mirror of
https://mau.dev/maunium/synapse.git
synced 2024-10-01 01:36:05 -04:00
parent
0a00b7ff14
commit
33f64ca7d6
1
changelog.d/9384.misc
Normal file
1
changelog.d/9384.misc
Normal file
@ -0,0 +1 @@
|
|||||||
|
Allow OIDC config to override discovered values.
|
@ -383,22 +383,31 @@ class OidcProvider:
|
|||||||
return await self._provider_metadata.get()
|
return await self._provider_metadata.get()
|
||||||
|
|
||||||
async def _load_metadata(self) -> OpenIDProviderMetadata:
|
async def _load_metadata(self) -> OpenIDProviderMetadata:
|
||||||
# init the metadata from our config
|
# start out with just the issuer (unlike the other settings, discovered issuer
|
||||||
metadata = OpenIDProviderMetadata(
|
# takes precedence over configured issuer, because configured issuer is
|
||||||
issuer=self._config.issuer,
|
# required for discovery to take place.)
|
||||||
authorization_endpoint=self._config.authorization_endpoint,
|
#
|
||||||
token_endpoint=self._config.token_endpoint,
|
metadata = OpenIDProviderMetadata(issuer=self._config.issuer)
|
||||||
userinfo_endpoint=self._config.userinfo_endpoint,
|
|
||||||
jwks_uri=self._config.jwks_uri,
|
|
||||||
)
|
|
||||||
|
|
||||||
# load any data from the discovery endpoint, if enabled
|
# load any data from the discovery endpoint, if enabled
|
||||||
if self._config.discover:
|
if self._config.discover:
|
||||||
url = get_well_known_url(self._config.issuer, external=True)
|
url = get_well_known_url(self._config.issuer, external=True)
|
||||||
metadata_response = await self._http_client.get_json(url)
|
metadata_response = await self._http_client.get_json(url)
|
||||||
# TODO: maybe update the other way around to let user override some values?
|
|
||||||
metadata.update(metadata_response)
|
metadata.update(metadata_response)
|
||||||
|
|
||||||
|
# override any discovered data with any settings in our config
|
||||||
|
if self._config.authorization_endpoint:
|
||||||
|
metadata["authorization_endpoint"] = self._config.authorization_endpoint
|
||||||
|
|
||||||
|
if self._config.token_endpoint:
|
||||||
|
metadata["token_endpoint"] = self._config.token_endpoint
|
||||||
|
|
||||||
|
if self._config.userinfo_endpoint:
|
||||||
|
metadata["userinfo_endpoint"] = self._config.userinfo_endpoint
|
||||||
|
|
||||||
|
if self._config.jwks_uri:
|
||||||
|
metadata["jwks_uri"] = self._config.jwks_uri
|
||||||
|
|
||||||
self._validate_metadata(metadata)
|
self._validate_metadata(metadata)
|
||||||
|
|
||||||
return metadata
|
return metadata
|
||||||
|
Loading…
Reference in New Issue
Block a user