velocitatem/cvfs
1
0
Fork 0
mirror of https://github.com/velocitatem/cvfs.git synced 2026-05-31 08:43:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

normalize oidc issuer for authentik

Browse Source
This commit is contained in:
Daniel Rosel
2026-04-03 19:18:27 +02:00
parent dce592c086
commit 9f90b000e2
1 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
dlib/auth/oidc.py
View File

@@ -21,6 +21,15 @@ class TokenValidationError(Exception):
pass pass
def _normalize_issuer(value: str | None) -> str | None:
if not value:
return None
normalized = value.strip()
normalized = normalized.replace("/application/o/authorize/", "/application/o/")
normalized = normalized.replace("/application/o/authorize", "/application/o")
return normalized
class OidcTokenValidator: class OidcTokenValidator:
def __init__( def __init__(
self, self,
@@ -30,12 +39,15 @@ class OidcTokenValidator:
jwks_url: str | None = None, jwks_url: str | None = None,
disable: bool = False, disable: bool = False,
) -> None: ) -> None:
self.issuer = issuer normalized_issuer = _normalize_issuer(issuer)
self.issuer = normalized_issuer
self.audience = audience self.audience = audience
self.jwks_url = jwks_url or ( self.jwks_url = jwks_url or (
f"{issuer.rstrip('/')}/.well-known/jwks.json" if issuer else None f"{normalized_issuer.rstrip('/')}/.well-known/jwks.json"
if normalized_issuer
else None
) )
self.disable = disable or not issuer self.disable = disable or not normalized_issuer
self._jwks: dict[str, Any] | None = None self._jwks: dict[str, Any] | None = None
self._jwks_expiry: float = 0 self._jwks_expiry: float = 0