make user_info_endpoint_url independent of auth_url

Client should be able to create a token using “auth_url” (e.g. ”https://keycloak:7443/auth”) Server should be able to validate the token using “user_info_endpoint_url” (e.g. “https://cbnd:9443/something/custom”) also be backward compatible Change-Id: I437fde40345af52483cc764e5dc6a1f55f1b3e88
2018-10-14 09:21:14 +03:00 · 2018-10-14 09:21:14 +03:00 · ae23de737d
parent 9be7e928d6
commit ae23de737d
1 changed files with 8 additions and 4 deletions
--- a/mistral/auth/keycloak.py
+++ b/mistral/auth/keycloak.py
@ -67,10 +67,14 @@ class KeycloakAuthHandler(auth.AuthHandler):
        # available in KeyCloak starting only with version 1.8.Final so we have
        # to use user info endpoint which also takes exactly one parameter
        # (access token) and replies with error if token is invalid.
-        user_info_endpoint = (
-            ("%s" + CONF.keycloak_oidc.user_info_endpoint_url) %
-            (CONF.keycloak_oidc.auth_url, realm_name)
-        )
+        user_info_endpoint_url = CONF.keycloak_oidc.user_info_endpoint_url
+
+        if user_info_endpoint_url.startswith(('http://', 'https://')):
+            user_info_endpoint = user_info_endpoint_url
+        else:
+            user_info_endpoint = (
+                ("%s" + user_info_endpoint_url) %
+                (CONF.keycloak_oidc.auth_url, realm_name))

        verify = None
        if urllib.parse.urlparse(user_info_endpoint).scheme == "https":