Added ability to ignore cert for oauth2 provider (#971)
* Added ability to ignore cert for oauth2 provider This is useful for development environments where the OAuth provider doesn't have a valid cert! * Setting default for OAUTH2_VERIFY_CERT to true
This commit is contained in:
parent
14f5340802
commit
9319dda0ec
@ -496,6 +496,13 @@ For more information about how to use social logins, see: `Satellizer <https://g
|
||||
|
||||
OAUTH2_AUTH_ENDPOINT = "https://<youroauthserver>/oauth2/v1/authorize"
|
||||
|
||||
.. data:: OAUTH2_VERIFY_CERT
|
||||
:noindex:
|
||||
|
||||
::
|
||||
|
||||
OAUTH2_VERIFY_CERT = True
|
||||
|
||||
.. data:: GOOGLE_CLIENT_ID
|
||||
:noindex:
|
||||
|
||||
|
@ -289,6 +289,7 @@ class OAuth2(Resource):
|
||||
# you can either discover these dynamically or simply configure them
|
||||
access_token_url = current_app.config.get('OAUTH2_ACCESS_TOKEN_URL')
|
||||
user_api_url = current_app.config.get('OAUTH2_USER_API_URL')
|
||||
verify_cert = current_app.config.get('OAUTH2_VERIFY_CERT', True)
|
||||
|
||||
# the secret and cliendId will be given to you when you signup for the provider
|
||||
token = '{0}:{1}'.format(args['clientId'], current_app.config.get("OAUTH2_SECRET"))
|
||||
@ -302,9 +303,9 @@ class OAuth2(Resource):
|
||||
|
||||
# exchange authorization code for access token.
|
||||
# Try Params first
|
||||
r = requests.post(access_token_url, headers=headers, params=params)
|
||||
r = requests.post(access_token_url, headers=headers, params=params, verify=verify_cert)
|
||||
if r.status_code == 400:
|
||||
r = requests.post(access_token_url, headers=headers, data=params)
|
||||
r = requests.post(access_token_url, headers=headers, data=params, verify=verify_cert)
|
||||
id_token = r.json()['id_token']
|
||||
access_token = r.json()['access_token']
|
||||
|
||||
@ -313,7 +314,7 @@ class OAuth2(Resource):
|
||||
jwks_url = current_app.config.get('OAUTH2_JWKS_URL')
|
||||
|
||||
# retrieve the key material as specified by the token header
|
||||
r = requests.get(jwks_url)
|
||||
r = requests.get(jwks_url, verify=verify_cert)
|
||||
for key in r.json()['keys']:
|
||||
if key['kid'] == header_data['kid']:
|
||||
secret = get_rsa_public_key(key['n'], key['e'])
|
||||
@ -338,7 +339,7 @@ class OAuth2(Resource):
|
||||
headers = {'authorization': 'Bearer {0}'.format(access_token)}
|
||||
|
||||
# retrieve information about the current user.
|
||||
r = requests.get(user_api_url, headers=headers)
|
||||
r = requests.get(user_api_url, headers=headers, verify=verify_cert)
|
||||
profile = r.json()
|
||||
|
||||
user = user_service.get_by_email(profile['email'])
|
||||
|
Loading…
Reference in New Issue
Block a user