From 7c116acf0f1d2bcd191c95e4b2c982034daa556e Mon Sep 17 00:00:00 2001 From: Jens L Date: Sat, 13 Jan 2024 16:27:44 +0100 Subject: [PATCH] sources/oauth: fix URLs being overwritten by OIDC urls (#8147) * sources/oauth: fix URLs being overwritten by OIDC urls Signed-off-by: Jens Langhammer * fix tests Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer --- authentik/sources/oauth/api/source.py | 15 ++++++++++++--- authentik/sources/oauth/tests/test_views.py | 3 --- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/authentik/sources/oauth/api/source.py b/authentik/sources/oauth/api/source.py index a67dc1802..398ce9671 100644 --- a/authentik/sources/oauth/api/source.py +++ b/authentik/sources/oauth/api/source.py @@ -56,6 +56,7 @@ class OAuthSourceSerializer(SourceSerializer): """Get source's type configuration""" return SourceTypeSerializer(instance.source_type).data + # pylint: disable=too-many-locals def validate(self, attrs: dict) -> dict: session = get_http_session() source_type = registry.find_type(attrs["provider_type"]) @@ -73,9 +74,17 @@ class OAuthSourceSerializer(SourceSerializer): config = well_known_config.json() if "issuer" not in config: raise ValidationError({"oidc_well_known_url": "Invalid well-known configuration"}) - attrs["authorization_url"] = config.get("authorization_endpoint", "") - attrs["access_token_url"] = config.get("token_endpoint", "") - attrs["profile_url"] = config.get("userinfo_endpoint", "") + field_map = { + # authentik field to oidc field + "authorization_url": "authorization_endpoint", + "access_token_url": "token_endpoint", + "profile_url": "userinfo_endpoint", + } + for ak_key, oidc_key in field_map.items(): + # Don't overwrite user-set values + if ak_key in attrs and attrs[ak_key]: + continue + attrs[ak_key] = config.get(oidc_key, "") inferred_oidc_jwks_url = config.get("jwks_uri", "") # Prefer user-entered URL to inferred URL to default URL diff --git a/authentik/sources/oauth/tests/test_views.py b/authentik/sources/oauth/tests/test_views.py index 46f0584d3..2a849d0a9 100644 --- a/authentik/sources/oauth/tests/test_views.py +++ b/authentik/sources/oauth/tests/test_views.py @@ -83,9 +83,6 @@ class TestOAuthSource(APITestCase): "provider_type": "openidconnect", "consumer_key": "foo", "consumer_secret": "foo", - "authorization_url": "http://foo", - "access_token_url": "http://foo", - "profile_url": "http://foo", "oidc_well_known_url": url, "oidc_jwks_url": "", },