET = environ.get('SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET')

Discussion: Benefits and Drawbacks

No response

[marsteel]

In case some one would like to pass python dict SOCIAL_AUTH_BACKEND_ATTRS as environment variable to customize SSO display name and icon, here is the solution by adding to extra.py. I'm using Keycloak

from os import environ
import base64
import pickle

# Use ENV
REMOTE_AUTH_BACKEND=environ.get('REMOTE_AUTH_BACKEND')
#SOCIAL_AUTH_BACKEND_ATTRS=environ.get('SOCIAL_AUTH_BACKEND_ATTRS')
if environ.get('SOCIAL_AUTH_BACKEND_ATTRS_BASE64') is not None:
    SOCIAL_AUTH_BACKEND_ATTRS=pickle.loads(base64.b64decode(environ.get('SOCIAL_AUTH_BACKEND_ATTRS_BASE64')))
    #print("Debug SOCIAL_AUTH_BACKEND_ATTRS")
    #print(SOCIAL_AUTH_BACKEND_ATTRS)

#import base64
#import pickle
#To pass below python dict
#SOCIAL_AUTH_BACKEND_ATTRS={
#    'keycloak': ("Login with Keycloak", "https://www.svgrepo.com/show/331455/keycloak.svg"),
#}
#}
#print(base64.b64encode(pickle.dumps(SOCIAL_AUTH_BACKEND_ATTRS)))
# Pass the result of base64.b64encode(pickle.dumps(SOCIAL_AUTH_BACKEND_ATTRS)) as AWS ECS Environment Variable(ENV).
# ENV name SOCIAL_AUTH_BACKEND_ATTRS_BASE64
# ENV value gASVWgAAAAAAAAB9lIwIa2V5Y2xvYWuUjBNMb2dpbiB3aXRoIEtleWNsb2FrlIwwaHR0cHM6Ly93d3cuc3ZncmVwby5jb20vc2hvdy8zMzE0NTUva2V5Y2xvYWsuc3ZnlIaUcy4=
# https://stackoverflow.com/questions/76248652/how-to-add-in-aws-env-variable-which-is-not-a-simple-string-contains-nested-br
# https://stackoverflow.com/questions/24508726/how-to-encode-python-dictionary

SOCIAL_AUTH_KEYCLOAK_KEY=environ.get('SOCIAL_AUTH_KEYCLOAK_KEY')
SOCIAL_AUTH_KEYCLOAK_SECRET=environ.get('SOCIAL_AUTH_KEYCLOAK_SECRET')
SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL=environ.get('SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL')
SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL=environ.get('SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL')
SOCIAL_AUTH_KEYCLOAK_ID_KEY=environ.get('SOCIAL_AUTH_KEYCLOAK_ID_KEY')
SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY=environ.get('SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY')

More
https://stackoverflow.com/questions/76248652/how-to-add-in-aws-env-variable-which-is-not-a-simple-string-contains-nested-br
https://stackoverflow.com/questions/24508726/how-to-encode-python-dictionary

[Jurka007]

Can you please add GOOGLE SSO variables as well:

SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = _read_secret('SOCIAL_AUTH_GOOGLE_OAUTH2_KEY', environ.get('SOCIAL_AUTH_GOOGLE_OAUTH2_KEY', ''))
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = _read_secret('SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET', environ.get('SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET', ''))

Thank you 🙏