Support customizing auth_scheme

alukach · alukach · commit 50589457df34 · 2025-04-13T09:02:23.000-07:00
diff --git a/src/stac_auth_proxy/app.py b/src/stac_auth_proxy/app.py
@@ -111,6 +111,8 @@ async def lifespan(app: FastAPI):
             private_endpoints=settings.private_endpoints,
             default_public=settings.default_public,
             root_path=settings.root_path,
+            auth_scheme_name=settings.openapi_auth_scheme_name,
+            auth_scheme_override=settings.openapi_auth_scheme_override,
         )
 
     if settings.items_filter:
diff --git a/src/stac_auth_proxy/config.py b/src/stac_auth_proxy/config.py
@@ -39,14 +39,17 @@ class Settings(BaseSettings):
     oidc_discovery_internal_url: HttpUrl
 
     root_path: str = ""
+    healthz_prefix: str = Field(pattern=_PREFIX_PATTERN, default="/healthz")
     wait_for_upstream: bool = True
     check_conformance: bool = True
     enable_compression: bool = True
-    enable_authentication_extension: bool = True
-    healthz_prefix: str = Field(pattern=_PREFIX_PATTERN, default="/healthz")
+
     openapi_spec_endpoint: Optional[str] = Field(pattern=_PREFIX_PATTERN, default=None)
+    openapi_auth_scheme_name: str = "oidcAuth"
+    openapi_auth_scheme_override: Optional[dict] = None
 
     # Auth
+    enable_authentication_extension: bool = True
     default_public: bool = False
     public_endpoints: EndpointMethodsNoScope = {
         r"^/api.html$": ["GET"],
diff --git a/src/stac_auth_proxy/middleware/UpdateOpenApiMiddleware.py b/src/stac_auth_proxy/middleware/UpdateOpenApiMiddleware.py
@@ -2,7 +2,7 @@
 
 import re
 from dataclasses import dataclass
-from typing import Any
+from typing import Any, Optional
 
 from starlette.datastructures import Headers
 from starlette.requests import Request
@@ -24,7 +24,8 @@ class OpenApiMiddleware(JsonResponseMiddleware):
     public_endpoints: EndpointMethods
     default_public: bool
     root_path: str = ""
-    oidc_auth_scheme_name: str = "oidcAuth"
+    auth_scheme_name: str = "oidcAuth"
+    auth_scheme_override: Optional[dict] = None
 
     json_content_type_expr: str = r"application/(vnd\.oai\.openapi\+json?|json)"
 
@@ -53,7 +54,7 @@ def transform_json(self, data: dict[str, Any], request: Request) -> dict[str, An
         # Add security scheme
         components = data.setdefault("components", {})
         securitySchemes = components.setdefault("securitySchemes", {})
-        securitySchemes[self.oidc_auth_scheme_name] = {
+        securitySchemes[self.auth_scheme_name] = self.auth_scheme_override or {
             "type": "openIdConnect",
             "openIdConnectUrl": self.oidc_config_url,
         }
@@ -70,6 +71,6 @@ def transform_json(self, data: dict[str, Any], request: Request) -> dict[str, An
                 )
                 if match.is_private:
                     config.setdefault("security", []).append(
-                        {self.oidc_auth_scheme_name: match.required_scopes}
+                        {self.auth_scheme_name: match.required_scopes}
                     )
         return data

Original file line number	Diff line number	Diff line change
`@@ -111,6 +111,8 @@ async def lifespan(app: FastAPI):`
`111`	`111`	`private_endpoints=settings.private_endpoints,`
`112`	`112`	`default_public=settings.default_public,`
`113`	`113`	`root_path=settings.root_path,`
	`114`	`+ auth_scheme_name=settings.openapi_auth_scheme_name,`
	`115`	`+ auth_scheme_override=settings.openapi_auth_scheme_override,`
`114`	`116`	`)`
`115`	`117`
`116`	`118`	`if settings.items_filter:`