Skip to content

Bug/okta OIDC configuration url fix #663

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
May 12, 2025
+40 −8
Merged

Bug/okta OIDC configuration url fix #663

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
19c0deb
rebased upstream changes
nickryand Jan 27, 2025
6cfff73
upstream rebase conflict fixes
nickryand May 8, 2025
207c128
double to single quotes
nickryand Feb 3, 2022
49b6ac3
rebase fixes
nickryand May 8, 2025
1f11329
Fixes for rebase
nickryand Jan 27, 2025
c2c8bd1
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Jan 27, 2025
1be7d0c
remove conflict markers
nickryand May 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 19 additions & 8 deletions social_core/backends/okta.py
View file
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@
https://python-social-auth.readthedocs.io/en/latest/backends/okta.html
"""

from urllib.parse import urljoin
from urllib.parse import urljoin, urlparse, urlunparse

from ..utils import append_slash
from .oauth import BaseOAuth2
@@ -22,15 +22,26 @@ def access_token_url(self):
def _url(self, path):
return urljoin(append_slash(self.setting("API_URL")), path)

def oidc_config(self):
return self.get_json(
self._url(
"/.well-known/openid-configuration?client_id={}".format(
self.setting("KEY")
)
)
def oidc_config_url(self):
# https://developer.okta.com/docs/reference/api/oidc/#well-known-openid-configuration
url = urlparse(self.api_url())

# If the URL path does not contain an authorizedServerId, we need
# to truncate the path in order to generate a proper openid-configuration
# URL.
if url.path == "/oauth2/":
url = url._replace(path="")

return urljoin(
urlunparse(url),
"./.well-known/openid-configuration?client_id={}".format(
self.setting("KEY")
),
)

def oidc_config(self):
return self.get_json(self.oidc_config_url())


class OktaOAuth2(OktaMixin, BaseOAuth2):
"""Okta OAuth authentication backend"""
21 changes: 21 additions & 0 deletions social_core/tests/backends/test_okta.py
View file
Original file line number Diff line number Diff line change
@@ -187,3 +187,24 @@ def pre_complete_callback(self, start_url):

def test_everything_works(self):
self.do_login()

def test_okta_oidc_config(self):
# With no custom authorization server
self.strategy.set_settings(
{
"SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL": "https://dev-000000.oktapreview.com/oauth2",
}
)
self.assertEqual(
self.backend.oidc_config_url(),
"https://dev-000000.oktapreview.com/.well-known/openid-configuration?client_id=a-key",
)
self.strategy.set_settings(
{
"SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL": "https://dev-000000.oktapreview.com/oauth2/id-123456",
}
)
self.assertEqual(
self.backend.oidc_config_url(),
"https://dev-000000.oktapreview.com/oauth2/id-123456/.well-known/openid-configuration?client_id=a-key",
)