backend/.env.sample

@@ -7,3 +7,4 @@ REDIRECT_URL="https://example.org/login-callback"
 SECRET_KEY=
 LOAD_INCLUSTER_CONFIG=false
 DATABASE_URL=sqlite:///database.db
+AUTHENTIK_BASEURL="https://sso.example.org/api/v3"

backend/config.py

@@ -1,11 +1,13 @@
 import os
 
+
 def env_file(key: str):
     file_env = os.environ.get(f"{key}_FILE")
     if file_env and os.path.exists(file_env):
         return open(file_env).read().rstrip('\n')
     return os.environ.get(key)
 
+
 SECRET_KEY = env_file("SECRET_KEY")
 
 HYDRA_CLIENT_ID = os.environ.get("HYDRA_CLIENT_ID")
@@ -28,4 +30,7 @@ SQLALCHEMY_TRACK_MODIFICATIONS = False
 # Set this to "true" to load the config from a Kubernetes serviceaccount
 # running in a Kubernetes pod. Set it to "false" to load the config from the
 # `KUBECONFIG` environment variable.
-LOAD_INCLUSTER_CONFIG = os.environ.get("LOAD_INCLUSTER_CONFIG").lower() == "true"
+LOAD_INCLUSTER_CONFIG = os.environ.get(
+    "LOAD_INCLUSTER_CONFIG").lower() == "true"
+
+AUTHENTIK_BASEURL = os.environ.get("AUTHENTIK_BASEURL")

backend/helpers/authentik_api.py

@@ -1,12 +1,11 @@
 from typing import List
 from flask_jwt_extended import get_jwt
 import requests
+
+from config import AUTHENTIK_BASEURL
 from .error_handler import AuthentikError
 
-AUTHENTIK_BASEURL = "https://dev.local-it.cloud/api/v3"
+class AuthentikApi:  # TODO: check if can be replaced with apispec generated api?
-
-
-class AuthentikApi: # TODO: check if can be replaced with apispec generated api?
     @staticmethod
     def __handleError(res):
         if res.status_code >= 400: