chore: simplify OIDC discovery URL handling

alukach · alukach · commit 2ad4c28780af · 2025-03-14T10:54:45.000-07:00
diff --git a/src/stac_auth_proxy/app.py b/src/stac_auth_proxy/app.py
@@ -90,8 +90,7 @@ def create_app(settings: Optional[Settings] = None) -> FastAPI:
         public_endpoints=settings.public_endpoints,
         private_endpoints=settings.private_endpoints,
         default_public=settings.default_public,
-        oidc_config_url=settings.oidc_discovery_url,
-        oidc_config_internal_url=settings.oidc_discovery_internal_url,
+        oidc_config_url=settings.oidc_discovery_internal_url,
     )
 
     app.add_middleware(
diff --git a/src/stac_auth_proxy/config.py b/src/stac_auth_proxy/config.py
@@ -1,9 +1,9 @@
 """Configuration for the STAC Auth Proxy."""
 
 import importlib
-from typing import Literal, Optional, Sequence, TypeAlias, Union
+from typing import Any, Literal, Optional, Sequence, TypeAlias, Union
 
-from pydantic import BaseModel, Field
+from pydantic import BaseModel, Field, model_validator
 from pydantic.networks import HttpUrl
 from pydantic_settings import BaseSettings, SettingsConfigDict
 
@@ -37,7 +37,7 @@ class Settings(BaseSettings):
     # External URLs
     upstream_url: HttpUrl
     oidc_discovery_url: HttpUrl
-    oidc_discovery_internal_url: Optional[HttpUrl] = None
+    oidc_discovery_internal_url: HttpUrl
 
     wait_for_upstream: bool = True
 
@@ -71,3 +71,11 @@ class Settings(BaseSettings):
     }
 
     model_config = SettingsConfigDict()
+
+    @model_validator(mode="before")
+    @classmethod
+    def default_oidc_discovery_internal_url(cls, data: Any) -> Any:
+        """Set the internal OIDC discovery URL to the public URL if not set."""
+        if not data.get("oidc_discovery_internal_url"):
+            data["oidc_discovery_internal_url"] = data.get("oidc_discovery_url")
+        return data
diff --git a/src/stac_auth_proxy/middleware/EnforceAuthMiddleware.py b/src/stac_auth_proxy/middleware/EnforceAuthMiddleware.py
@@ -27,7 +27,6 @@ class EnforceAuthMiddleware:
     default_public: bool
 
     oidc_config_url: HttpUrl
-    oidc_config_internal_url: Optional[HttpUrl] = None
     allowed_jwt_audiences: Optional[Sequence[str]] = None
 
     state_key: str = "payload"
@@ -40,7 +39,7 @@ def jwks_client(self) -> jwt.PyJWKClient:
         """Get the OIDC configuration URL."""
         if not self._jwks_client:
             logger.debug("Requesting OIDC config")
-            origin_url = str(self.oidc_config_internal_url or self.oidc_config_url)
+            origin_url = str(self.oidc_config_url)
 
             try:
                 response = httpx.get(origin_url)

Original file line number	Diff line number	Diff line change
`@@ -90,8 +90,7 @@ def create_app(settings: Optional[Settings] = None) -> FastAPI:`
`90`	`90`	`public_endpoints=settings.public_endpoints,`
`91`	`91`	`private_endpoints=settings.private_endpoints,`
`92`	`92`	`default_public=settings.default_public,`
`93`		`- oidc_config_url=settings.oidc_discovery_url,`
`94`		`- oidc_config_internal_url=settings.oidc_discovery_internal_url,`
	`93`	`+ oidc_config_url=settings.oidc_discovery_internal_url,`
`95`	`94`	`)`
`96`	`95`
`97`	`96`	`app.add_middleware(`