sources/oauth: fix oidc well-known parsing (#7248)
This commit is contained in:
parent
cc781cad00
commit
7e213f3ca6
|
@ -71,15 +71,12 @@ class OAuthSourceSerializer(SourceSerializer):
|
||||||
text = exc.response.text if exc.response else str(exc)
|
text = exc.response.text if exc.response else str(exc)
|
||||||
raise ValidationError({"oidc_well_known_url": text})
|
raise ValidationError({"oidc_well_known_url": text})
|
||||||
config = well_known_config.json()
|
config = well_known_config.json()
|
||||||
try:
|
if "issuer" not in config:
|
||||||
attrs["authorization_url"] = config["authorization_endpoint"]
|
raise ValidationError({"oidc_well_known_url": "Invalid well-known configuration"})
|
||||||
attrs["access_token_url"] = config["token_endpoint"]
|
attrs["authorization_url"] = config.get("authorization_endpoint", "")
|
||||||
attrs["profile_url"] = config["userinfo_endpoint"]
|
attrs["access_token_url"] = config.get("token_endpoint", "")
|
||||||
inferred_oidc_jwks_url = config["jwks_uri"]
|
attrs["profile_url"] = config.get("userinfo_endpoint", "")
|
||||||
except (IndexError, KeyError) as exc:
|
inferred_oidc_jwks_url = config.get("jwks_uri", "")
|
||||||
raise ValidationError(
|
|
||||||
{"oidc_well_known_url": f"Invalid well-known configuration: {exc}"}
|
|
||||||
)
|
|
||||||
|
|
||||||
# Prefer user-entered URL to inferred URL to default URL
|
# Prefer user-entered URL to inferred URL to default URL
|
||||||
jwks_url = attrs.get("oidc_jwks_url") or inferred_oidc_jwks_url or source_type.oidc_jwks_url
|
jwks_url = attrs.get("oidc_jwks_url") or inferred_oidc_jwks_url or source_type.oidc_jwks_url
|
||||||
|
|
|
@ -38,7 +38,7 @@ def update_well_known_jwks(self: MonitoredTask):
|
||||||
for source_attr, config_key in source_attr_key:
|
for source_attr, config_key in source_attr_key:
|
||||||
# Check if we're actually changing anything to only
|
# Check if we're actually changing anything to only
|
||||||
# save when something has changed
|
# save when something has changed
|
||||||
if getattr(source, source_attr) != config[config_key]:
|
if getattr(source, source_attr, "") != config[config_key]:
|
||||||
dirty = True
|
dirty = True
|
||||||
setattr(source, source_attr, config[config_key])
|
setattr(source, source_attr, config[config_key])
|
||||||
except (IndexError, KeyError) as exc:
|
except (IndexError, KeyError) as exc:
|
||||||
|
|
|
@ -50,6 +50,7 @@ class TestOAuthSource(TestCase):
|
||||||
def test_api_validate_openid_connect(self):
|
def test_api_validate_openid_connect(self):
|
||||||
"""Test API validation (with OIDC endpoints)"""
|
"""Test API validation (with OIDC endpoints)"""
|
||||||
openid_config = {
|
openid_config = {
|
||||||
|
"issuer": "foo",
|
||||||
"authorization_endpoint": "http://mock/oauth/authorize",
|
"authorization_endpoint": "http://mock/oauth/authorize",
|
||||||
"token_endpoint": "http://mock/oauth/token",
|
"token_endpoint": "http://mock/oauth/token",
|
||||||
"userinfo_endpoint": "http://mock/oauth/userinfo",
|
"userinfo_endpoint": "http://mock/oauth/userinfo",
|
||||||
|
|
Reference in New Issue