Compare commits
4 Commits
trustchain
...
version-20
| Author | SHA1 | Date |
|---|---|---|
gcp-cherry-pick-bot[bot]
|
bb9a524b53 | |
|
gcp-cherry-pick-bot[bot]
|
d31c05625b | |
|
gcp-cherry-pick-bot[bot]
|
399223b770 | |
|
gcp-cherry-pick-bot[bot]
|
19197d3f9b |
|
|
@ -56,6 +56,7 @@ class OAuthSourceSerializer(SourceSerializer):
|
|||
"""Get source's type configuration"""
|
||||
return SourceTypeSerializer(instance.source_type).data
|
||||
|
||||
# pylint: disable=too-many-locals
|
||||
def validate(self, attrs: dict) -> dict:
|
||||
session = get_http_session()
|
||||
source_type = registry.find_type(attrs["provider_type"])
|
||||
|
|
@ -73,9 +74,17 @@ class OAuthSourceSerializer(SourceSerializer):
|
|||
config = well_known_config.json()
|
||||
if "issuer" not in config:
|
||||
raise ValidationError({"oidc_well_known_url": "Invalid well-known configuration"})
|
||||
attrs["authorization_url"] = config.get("authorization_endpoint", "")
|
||||
attrs["access_token_url"] = config.get("token_endpoint", "")
|
||||
attrs["profile_url"] = config.get("userinfo_endpoint", "")
|
||||
field_map = {
|
||||
# authentik field to oidc field
|
||||
"authorization_url": "authorization_endpoint",
|
||||
"access_token_url": "token_endpoint",
|
||||
"profile_url": "userinfo_endpoint",
|
||||
}
|
||||
for ak_key, oidc_key in field_map.items():
|
||||
# Don't overwrite user-set values
|
||||
if ak_key in attrs and attrs[ak_key]:
|
||||
continue
|
||||
attrs[ak_key] = config.get(oidc_key, "")
|
||||
inferred_oidc_jwks_url = config.get("jwks_uri", "")
|
||||
|
||||
# Prefer user-entered URL to inferred URL to default URL
|
||||
|
|
|
|||
|
|
@ -44,3 +44,7 @@ class TestTypeAzureAD(TestCase):
|
|||
self.assertEqual(ak_context["username"], AAD_USER["userPrincipalName"])
|
||||
self.assertEqual(ak_context["email"], AAD_USER["mail"])
|
||||
self.assertEqual(ak_context["name"], AAD_USER["displayName"])
|
||||
|
||||
def test_user_id(self):
|
||||
"""Test azure AD user ID"""
|
||||
self.assertEqual(AzureADOAuthCallback().get_user_id(AAD_USER), AAD_USER["id"])
|
||||
|
|
|
|||
|
|
@ -69,9 +69,6 @@ class TestOAuthSource(TestCase):
|
|||
"provider_type": "openidconnect",
|
||||
"consumer_key": "foo",
|
||||
"consumer_secret": "foo",
|
||||
"authorization_url": "http://foo",
|
||||
"access_token_url": "http://foo",
|
||||
"profile_url": "http://foo",
|
||||
"oidc_well_known_url": url,
|
||||
"oidc_jwks_url": "",
|
||||
},
|
||||
|
|
|
|||
|
|
@ -25,6 +25,11 @@ class AzureADOAuthCallback(OpenIDConnectOAuth2Callback):
|
|||
|
||||
client_class = UserprofileHeaderAuthClient
|
||||
|
||||
def get_user_id(self, info: dict[str, str]) -> str:
|
||||
# Default try to get `id` for the Graph API endpoint
|
||||
# fallback to OpenID logic in case the profile URL was changed
|
||||
return info.get("id", super().get_user_id(info))
|
||||
|
||||
def get_user_enroll_context(
|
||||
self,
|
||||
info: dict[str, Any],
|
||||
|
|
@ -50,7 +55,7 @@ class AzureADType(SourceType):
|
|||
|
||||
authorization_url = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
|
||||
access_token_url = "https://login.microsoftonline.com/common/oauth2/v2.0/token" # nosec
|
||||
profile_url = "https://login.microsoftonline.com/common/openid/userinfo"
|
||||
profile_url = "https://graph.microsoft.com/v1.0/me"
|
||||
oidc_well_known_url = (
|
||||
"https://login.microsoftonline.com/common/.well-known/openid-configuration"
|
||||
)
|
||||
|
|
|
|||
|
|
@ -257,7 +257,8 @@ select[multiple] option:checked {
|
|||
.pf-c-login__main-header-desc {
|
||||
color: var(--ak-dark-foreground);
|
||||
}
|
||||
.pf-c-login__main-footer-links-item img {
|
||||
.pf-c-login__main-footer-links-item img,
|
||||
.pf-c-login__main-footer-links-item .fas {
|
||||
filter: invert(1);
|
||||
}
|
||||
.pf-c-login__main-footer-band {
|
||||
|
|
|
|||
Reference in New Issue