make user_info_endpoint_url independent of auth_url

Client should be able to create a token using “auth_url” (e.g. ”https://keycloak:7443/auth”) Server should be able to validate the token using “user_info_endpoint_url” (e.g. “https://cbnd:9443/something/custom”) also be backward compatible Change-Id: I247ae280710cb42c21e0c888f41622fa6dedfe9d
2018-10-15 13:58:01 +00:00 · 2018-10-15 13:58:01 +00:00 · 63f663b760
parent 4ad07d8d01
commit 63f663b760
1 changed files with 8 additions and 5 deletions
--- a/glare/api/middleware/keycloak_auth.py
+++ b/glare/api/middleware/keycloak_auth.py
@ -86,17 +86,20 @@ class KeycloakAuthMiddleware(base_middleware.Middleware):
        self.keyfile = CONF.keycloak_oidc.keyfile
        self.cafile = CONF.keycloak_oidc.cafile or utils.get_system_ca_file()
        self.insecure = CONF.keycloak_oidc.insecure
-        self.url_template = CONF.keycloak_oidc.auth_url + \
-            CONF.keycloak_oidc.user_info_endpoint_url

    def authenticate(self, access_token, realm_name):
        info = None
        if self.mcclient:
            info = self.mcclient.get(access_token)

-        if info is None and CONF.keycloak_oidc.user_info_endpoint_url:
-
-            url = self.url_template % realm_name
+        user_info_endpoint_url = CONF.keycloak_oidc.user_info_endpoint_url
+        if info is None and user_info_endpoint_url:
+            if user_info_endpoint_url.startswith(('http://', 'https://')):
+                url = user_info_endpoint_url
+            else:
+                url_template = CONF.keycloak_oidc.auth_url + \
+                    CONF.keycloak_oidc.user_info_endpoint_url
+                url = url_template % realm_name

            verify = None
            if urllib.parse.urlparse(url).scheme == "https":