Skip to content

config

Configuration for the STAC Auth Proxy.

Settings

Bases: BaseSettings

Configuration settings for the STAC Auth Proxy.

Parameters:

Name Type Description Default
upstream_url HttpUrl
required
oidc_discovery_url HttpUrl
required
oidc_discovery_internal_url HttpUrl
required
allowed_jwt_audiences Sequence[str] | None
None
root_path str
''
override_host bool
True
healthz_prefix str
'/healthz'
wait_for_upstream bool
True
check_conformance bool
True
enable_compression bool
True
openapi_spec_endpoint str | None
'/api'
openapi_auth_scheme_name str
'oidcAuth'
openapi_auth_scheme_override dict | None
None
swagger_ui_endpoint str | None
'/api.html'
swagger_ui_init_oauth dict

dict() -> new empty dictionary dict(mapping) -> new dictionary initialized from a mapping object's (key, value) pairs dict(iterable) -> new dictionary initialized as if via: d = {} for k, v in iterable: d[k] = v dict(**kwargs) -> new dictionary initialized with the name=value pairs in the keyword argument list. For example: dict(one=1, two=2)

 <class 'dict'>
enable_authentication_extension bool
True
default_public bool
False
public_endpoints dict[str, Sequence[Literal['GET', 'POST', 'PUT', 'DELETE', 'PATCH']]]
{'^/$': ['GET'], '^/api.html$': ['GET'], '^/api$': ['GET'], '^/conformance$': ['GET'], '^/docs/oauth2-redirect': ['GET'], '^/healthz': ['GET']}
private_endpoints dict[str, Sequence[Union[Literal['GET', 'POST', 'PUT', 'DELETE', 'PATCH'], tuple[Literal['GET', 'POST', 'PUT', 'DELETE', 'PATCH'], str]]]]
{'^/collections$': ['POST'], '^/collections/([^/]+)$': ['PUT', 'PATCH', 'DELETE'], '^/collections/([^/]+)/items$': ['POST'], '^/collections/([^/]+)/items/([^/]+)$': ['PUT', 'PATCH', 'DELETE'], '^/collections/([^/]+)/bulk_items$': ['POST']}
items_filter _ClassInput | None
None
items_filter_path str
'^(/collections/([^/]+)/items(/[^/]+)?$|/search$)'
collections_filter _ClassInput | None
None
collections_filter_path str
'^/collections(/[^/]+)?$'
Source code in src/stac_auth_proxy/config.py 
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
class Settings(BaseSettings):
    """Configuration settings for the STAC Auth Proxy."""

    # External URLs
    upstream_url: HttpUrl
    oidc_discovery_url: HttpUrl
    oidc_discovery_internal_url: HttpUrl
    allowed_jwt_audiences: Optional[Sequence[str]] = None

    root_path: str = ""
    override_host: bool = True
    healthz_prefix: str = Field(pattern=_PREFIX_PATTERN, default="/healthz")
    wait_for_upstream: bool = True
    check_conformance: bool = True
    enable_compression: bool = True

    # OpenAPI / Swagger UI
    openapi_spec_endpoint: Optional[str] = Field(
        pattern=_PREFIX_PATTERN, default="/api"
    )
    openapi_auth_scheme_name: str = "oidcAuth"
    openapi_auth_scheme_override: Optional[dict] = None
    swagger_ui_endpoint: Optional[str] = Field(
        pattern=_PREFIX_PATTERN, default="/api.html"
    )
    swagger_ui_init_oauth: dict = Field(default_factory=dict)

    # Auth
    enable_authentication_extension: bool = True
    default_public: bool = False
    public_endpoints: EndpointMethods = {
        r"^/$": ["GET"],
        r"^/api.html$": ["GET"],
        r"^/api$": ["GET"],
        r"^/conformance$": ["GET"],
        r"^/docs/oauth2-redirect": ["GET"],
        r"^/healthz": ["GET"],
    }
    private_endpoints: EndpointMethodsWithScope = {
        # https://github.com/stac-api-extensions/collection-transaction/blob/v1.0.0-beta.1/README.md#methods
        r"^/collections$": ["POST"],
        r"^/collections/([^/]+)$": ["PUT", "PATCH", "DELETE"],
        # https://github.com/stac-api-extensions/transaction/blob/v1.0.0-rc.3/README.md#methods
        r"^/collections/([^/]+)/items$": ["POST"],
        r"^/collections/([^/]+)/items/([^/]+)$": ["PUT", "PATCH", "DELETE"],
        # https://stac-utils.github.io/stac-fastapi/api/stac_fastapi/extensions/third_party/bulk_transactions/#bulktransactionextension
        r"^/collections/([^/]+)/bulk_items$": ["POST"],
    }

    # Filters
    items_filter: Optional[_ClassInput] = None
    items_filter_path: str = r"^(/collections/([^/]+)/items(/[^/]+)?$|/search$)"
    collections_filter: Optional[_ClassInput] = None
    collections_filter_path: str = r"^/collections(/[^/]+)?$"

    model_config = SettingsConfigDict(
        env_nested_delimiter="_",
    )

    @model_validator(mode="before")
    @classmethod
    def _default_oidc_discovery_internal_url(cls, data: Any) -> Any:
        """Set the internal OIDC discovery URL to the public URL if not set."""
        if not data.get("oidc_discovery_internal_url"):
            data["oidc_discovery_internal_url"] = data.get("oidc_discovery_url")
        return data

    @field_validator("allowed_jwt_audiences", mode="before")
    @classmethod
    def parse_audience(cls, v) -> Optional[Sequence[str]]:
        """Parse a comma separated string list of audiences into a list."""
        return str2list(v)

parse_audience(v) -> Optional[Sequence[str]] classmethod

Parse a comma separated string list of audiences into a list.

Source code in src/stac_auth_proxy/config.py 
110
111
112
113
114
@field_validator("allowed_jwt_audiences", mode="before")
@classmethod
def parse_audience(cls, v) -> Optional[Sequence[str]]:
    """Parse a comma separated string list of audiences into a list."""
    return str2list(v)

str2list(x: Optional[str] = None) -> Optional[Sequence[str]]

Convert string to list based on , delimiter.

Source code in src/stac_auth_proxy/config.py 
19
20
21
22
23
24
def str2list(x: Optional[str] = None) -> Optional[Sequence[str]]:
    """Convert string to list based on , delimiter."""
    if x:
        return x.replace(" ", "").split(",")

    return None