diff options
author | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2021-02-16 22:33:09 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-02-16 22:33:09 +0000 |
commit | 33f64ca7d66c099c2f774ee2b5dd75eac008e345 (patch) | |
tree | ad8b40104eedf64636bcd2df69747c7cbee5f19e /synapse/handlers | |
parent | Update black, and run auto formatting over the codebase (#9381) (diff) | |
download | synapse-33f64ca7d66c099c2f774ee2b5dd75eac008e345.tar.xz |
Allow OIDC config to override discovered values (#9384)
Fixes #9347
Diffstat (limited to 'synapse/handlers')
-rw-r--r-- | synapse/handlers/oidc_handler.py | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/synapse/handlers/oidc_handler.py b/synapse/handlers/oidc_handler.py index 702bfb8bc9..c00b9c57c6 100644 --- a/synapse/handlers/oidc_handler.py +++ b/synapse/handlers/oidc_handler.py @@ -383,22 +383,31 @@ class OidcProvider: return await self._provider_metadata.get() async def _load_metadata(self) -> OpenIDProviderMetadata: - # init the metadata from our config - metadata = OpenIDProviderMetadata( - issuer=self._config.issuer, - authorization_endpoint=self._config.authorization_endpoint, - token_endpoint=self._config.token_endpoint, - userinfo_endpoint=self._config.userinfo_endpoint, - jwks_uri=self._config.jwks_uri, - ) + # start out with just the issuer (unlike the other settings, discovered issuer + # takes precedence over configured issuer, because configured issuer is + # required for discovery to take place.) + # + metadata = OpenIDProviderMetadata(issuer=self._config.issuer) # load any data from the discovery endpoint, if enabled if self._config.discover: url = get_well_known_url(self._config.issuer, external=True) metadata_response = await self._http_client.get_json(url) - # TODO: maybe update the other way around to let user override some values? metadata.update(metadata_response) + # override any discovered data with any settings in our config + if self._config.authorization_endpoint: + metadata["authorization_endpoint"] = self._config.authorization_endpoint + + if self._config.token_endpoint: + metadata["token_endpoint"] = self._config.token_endpoint + + if self._config.userinfo_endpoint: + metadata["userinfo_endpoint"] = self._config.userinfo_endpoint + + if self._config.jwks_uri: + metadata["jwks_uri"] = self._config.jwks_uri + self._validate_metadata(metadata) return metadata |