sources/oauth: fix URLs being overwritten by OIDC urls (#8147)
* sources/oauth: fix URLs being overwritten by OIDC urls Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
85ebbcfb82
commit
7c116acf0f
|
@ -56,6 +56,7 @@ class OAuthSourceSerializer(SourceSerializer):
|
||||||
"""Get source's type configuration"""
|
"""Get source's type configuration"""
|
||||||
return SourceTypeSerializer(instance.source_type).data
|
return SourceTypeSerializer(instance.source_type).data
|
||||||
|
|
||||||
|
# pylint: disable=too-many-locals
|
||||||
def validate(self, attrs: dict) -> dict:
|
def validate(self, attrs: dict) -> dict:
|
||||||
session = get_http_session()
|
session = get_http_session()
|
||||||
source_type = registry.find_type(attrs["provider_type"])
|
source_type = registry.find_type(attrs["provider_type"])
|
||||||
|
@ -73,9 +74,17 @@ class OAuthSourceSerializer(SourceSerializer):
|
||||||
config = well_known_config.json()
|
config = well_known_config.json()
|
||||||
if "issuer" not in config:
|
if "issuer" not in config:
|
||||||
raise ValidationError({"oidc_well_known_url": "Invalid well-known configuration"})
|
raise ValidationError({"oidc_well_known_url": "Invalid well-known configuration"})
|
||||||
attrs["authorization_url"] = config.get("authorization_endpoint", "")
|
field_map = {
|
||||||
attrs["access_token_url"] = config.get("token_endpoint", "")
|
# authentik field to oidc field
|
||||||
attrs["profile_url"] = config.get("userinfo_endpoint", "")
|
"authorization_url": "authorization_endpoint",
|
||||||
|
"access_token_url": "token_endpoint",
|
||||||
|
"profile_url": "userinfo_endpoint",
|
||||||
|
}
|
||||||
|
for ak_key, oidc_key in field_map.items():
|
||||||
|
# Don't overwrite user-set values
|
||||||
|
if ak_key in attrs and attrs[ak_key]:
|
||||||
|
continue
|
||||||
|
attrs[ak_key] = config.get(oidc_key, "")
|
||||||
inferred_oidc_jwks_url = config.get("jwks_uri", "")
|
inferred_oidc_jwks_url = config.get("jwks_uri", "")
|
||||||
|
|
||||||
# Prefer user-entered URL to inferred URL to default URL
|
# Prefer user-entered URL to inferred URL to default URL
|
||||||
|
|
|
@ -83,9 +83,6 @@ class TestOAuthSource(APITestCase):
|
||||||
"provider_type": "openidconnect",
|
"provider_type": "openidconnect",
|
||||||
"consumer_key": "foo",
|
"consumer_key": "foo",
|
||||||
"consumer_secret": "foo",
|
"consumer_secret": "foo",
|
||||||
"authorization_url": "http://foo",
|
|
||||||
"access_token_url": "http://foo",
|
|
||||||
"profile_url": "http://foo",
|
|
||||||
"oidc_well_known_url": url,
|
"oidc_well_known_url": url,
|
||||||
"oidc_jwks_url": "",
|
"oidc_jwks_url": "",
|
||||||
},
|
},
|
||||||
|
|
Reference in a new issue