css-test/app/core/auth.py

from functools import lru_cache

from authlib.integrations.starlette_client import OAuth

from app.core.settings import get_settings


@lru_cache
def get_oauth() -> OAuth:
    settings = get_settings()
    oauth = OAuth()
    verify_ssl: bool | str = (
        settings.azure_oauth_ca_bundle
        if settings.azure_oauth_ca_bundle
        else settings.azure_oauth_verify_ssl
    )
    oauth.register(
        name="azure",
        client_id=settings.azure_client_id,
        client_secret=settings.azure_client_secret,
        server_metadata_url=(
            f"https://login.microsoftonline.com/{settings.azure_tenant_id}"
            "/v2.0/.well-known/openid-configuration"
        ),
        client_kwargs={"scope": "openid profile email", "verify": verify_ssl},
    )
    return oauth