sources/oauth: strip parts of custom apple client_id

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-13 23:26:00 +01:00 · 2021-12-13 23:26:00 +01:00 · 728c8e994d
parent 5290b64415
commit 728c8e994d
1 changed files with 6 additions and 6 deletions
--- a/authentik/sources/oauth/types/apple.py
+++ b/authentik/sources/oauth/types/apple.py
@ -17,14 +17,14 @@ class AppleOAuthClient(OAuth2Client):
    """Apple OAuth2 client"""
    def get_client_id(self) -> str:
-        parts = self.source.consumer_key.split(";")
+        parts: list[str] = self.source.consumer_key.split(";")
        if len(parts) < 3:
            return self.source.consumer_key
-        return parts[0]
+        return parts[0].strip()
    def get_client_secret(self) -> str:
        now = time()
-        parts = self.source.consumer_key.split(";")
+        parts: list[str] = self.source.consumer_key.split(";")
        if len(parts) < 3:
            raise ValueError(
                (
@ -34,14 +34,14 @@ class AppleOAuthClient(OAuth2Client):
            )
        LOGGER.debug("got values from client_id", team=parts[1], kid=parts[2])
        payload = {
-            "iss": parts[1],
+            "iss": parts[1].strip(),
            "iat": now,
            "exp": now + 86400 * 180,
            "aud": "https://appleid.apple.com",
-            "sub": parts[0],
+            "sub": parts[0].strip(),
        }
        # pyright: reportGeneralTypeIssues=false
-        jwt = encode(payload, self.source.consumer_secret, "ES256", {"kid": parts[2]})
+        jwt = encode(payload, self.source.consumer_secret, "ES256", {"kid": parts[2].strip()})
        LOGGER.debug("signing payload as secret key", payload=payload, jwt=jwt)
        return jwt