From 7628feb32e84c9cb3b86e9e2a1b5d1403bc609a6 Mon Sep 17 00:00:00 2001 From: Nick Downs Date: Mon, 27 Jan 2025 10:06:41 -0800 Subject: [PATCH 1/6] rebased upstream changes --- social_core/backends/okta.py | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/social_core/backends/okta.py b/social_core/backends/okta.py index 96b74be6..80cce0e2 100644 --- a/social_core/backends/okta.py +++ b/social_core/backends/okta.py @@ -2,8 +2,7 @@ Okta OAuth2 and OpenIdConnect: https://python-social-auth.readthedocs.io/en/latest/backends/okta.html """ - -from urllib.parse import urljoin +from urllib.parse import urljoin, urlparse, urlunparse from ..utils import append_slash from .oauth import BaseOAuth2 @@ -23,10 +22,20 @@ def _url(self, path): return urljoin(append_slash(self.setting("API_URL")), path) def oidc_config(self): + # https://developer.okta.com/docs/reference/api/oidc/#well-known-openid-configuration + url = urlparse(self.api_url()) + + # If the URL path does not contain an authorizedServerId, we need + # to truncate the path in order to generate a proper openid-configuration + # URL. + if url.path == "/oauth2/": + url = url._replace(path='') + return self.get_json( - self._url( - "/.well-known/openid-configuration?client_id={}".format( - self.setting("KEY") + urljoin( + urlunparse(url), + './.well-known/openid-configuration?client_id={}'.format( + self.setting('KEY') ) ) ) From 8cc82c55c4847230fa3a9e8773d42fdd4288bd6e Mon Sep 17 00:00:00 2001 From: Nick Downs Date: Mon, 27 Jan 2025 10:09:17 -0800 Subject: [PATCH 2/6] rebase --- social_core/backends/okta.py | 14 +++++------ social_core/tests/backends/test_okta.py | 32 ++++++++++++++----------- 2 files changed, 25 insertions(+), 21 deletions(-) diff --git a/social_core/backends/okta.py b/social_core/backends/okta.py index 80cce0e2..35459106 100644 --- a/social_core/backends/okta.py +++ b/social_core/backends/okta.py @@ -21,7 +21,7 @@ def access_token_url(self): def _url(self, path): return urljoin(append_slash(self.setting("API_URL")), path) - def oidc_config(self): + def oidc_config_url(self): # https://developer.okta.com/docs/reference/api/oidc/#well-known-openid-configuration url = urlparse(self.api_url()) @@ -31,15 +31,15 @@ def oidc_config(self): if url.path == "/oauth2/": url = url._replace(path='') - return self.get_json( - urljoin( - urlunparse(url), - './.well-known/openid-configuration?client_id={}'.format( - self.setting('KEY') - ) + return urljoin( + urlunparse(url), + './.well-known/openid-configuration?client_id={}'.format( + self.setting('KEY') ) ) + def oidc_config(self): + return self.get_json(self.oidc_config_url()) class OktaOAuth2(OktaMixin, BaseOAuth2): """Okta OAuth authentication backend""" diff --git a/social_core/tests/backends/test_okta.py b/social_core/tests/backends/test_okta.py index 9fb91cad..893fc3f7 100644 --- a/social_core/tests/backends/test_okta.py +++ b/social_core/tests/backends/test_okta.py @@ -156,18 +156,22 @@ def jwks(_request, _uri, headers): body=json.dumps({"keys": [self.public_key]}), ) - self.backend.JWKS_URI = oidc_config.get("jwks_uri") - self.backend.ID_TOKEN_ISSUER = oidc_config.get("issuer") - - def pre_complete_callback(self, start_url): - super().pre_complete_callback(start_url) - HTTPretty.register_uri( - "GET", - uri=self.backend.userinfo_url(), - status=200, - body=json.dumps({"preferred_username": self.expected_username}), - content_type="text/json", + self.backend.JWKS_URI = oidc_config.get('jwks_uri') + self.backend.ID_TOKEN_ISSUER = oidc_config.get('issuer') + + def test_okta_oidc_config(self): + # With no custom authorization server + self.strategy.set_settings({ + 'SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL': 'https://dev-000000.oktapreview.com/oauth2', + }) + self.assertEqual( + self.backend.oidc_config_url(), + 'https://dev-000000.oktapreview.com/.well-known/openid-configuration?client_id=a-key' + ) + self.strategy.set_settings({ + 'SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL': 'https://dev-000000.oktapreview.com/oauth2/id-123456', + }) + self.assertEqual( + self.backend.oidc_config_url(), + 'https://dev-000000.oktapreview.com/oauth2/id-123456/.well-known/openid-configuration?client_id=a-key' ) - - def test_everything_works(self): - self.do_login() From fe1d3026a9196490f1d5312c69fa23f7797f923d Mon Sep 17 00:00:00 2001 From: Nick Downs Date: Thu, 3 Feb 2022 10:24:12 -0800 Subject: [PATCH 3/6] double to single quotes --- social_core/backends/okta.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/social_core/backends/okta.py b/social_core/backends/okta.py index 35459106..380bdf09 100644 --- a/social_core/backends/okta.py +++ b/social_core/backends/okta.py @@ -28,7 +28,7 @@ def oidc_config_url(self): # If the URL path does not contain an authorizedServerId, we need # to truncate the path in order to generate a proper openid-configuration # URL. - if url.path == "/oauth2/": + if url.path == '/oauth2/': url = url._replace(path='') return urljoin( From d4aa47197e2a912be47236a65efc3b8e062210af Mon Sep 17 00:00:00 2001 From: Nick Downs Date: Mon, 27 Jan 2025 10:10:15 -0800 Subject: [PATCH 4/6] rebase --- social_core/backends/okta.py | 11 ++++----- social_core/tests/backends/test_okta.py | 30 ++++++++++--------------- 2 files changed, 18 insertions(+), 23 deletions(-) diff --git a/social_core/backends/okta.py b/social_core/backends/okta.py index 380bdf09..e773b992 100644 --- a/social_core/backends/okta.py +++ b/social_core/backends/okta.py @@ -28,19 +28,20 @@ def oidc_config_url(self): # If the URL path does not contain an authorizedServerId, we need # to truncate the path in order to generate a proper openid-configuration # URL. - if url.path == '/oauth2/': - url = url._replace(path='') + if url.path == "/oauth2/": + url = url._replace(path="") return urljoin( urlunparse(url), - './.well-known/openid-configuration?client_id={}'.format( - self.setting('KEY') - ) + "./.well-known/openid-configuration?client_id={}".format( + self.setting("KEY") + ), ) def oidc_config(self): return self.get_json(self.oidc_config_url()) + class OktaOAuth2(OktaMixin, BaseOAuth2): """Okta OAuth authentication backend""" diff --git a/social_core/tests/backends/test_okta.py b/social_core/tests/backends/test_okta.py index 893fc3f7..b0ebcd1f 100644 --- a/social_core/tests/backends/test_okta.py +++ b/social_core/tests/backends/test_okta.py @@ -149,29 +149,23 @@ def setUp(self): def jwks(_request, _uri, headers): return 200, headers, json.dumps({"keys": [self.key]}) - HTTPretty.register_uri( - HTTPretty.GET, - oidc_config.get("jwks_uri"), - status=200, - body=json.dumps({"keys": [self.public_key]}), - ) - - self.backend.JWKS_URI = oidc_config.get('jwks_uri') - self.backend.ID_TOKEN_ISSUER = oidc_config.get('issuer') - def test_okta_oidc_config(self): # With no custom authorization server - self.strategy.set_settings({ - 'SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL': 'https://dev-000000.oktapreview.com/oauth2', - }) + self.strategy.set_settings( + { + "SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL": "https://dev-000000.oktapreview.com/oauth2", + } + ) self.assertEqual( self.backend.oidc_config_url(), - 'https://dev-000000.oktapreview.com/.well-known/openid-configuration?client_id=a-key' + "https://dev-000000.oktapreview.com/.well-known/openid-configuration?client_id=a-key", + ) + self.strategy.set_settings( + { + "SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL": "https://dev-000000.oktapreview.com/oauth2/id-123456", + } ) - self.strategy.set_settings({ - 'SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL': 'https://dev-000000.oktapreview.com/oauth2/id-123456', - }) self.assertEqual( self.backend.oidc_config_url(), - 'https://dev-000000.oktapreview.com/oauth2/id-123456/.well-known/openid-configuration?client_id=a-key' + "https://dev-000000.oktapreview.com/oauth2/id-123456/.well-known/openid-configuration?client_id=a-key", ) From 63d91f134f058797c42d1d145d4d0cf780268e0c Mon Sep 17 00:00:00 2001 From: Nick Downs Date: Mon, 27 Jan 2025 10:11:53 -0800 Subject: [PATCH 5/6] removed unused items --- social_core/tests/backends/test_okta.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/social_core/tests/backends/test_okta.py b/social_core/tests/backends/test_okta.py index b0ebcd1f..5c601d1c 100644 --- a/social_core/tests/backends/test_okta.py +++ b/social_core/tests/backends/test_okta.py @@ -144,10 +144,6 @@ def setUp(self): status=200, body=self.openid_config_body, ) - oidc_config = json.loads(self.openid_config_body) - - def jwks(_request, _uri, headers): - return 200, headers, json.dumps({"keys": [self.key]}) def test_okta_oidc_config(self): # With no custom authorization server From e7c750f8dd60ccf3d24f9c4e8d68c46ad5ae685c Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 18:12:22 +0000 Subject: [PATCH 6/6] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- social_core/backends/okta.py | 1 + 1 file changed, 1 insertion(+) diff --git a/social_core/backends/okta.py b/social_core/backends/okta.py index e773b992..4aa42329 100644 --- a/social_core/backends/okta.py +++ b/social_core/backends/okta.py @@ -2,6 +2,7 @@ Okta OAuth2 and OpenIdConnect: https://python-social-auth.readthedocs.io/en/latest/backends/okta.html """ + from urllib.parse import urljoin, urlparse, urlunparse from ..utils import append_slash