From 7c116acf0f1d2bcd191c95e4b2c982034daa556e Mon Sep 17 00:00:00 2001
From: Jens L <jens@goauthentik.io>
Date: Sat, 13 Jan 2024 16:27:44 +0100
Subject: [PATCH] sources/oauth: fix URLs being overwritten by OIDC urls
 (#8147)

* sources/oauth: fix URLs being overwritten by OIDC urls

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 authentik/sources/oauth/api/source.py       | 15 ++++++++++++---
 authentik/sources/oauth/tests/test_views.py |  3 ---
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/authentik/sources/oauth/api/source.py b/authentik/sources/oauth/api/source.py
index a67dc1802..398ce9671 100644
--- a/authentik/sources/oauth/api/source.py
+++ b/authentik/sources/oauth/api/source.py
@@ -56,6 +56,7 @@ class OAuthSourceSerializer(SourceSerializer):
         """Get source's type configuration"""
         return SourceTypeSerializer(instance.source_type).data
 
+    # pylint: disable=too-many-locals
     def validate(self, attrs: dict) -> dict:
         session = get_http_session()
         source_type = registry.find_type(attrs["provider_type"])
@@ -73,9 +74,17 @@ class OAuthSourceSerializer(SourceSerializer):
             config = well_known_config.json()
             if "issuer" not in config:
                 raise ValidationError({"oidc_well_known_url": "Invalid well-known configuration"})
-            attrs["authorization_url"] = config.get("authorization_endpoint", "")
-            attrs["access_token_url"] = config.get("token_endpoint", "")
-            attrs["profile_url"] = config.get("userinfo_endpoint", "")
+            field_map = {
+                # authentik field to oidc field
+                "authorization_url": "authorization_endpoint",
+                "access_token_url": "token_endpoint",
+                "profile_url": "userinfo_endpoint",
+            }
+            for ak_key, oidc_key in field_map.items():
+                # Don't overwrite user-set values
+                if ak_key in attrs and attrs[ak_key]:
+                    continue
+                attrs[ak_key] = config.get(oidc_key, "")
             inferred_oidc_jwks_url = config.get("jwks_uri", "")
 
         # Prefer user-entered URL to inferred URL to default URL
diff --git a/authentik/sources/oauth/tests/test_views.py b/authentik/sources/oauth/tests/test_views.py
index 46f0584d3..2a849d0a9 100644
--- a/authentik/sources/oauth/tests/test_views.py
+++ b/authentik/sources/oauth/tests/test_views.py
@@ -83,9 +83,6 @@ class TestOAuthSource(APITestCase):
                     "provider_type": "openidconnect",
                     "consumer_key": "foo",
                     "consumer_secret": "foo",
-                    "authorization_url": "http://foo",
-                    "access_token_url": "http://foo",
-                    "profile_url": "http://foo",
                     "oidc_well_known_url": url,
                     "oidc_jwks_url": "",
                 },