triviathang/backend/auth/__init__.py

from authlib.integrations.flask_client import OAuth

oauth = OAuth()


def init_oauth(app):
    """Initialize OAuth/OIDC client"""
    oauth.init_app(app)

    # Only register Authelia provider if OIDC_ISSUER is configured
    if app.config.get('OIDC_ISSUER'):
        oauth.register(
            name='authelia',
            client_id=app.config['OIDC_CLIENT_ID'],
            client_secret=app.config['OIDC_CLIENT_SECRET'],
            server_metadata_url=app.config['OIDC_ISSUER'] + '/.well-known/openid-configuration',
            client_kwargs={
                'scope': 'openid email profile',
                'token_endpoint_auth_method': 'client_secret_basic'
            }
        )
    else:
        app.logger.warning('OIDC_ISSUER not configured - OAuth authentication disabled')

    return oauth