diff --git a/authentik/sources/oauth/clients/base.py b/authentik/sources/oauth/clients/base.py index 533411ad0..c62bb285e 100644 --- a/authentik/sources/oauth/clients/base.py +++ b/authentik/sources/oauth/clients/base.py @@ -40,8 +40,11 @@ class BaseOAuthClient: def get_profile_info(self, token: dict[str, str]) -> Optional[dict[str, Any]]: "Fetch user profile information." + profile_url = self.source.type.profile_url or "" + if self.source.type.urls_customizable and self.source.profile_url: + profile_url = self.source.profile_url try: - response = self.do_request("get", self.source.profile_url, token=token) + response = self.do_request("get", profile_url, token=token) response.raise_for_status() except RequestException as exc: LOGGER.warning("Unable to fetch user profile", exc=exc) @@ -60,16 +63,16 @@ class BaseOAuthClient: args.update(additional) params = urlencode(args) LOGGER.info("redirect args", **args) - base_url = self.source.type.authorization_url - if self.source.authorization_url: - base_url = self.source.authorization_url - if base_url == "": + authorization_url = self.source.type.authorization_url or "" + if self.source.type.urls_customizable and self.source.authorization_url: + authorization_url = self.source.authorization_url + if authorization_url == "": Event.new( EventAction.CONFIGURATION_ERROR, source=self.source, message="Source has an empty authorization URL.", ).save() - return f"{base_url}?{params}" + return f"{authorization_url}?{params}" def parse_raw_token(self, raw_token: str) -> dict[str, Any]: "Parse token and secret from raw token response." diff --git a/authentik/sources/oauth/clients/oauth1.py b/authentik/sources/oauth/clients/oauth1.py index 5be26c5cc..771f4cbc5 100644 --- a/authentik/sources/oauth/clients/oauth1.py +++ b/authentik/sources/oauth/clients/oauth1.py @@ -28,8 +28,8 @@ class OAuthClient(BaseOAuthClient): if raw_token is not None and verifier is not None: token = self.parse_raw_token(raw_token) try: - access_token_url: str = self.source.type.access_token_url or "" - if self.source.access_token_url: + access_token_url = self.source.type.access_token_url or "" + if self.source.type.urls_customizable and self.source.access_token_url: access_token_url = self.source.access_token_url response = self.do_request( "post", @@ -51,8 +51,8 @@ class OAuthClient(BaseOAuthClient): "Fetch the OAuth request token. Only required for OAuth 1.0." callback = self.request.build_absolute_uri(self.callback) try: - request_token_url: str = self.source.type.request_token_url or "" - if self.source.request_token_url: + request_token_url = self.source.type.request_token_url or "" + if self.source.type.urls_customizable and self.source.request_token_url: request_token_url = self.source.request_token_url response = self.do_request( "post", diff --git a/authentik/sources/oauth/clients/oauth2.py b/authentik/sources/oauth/clients/oauth2.py index c6a6f4248..27443de2b 100644 --- a/authentik/sources/oauth/clients/oauth2.py +++ b/authentik/sources/oauth/clients/oauth2.py @@ -57,7 +57,7 @@ class OAuth2Client(BaseOAuthClient): return None try: access_token_url = self.source.type.access_token_url or "" - if self.source.access_token_url: + if self.source.type.urls_customizable and self.source.access_token_url: access_token_url = self.source.access_token_url response = self.session.request( "post", diff --git a/web/src/pages/sources/oauth/OAuthSourceViewPage.ts b/web/src/pages/sources/oauth/OAuthSourceViewPage.ts index f49619f98..7b011fcd8 100644 --- a/web/src/pages/sources/oauth/OAuthSourceViewPage.ts +++ b/web/src/pages/sources/oauth/OAuthSourceViewPage.ts @@ -99,7 +99,7 @@ export class OAuthSourceViewPage extends LitElement { ${t`Authorization URL`}
-
${this.source.authorizationUrl}
+
${this.source.type?.authorizationUrl || this.source.authorizationUrl}
@@ -107,7 +107,7 @@ export class OAuthSourceViewPage extends LitElement { ${t`Token URL`}
-
${this.source.accessTokenUrl}
+
${this.source.type?.accessTokenUrl || this.source.accessTokenUrl}