diff options
Diffstat (limited to 'synapse')
| -rw-r--r-- | synapse/handlers/oidc_handler.py | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/synapse/handlers/oidc_handler.py b/synapse/handlers/oidc_handler.py index 702bfb8bc9..c00b9c57c6 100644 --- a/synapse/handlers/oidc_handler.py +++ b/synapse/handlers/oidc_handler.py @@ -383,22 +383,31 @@ class OidcProvider: return await self._provider_metadata.get() async def _load_metadata(self) -> OpenIDProviderMetadata: - # init the metadata from our config - metadata = OpenIDProviderMetadata( - issuer=self._config.issuer, - authorization_endpoint=self._config.authorization_endpoint, - token_endpoint=self._config.token_endpoint, - userinfo_endpoint=self._config.userinfo_endpoint, - jwks_uri=self._config.jwks_uri, - ) + # start out with just the issuer (unlike the other settings, discovered issuer + # takes precedence over configured issuer, because configured issuer is + # required for discovery to take place.) + # + metadata = OpenIDProviderMetadata(issuer=self._config.issuer) # load any data from the discovery endpoint, if enabled if self._config.discover: url = get_well_known_url(self._config.issuer, external=True) metadata_response = await self._http_client.get_json(url) - # TODO: maybe update the other way around to let user override some values? metadata.update(metadata_response) + # override any discovered data with any settings in our config + if self._config.authorization_endpoint: + metadata["authorization_endpoint"] = self._config.authorization_endpoint + + if self._config.token_endpoint: + metadata["token_endpoint"] = self._config.token_endpoint + + if self._config.userinfo_endpoint: + metadata["userinfo_endpoint"] = self._config.userinfo_endpoint + + if self._config.jwks_uri: + metadata["jwks_uri"] = self._config.jwks_uri + self._validate_metadata(metadata) return metadata |