fix(auth): add TODO comments for future env vars (reanahub#745)

tomondre · tomondre · commit 3e10f16fb511 · 2025-08-13T16:59:19.000+02:00
diff --git a/docs/openapi.json b/docs/openapi.json
@@ -10,9 +10,30 @@
     "/api/.well-known/openid-configuration": {
       "get": {
         "description": "Returns the OpenID configuration for the REANA server.",
+        "operationId": "get_openid_configuration",
+        "produces": [
+          "application/json"
+        ],
         "responses": {
           "200": {
-            "description": "OpenID configuration"
+            "description": "OpenID configuration",
+            "schema": {
+              "properties": {
+                "authorization_endpoint": {
+                  "type": "string"
+                },
+                "device_authorization_endpoint": {
+                  "type": "string"
+                },
+                "reana_client_id": {
+                  "type": "string"
+                },
+                "token_endpoint": {
+                  "type": "string"
+                }
+              },
+              "type": "object"
+            }
           },
           "404": {
             "description": "OpenID configuration not found"
diff --git a/reana_server/config.py b/reana_server/config.py
@@ -486,12 +486,19 @@ def _get_rate_limit(env_variable: str, default: str) -> str:
 
 # Authentication configuration
 # =====================
+# TODO The env location will be changed after `reana-server` jwt PR is merged and env variable structure agreed
 REANA_AUTH = {
     "openid": {
         "config_url": os.getenv(
-            "OPENID_CONFIG_URL",
+            "REANA_AUTH_OPENID_CONFIG_URL",
             "https://auth.cern.ch/auth/realms/cern/.well-known/openid-configuration",
-        )
-    }
+        ),
+    },
+    "client_id": os.getenv(
+        "REANA_AUTH_CLIENT_ID",
+        # TODO Change me to something more reasonable (currently it is just temp client_id)
+        # Used for CLI authentication to avoid extra configuration on client environments
+        "f671a136-8e92-45e5-83bd-05af1942e396",
+    ),
 }
 """Authentication configuration for REANA."""
diff --git a/reana_server/rest/auth.py b/reana_server/rest/auth.py
@@ -25,16 +25,31 @@ def get_openid_configuration():
       summary: Get OpenID Configuration
       description: >-
         Returns the OpenID configuration for the REANA server.
+      operationId: get_openid_configuration
+      produces:
+       - application/json
       responses:
-        '200':
+        200:
           description: >-
             OpenID configuration
+          schema:
+            type: object
+            properties:
+              device_authorization_endpoint:
+                type: string
+              authorization_endpoint:
+                type: string
+              token_endpoint:
+                type: string
+              reana_client_id:
+                type: string
         '404':
           description: OpenID configuration not found
         '500':
           description: Internal server error
     """
     try:
+        # TODO The env location will be changed after `reana-server` jwt PR is merged and env variable structure agreed
         url = REANA_AUTH["openid"]["config_url"]
 
         if not url:
@@ -43,6 +58,9 @@ def get_openid_configuration():
         if response.status_code == 404:
             return jsonify({"message": "OpenID configuration not found"}), 404
         response.raise_for_status()
-        return jsonify(response.json()), 200
+        openid_config = response.json()
+        openid_config["reana_client_id"] = REANA_AUTH["client_id"]
+
+        return jsonify(openid_config), 200
     except requests.RequestException:
         return jsonify({"message": "Failed to fetch OpenID configuration"}), 502
