sources/oauth: fix error whilst fetching user profile when source uses fixed URLs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

authentik/sources/oauth/clients/base.py

@@ -40,8 +40,11 @@ class BaseOAuthClient:
 
     def get_profile_info(self, token: dict[str, str]) -> Optional[dict[str, Any]]:
         "Fetch user profile information."
+        profile_url = self.source.type.profile_url or ""
+        if self.source.type.urls_customizable and self.source.profile_url:
+            profile_url = self.source.profile_url
         try:
-            response = self.do_request("get", self.source.profile_url, token=token)
+            response = self.do_request("get", profile_url, token=token)
             response.raise_for_status()
         except RequestException as exc:
             LOGGER.warning("Unable to fetch user profile", exc=exc)
@@ -60,16 +63,16 @@ class BaseOAuthClient:
         args.update(additional)
         params = urlencode(args)
         LOGGER.info("redirect args", **args)
-        base_url = self.source.type.authorization_url
-        if self.source.authorization_url:
-            base_url = self.source.authorization_url
-        if base_url == "":
+        authorization_url = self.source.type.authorization_url or ""
+        if self.source.type.urls_customizable and self.source.authorization_url:
+            authorization_url = self.source.authorization_url
+        if authorization_url == "":
             Event.new(
                 EventAction.CONFIGURATION_ERROR,
                 source=self.source,
                 message="Source has an empty authorization URL.",
             ).save()
-        return f"{base_url}?{params}"
+        return f"{authorization_url}?{params}"
 
     def parse_raw_token(self, raw_token: str) -> dict[str, Any]:
         "Parse token and secret from raw token response."

authentik/sources/oauth/clients/oauth1.py

@@ -28,8 +28,8 @@ class OAuthClient(BaseOAuthClient):
         if raw_token is not None and verifier is not None:
             token = self.parse_raw_token(raw_token)
             try:
-                access_token_url: str = self.source.type.access_token_url or ""
-                if self.source.access_token_url:
+                access_token_url = self.source.type.access_token_url or ""
+                if self.source.type.urls_customizable and self.source.access_token_url:
                     access_token_url = self.source.access_token_url
                 response = self.do_request(
                     "post",
@@ -51,8 +51,8 @@ class OAuthClient(BaseOAuthClient):
         "Fetch the OAuth request token. Only required for OAuth 1.0."
         callback = self.request.build_absolute_uri(self.callback)
         try:
-            request_token_url: str = self.source.type.request_token_url or ""
-            if self.source.request_token_url:
+            request_token_url = self.source.type.request_token_url or ""
+            if self.source.type.urls_customizable and self.source.request_token_url:
                 request_token_url = self.source.request_token_url
             response = self.do_request(
                 "post",

authentik/sources/oauth/clients/oauth2.py

@@ -57,7 +57,7 @@ class OAuth2Client(BaseOAuthClient):
             return None
         try:
             access_token_url = self.source.type.access_token_url or ""
-            if self.source.access_token_url:
+            if self.source.type.urls_customizable and self.source.access_token_url:
                 access_token_url = self.source.access_token_url
             response = self.session.request(
                 "post",

web/src/pages/sources/oauth/OAuthSourceViewPage.ts

@@ -99,7 +99,7 @@ export class OAuthSourceViewPage extends LitElement {
                                                 <span class="pf-c-description-list__text">${t`Authorization URL`}</span>
                                             </dt>
                                             <dd class="pf-c-description-list__description">
-                                                <div class="pf-c-description-list__text">${this.source.authorizationUrl}</div>
+                                                <div class="pf-c-description-list__text">${this.source.type?.authorizationUrl || this.source.authorizationUrl}</div>
                                             </dd>
                                         </div>
                                         <div class="pf-c-description-list__group">
@@ -107,7 +107,7 @@ export class OAuthSourceViewPage extends LitElement {
                                                 <span class="pf-c-description-list__text">${t`Token URL`}</span>
                                             </dt>
                                             <dd class="pf-c-description-list__description">
-                                                <div class="pf-c-description-list__text">${this.source.accessTokenUrl}</div>
+                                                <div class="pf-c-description-list__text">${this.source.type?.accessTokenUrl || this.source.accessTokenUrl}</div>
                                             </dd>
                                         </div>
                                     </dl>