sources/oauth: fix oidc well-known parsing (#7248)
This commit is contained in:
parent
cc781cad00
commit
7e213f3ca6
|
@ -71,15 +71,12 @@ class OAuthSourceSerializer(SourceSerializer):
|
|||
text = exc.response.text if exc.response else str(exc)
|
||||
raise ValidationError({"oidc_well_known_url": text})
|
||||
config = well_known_config.json()
|
||||
try:
|
||||
attrs["authorization_url"] = config["authorization_endpoint"]
|
||||
attrs["access_token_url"] = config["token_endpoint"]
|
||||
attrs["profile_url"] = config["userinfo_endpoint"]
|
||||
inferred_oidc_jwks_url = config["jwks_uri"]
|
||||
except (IndexError, KeyError) as exc:
|
||||
raise ValidationError(
|
||||
{"oidc_well_known_url": f"Invalid well-known configuration: {exc}"}
|
||||
)
|
||||
if "issuer" not in config:
|
||||
raise ValidationError({"oidc_well_known_url": "Invalid well-known configuration"})
|
||||
attrs["authorization_url"] = config.get("authorization_endpoint", "")
|
||||
attrs["access_token_url"] = config.get("token_endpoint", "")
|
||||
attrs["profile_url"] = config.get("userinfo_endpoint", "")
|
||||
inferred_oidc_jwks_url = config.get("jwks_uri", "")
|
||||
|
||||
# Prefer user-entered URL to inferred URL to default URL
|
||||
jwks_url = attrs.get("oidc_jwks_url") or inferred_oidc_jwks_url or source_type.oidc_jwks_url
|
||||
|
|
|
@ -38,7 +38,7 @@ def update_well_known_jwks(self: MonitoredTask):
|
|||
for source_attr, config_key in source_attr_key:
|
||||
# Check if we're actually changing anything to only
|
||||
# save when something has changed
|
||||
if getattr(source, source_attr) != config[config_key]:
|
||||
if getattr(source, source_attr, "") != config[config_key]:
|
||||
dirty = True
|
||||
setattr(source, source_attr, config[config_key])
|
||||
except (IndexError, KeyError) as exc:
|
||||
|
|
|
@ -50,6 +50,7 @@ class TestOAuthSource(TestCase):
|
|||
def test_api_validate_openid_connect(self):
|
||||
"""Test API validation (with OIDC endpoints)"""
|
||||
openid_config = {
|
||||
"issuer": "foo",
|
||||
"authorization_endpoint": "http://mock/oauth/authorize",
|
||||
"token_endpoint": "http://mock/oauth/token",
|
||||
"userinfo_endpoint": "http://mock/oauth/userinfo",
|
||||
|
|
Reference in a new issue