Enable support in OIDC for endpoints without user info support
The user info endpoint is apparently optional.
This commit is contained in:
Joseph Schorr
parent
9676d7d8c7
commit
751598056e
3 changed files with 100 additions and 100 deletions
|
|
@ -72,7 +72,7 @@ class OIDCLoginService(OAuthService):
|
|||
return self._oidc_config().get('userinfo_endpoint')
|
||||
|
||||
def validate(self):
|
||||
return bool(self.user_endpoint())
|
||||
return bool(self.token_endpoint())
|
||||
|
||||
def validate_client_id_and_secret(self, http_client, app_config):
|
||||
# TODO: find a way to verify client secret too.
|
||||
|
|
@ -119,11 +119,16 @@ class OIDCLoginService(OAuthService):
|
|||
logger.exception('Could not load public key during OIDC decode: %s', pke.message)
|
||||
raise OAuthLoginException('Could find public OIDC key')
|
||||
|
||||
# Retrieve the user information.
|
||||
try:
|
||||
user_info = self.get_user_info(http_client, access_token)
|
||||
except OAuthGetUserInfoException as oge:
|
||||
raise OAuthLoginException(oge.message)
|
||||
# If there is a user endpoint, use it to retrieve the user's information. Otherwise, we use
|
||||
# the decoded ID token.
|
||||
if self.user_endpoint():
|
||||
# Retrieve the user information.
|
||||
try:
|
||||
user_info = self.get_user_info(http_client, access_token)
|
||||
except OAuthGetUserInfoException as oge:
|
||||
raise OAuthLoginException(oge.message)
|
||||
else:
|
||||
user_info = decoded_id_token
|
||||
|
||||
# Verify subs.
|
||||
if user_info['sub'] != decoded_id_token['sub']:
|
||||
|
|
|
|||
Reference in a new issue