@@ -383,22 +383,31 @@ async def load_metadata(self, force: bool = False) -> OpenIDProviderMetadata:
383383 return await self ._provider_metadata .get ()
384384
385385 async def _load_metadata (self ) -> OpenIDProviderMetadata :
386- # init the metadata from our config
387- metadata = OpenIDProviderMetadata (
388- issuer = self ._config .issuer ,
389- authorization_endpoint = self ._config .authorization_endpoint ,
390- token_endpoint = self ._config .token_endpoint ,
391- userinfo_endpoint = self ._config .userinfo_endpoint ,
392- jwks_uri = self ._config .jwks_uri ,
393- )
386+ # start out with just the issuer (unlike the other settings, discovered issuer
387+ # takes precedence over configured issuer, because configured issuer is
388+ # required for discovery to take place.)
389+ #
390+ metadata = OpenIDProviderMetadata (issuer = self ._config .issuer )
394391
395392 # load any data from the discovery endpoint, if enabled
396393 if self ._config .discover :
397394 url = get_well_known_url (self ._config .issuer , external = True )
398395 metadata_response = await self ._http_client .get_json (url )
399- # TODO: maybe update the other way around to let user override some values?
400396 metadata .update (metadata_response )
401397
398+ # override any discovered data with any settings in our config
399+ if self ._config .authorization_endpoint :
400+ metadata ["authorization_endpoint" ] = self ._config .authorization_endpoint
401+
402+ if self ._config .token_endpoint :
403+ metadata ["token_endpoint" ] = self ._config .token_endpoint
404+
405+ if self ._config .userinfo_endpoint :
406+ metadata ["userinfo_endpoint" ] = self ._config .userinfo_endpoint
407+
408+ if self ._config .jwks_uri :
409+ metadata ["jwks_uri" ] = self ._config .jwks_uri
410+
402411 self ._validate_metadata (metadata )
403412
404413 return metadata
0 commit comments