github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-06-23 13:37:31 +00:00
Code Issues Projects Releases Wiki Activity

Fix oidc (#8165)

Browse Source
This commit is contained in:
xiaziheng 2022-04-28 16:16:06 +08:00 committed by Jiangjie.Bai
parent 86e6982383
commit b1aadf1ee9
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
apps/authentication/backends/oidc/backends.py
View File

@ -103,9 +103,23 @@ class OIDCAuthCodeBackend(OIDCBaseBackend):
# Prepares the token payload that will be used to request an authentication token to the # Prepares the token payload that will be used to request an authentication token to the
# token endpoint of the OIDC provider. # token endpoint of the OIDC provider.
logger.debug(log_prompt.format('Prepares token payload')) logger.debug(log_prompt.format('Prepares token payload'))
""" The reason for need not client_id and client_secret in token_payload.
OIDC protocol indicate client's token_endpoint_auth_method only accept one type in
- client_secret_basic
- client_secret_post
- client_secret_jwt
- private_key_jwt
- none
If the client offer more than one auth method type to OIDC, OIDC will auth client failed.
OIDC default use client_secret_basic, this type only need in headers add Authorization=Basic xxx.
More info see: https://github.com/jumpserver/jumpserver/issues/8165
"""
token_payload = { token_payload = {
'client_id': settings.AUTH_OPENID_CLIENT_ID, # 'client_id': settings.AUTH_OPENID_CLIENT_ID,
'client_secret': settings.AUTH_OPENID_CLIENT_SECRET, # 'client_secret': settings.AUTH_OPENID_CLIENT_SECRET,
'grant_type': 'authorization_code', 'grant_type': 'authorization_code',
'code': code, 'code': code,
'redirect_uri': build_absolute_uri( 'redirect_uri': build_absolute_uri(