Added ability to ignore cert for oauth2 provider (#971)
* Added ability to ignore cert for oauth2 provider This is useful for development environments where the OAuth provider doesn't have a valid cert! * Setting default for OAUTH2_VERIFY_CERT to true
This commit is contained in:
parent
14f5340802
commit
9319dda0ec
|
@ -496,6 +496,13 @@ For more information about how to use social logins, see: `Satellizer <https://g
|
||||||
|
|
||||||
OAUTH2_AUTH_ENDPOINT = "https://<youroauthserver>/oauth2/v1/authorize"
|
OAUTH2_AUTH_ENDPOINT = "https://<youroauthserver>/oauth2/v1/authorize"
|
||||||
|
|
||||||
|
.. data:: OAUTH2_VERIFY_CERT
|
||||||
|
:noindex:
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
OAUTH2_VERIFY_CERT = True
|
||||||
|
|
||||||
.. data:: GOOGLE_CLIENT_ID
|
.. data:: GOOGLE_CLIENT_ID
|
||||||
:noindex:
|
:noindex:
|
||||||
|
|
||||||
|
|
|
@ -289,6 +289,7 @@ class OAuth2(Resource):
|
||||||
# you can either discover these dynamically or simply configure them
|
# you can either discover these dynamically or simply configure them
|
||||||
access_token_url = current_app.config.get('OAUTH2_ACCESS_TOKEN_URL')
|
access_token_url = current_app.config.get('OAUTH2_ACCESS_TOKEN_URL')
|
||||||
user_api_url = current_app.config.get('OAUTH2_USER_API_URL')
|
user_api_url = current_app.config.get('OAUTH2_USER_API_URL')
|
||||||
|
verify_cert = current_app.config.get('OAUTH2_VERIFY_CERT', True)
|
||||||
|
|
||||||
# the secret and cliendId will be given to you when you signup for the provider
|
# the secret and cliendId will be given to you when you signup for the provider
|
||||||
token = '{0}:{1}'.format(args['clientId'], current_app.config.get("OAUTH2_SECRET"))
|
token = '{0}:{1}'.format(args['clientId'], current_app.config.get("OAUTH2_SECRET"))
|
||||||
|
@ -302,9 +303,9 @@ class OAuth2(Resource):
|
||||||
|
|
||||||
# exchange authorization code for access token.
|
# exchange authorization code for access token.
|
||||||
# Try Params first
|
# Try Params first
|
||||||
r = requests.post(access_token_url, headers=headers, params=params)
|
r = requests.post(access_token_url, headers=headers, params=params, verify=verify_cert)
|
||||||
if r.status_code == 400:
|
if r.status_code == 400:
|
||||||
r = requests.post(access_token_url, headers=headers, data=params)
|
r = requests.post(access_token_url, headers=headers, data=params, verify=verify_cert)
|
||||||
id_token = r.json()['id_token']
|
id_token = r.json()['id_token']
|
||||||
access_token = r.json()['access_token']
|
access_token = r.json()['access_token']
|
||||||
|
|
||||||
|
@ -313,7 +314,7 @@ class OAuth2(Resource):
|
||||||
jwks_url = current_app.config.get('OAUTH2_JWKS_URL')
|
jwks_url = current_app.config.get('OAUTH2_JWKS_URL')
|
||||||
|
|
||||||
# retrieve the key material as specified by the token header
|
# retrieve the key material as specified by the token header
|
||||||
r = requests.get(jwks_url)
|
r = requests.get(jwks_url, verify=verify_cert)
|
||||||
for key in r.json()['keys']:
|
for key in r.json()['keys']:
|
||||||
if key['kid'] == header_data['kid']:
|
if key['kid'] == header_data['kid']:
|
||||||
secret = get_rsa_public_key(key['n'], key['e'])
|
secret = get_rsa_public_key(key['n'], key['e'])
|
||||||
|
@ -338,7 +339,7 @@ class OAuth2(Resource):
|
||||||
headers = {'authorization': 'Bearer {0}'.format(access_token)}
|
headers = {'authorization': 'Bearer {0}'.format(access_token)}
|
||||||
|
|
||||||
# retrieve information about the current user.
|
# retrieve information about the current user.
|
||||||
r = requests.get(user_api_url, headers=headers)
|
r = requests.get(user_api_url, headers=headers, verify=verify_cert)
|
||||||
profile = r.json()
|
profile = r.json()
|
||||||
|
|
||||||
user = user_service.get_by_email(profile['email'])
|
user = user_service.get_by_email(profile['email'])
|
||||||
|
|
Loading…
Reference in New Issue