Skip to content

Commit 501a63a

Browse files
c00kiemon5terc00kiemon5ter
committed
opend_connect backend: use PyoidcSettings class to configure pyoidc/oic based clients
Signed-off-by: Ivan Kanakarakis <[email protected]>
1 parent f4f55b0 commit 501a63a

File tree

1 file changed

+8
-5
lines changed

1 file changed

+8
-5
lines changed

src/satosa/backends/openid_connect.py

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
from oic.oic.message import RegistrationRequest
1313
from oic.utils.authn.authn_context import UNSPECIFIED
1414
from oic.utils.authn.client import CLIENT_AUTHN_METHOD
15+
from oic.utils.settings import PyoidcSettings
1516

1617
import satosa.logging_util as lu
1718
from satosa.internal import AuthenticationInformation
@@ -55,10 +56,12 @@ def __init__(self, auth_callback_func, internal_attributes, config, base_url, na
5556
super().__init__(auth_callback_func, internal_attributes, base_url, name)
5657
self.auth_callback_func = auth_callback_func
5758
self.config = config
59+
cfg_verify_ssl = config["client"].get("verify_ssl", True)
60+
oidc_settings = PyoidcSettings(verify_ssl=cfg_verify_ssl)
5861
self.client = _create_client(
59-
config["provider_metadata"],
60-
config["client"]["client_metadata"],
61-
config["client"].get("verify_ssl", True),
62+
provider_metadata=config["provider_metadata"],
63+
client_metadata=config["client"]["client_metadata"],
64+
settings=oidc_settings,
6265
)
6366
if "scope" not in config["client"]["auth_req_params"]:
6467
config["auth_req_params"]["scope"] = "openid"
@@ -243,7 +246,7 @@ def get_metadata_desc(self):
243246
return get_metadata_desc_for_oauth_backend(self.config["provider_metadata"]["issuer"], self.config)
244247

245248

246-
def _create_client(provider_metadata, client_metadata, verify_ssl=True):
249+
def _create_client(provider_metadata, client_metadata, settings=None):
247250
"""
248251
Create a pyoidc client instance.
249252
:param provider_metadata: provider configuration information
@@ -254,7 +257,7 @@ def _create_client(provider_metadata, client_metadata, verify_ssl=True):
254257
:rtype: oic.oic.Client
255258
"""
256259
client = oic.Client(
257-
client_authn_method=CLIENT_AUTHN_METHOD, verify_ssl=verify_ssl
260+
client_authn_method=CLIENT_AUTHN_METHOD, settings=settings
258261
)
259262

260263
# Provider configuration information

0 commit comments

Comments
 (0)