config = {
    "authorization_endpoint": "http://172.17.0.1:8000/login",
    "token_endpoint": "http://172.17.0.1:8000/token",
}

secret_key = b'-----BEGIN PRIVATE KEY-----...'

import jwt
from aiohttp import web


cache = {}


async def handle_config(request):
    return web.json_response(config)


async def handle_login(request):
    uri = request.query['redirect_uri']
    state = request.query['state']
    email = request.query.get('login_hint', '')
    uri += f'?state={state}&code=0000'
    #raise web.HTTPFound(uri)
    return web.Response(text=f'''
    <h1>Login SSO</h1>
    <form method="post">
    <input type="text" name="email" value="{email}" />
    <input type="submit" value="Login" />
    </form>
    ''', content_type='text/html')


async def handle_login_post(request):
    data = await request.post()
    email = data['email']

    uri = request.query['redirect_uri']
    state = request.query['state']
    code = state[::-1]
    cache[code] = email

    uri += f'?state={state}&code={code}'
    raise web.HTTPFound(uri)


async def handle_token(request):
    data = await request.post()
    code = data['code']
    payload = {'email': cache[code]}
    token = jwt.encode(payload, secret_key, algorithm="RS256")
    return web.json_response({"id_token": token})


app = web.Application()
app.add_routes([
    web.get('/.well-known/openid-configuration', handle_config),
    web.get('/login', handle_login),
    web.post('/login', handle_login_post),
    web.post('/token', handle_token),
])

if __name__ == '__main__':
    print(jwt.encode({'iss': 'http://localhost', 'email': 'ttoto', 'aud': 'foo'}, secret_key, algorithm="RS256"))
    web.run_app(app, host='*', port=8000)