Allow OIDC config to override discovered values (#9384)

Fixes #9347
This commit is contained in:
Richard van der Hoff 2021-02-16 22:33:09 +00:00 committed by GitHub
parent 0a00b7ff14
commit 33f64ca7d6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 9 deletions

1
changelog.d/9384.misc Normal file
View file

@ -0,0 +1 @@
Allow OIDC config to override discovered values.

View file

@ -383,22 +383,31 @@ class OidcProvider:
return await self._provider_metadata.get()
async def _load_metadata(self) -> OpenIDProviderMetadata:
# init the metadata from our config
metadata = OpenIDProviderMetadata(
issuer=self._config.issuer,
authorization_endpoint=self._config.authorization_endpoint,
token_endpoint=self._config.token_endpoint,
userinfo_endpoint=self._config.userinfo_endpoint,
jwks_uri=self._config.jwks_uri,
)
# start out with just the issuer (unlike the other settings, discovered issuer
# takes precedence over configured issuer, because configured issuer is
# required for discovery to take place.)
#
metadata = OpenIDProviderMetadata(issuer=self._config.issuer)
# load any data from the discovery endpoint, if enabled
if self._config.discover:
url = get_well_known_url(self._config.issuer, external=True)
metadata_response = await self._http_client.get_json(url)
# TODO: maybe update the other way around to let user override some values?
metadata.update(metadata_response)
# override any discovered data with any settings in our config
if self._config.authorization_endpoint:
metadata["authorization_endpoint"] = self._config.authorization_endpoint
if self._config.token_endpoint:
metadata["token_endpoint"] = self._config.token_endpoint
if self._config.userinfo_endpoint:
metadata["userinfo_endpoint"] = self._config.userinfo_endpoint
if self._config.jwks_uri:
metadata["jwks_uri"] = self._config.jwks_uri
self._validate_metadata(metadata)
return metadata