You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2021/06/25 18:26:08 UTC

[airavata-django-portal] 03/03: AIRAVATA-3468 configuration of URLs for retrieving external IDP userinfo

This is an automated email from the ASF dual-hosted git repository.

machristie pushed a commit to branch AIRAVATA-3319-handle-missing-name-and-email-attributes-from-cilo
in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git

commit 77a34135def6c43215687bb8e0a37830ba70b9a0
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Fri Jun 25 13:50:16 2021 -0400

    AIRAVATA-3468 configuration of URLs for retrieving external IDP userinfo
---
 django_airavata/apps/auth/backends.py | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/django_airavata/apps/auth/backends.py b/django_airavata/apps/auth/backends.py
index cc0df6b..1c534ce 100644
--- a/django_airavata/apps/auth/backends.py
+++ b/django_airavata/apps/auth/backends.py
@@ -267,6 +267,17 @@ class KeycloakBackend(object):
 
     def _store_idp_userinfo(self, user, token, idp_alias):
         try:
+            idp_token_url = None
+            userinfo_url = None
+            for auth_option in settings.AUTHENTICATION_OPTIONS['external']:
+                if auth_option['idp_alias'] == idp_alias:
+                    idp_token_url = auth_option.get('idp_token_url')
+                    userinfo_url = auth_option.get('userinfo_url')
+                    break
+            if idp_token_url is None or userinfo_url is None:
+                logger.debug(f"idp_token_url and/or userinfo_url not set for {idp_alias} "
+                             "in AUTHENTICATION_OPTIONS, skipping retrieval of external IDP userinfo")
+                return
             access_token = token['access_token']
             logger.debug(f"access_token={access_token} for idp_alias={idp_alias}")
             # fetch the idp's token
@@ -274,10 +285,10 @@ class KeycloakBackend(object):
             # For the following to work, in Keycloak the IDP should have 'Store
             # Tokens' and 'Stored Tokens Readable' enabled and the user needs
             # the broker/read-token role
-            r = requests.get(f"https://iamdev.scigap.org/auth/realms/seagrid/broker/{idp_alias}/token", headers=headers)
+            r = requests.get(idp_token_url, headers=headers)
             idp_token = r.json()
             idp_headers = {'Authorization': f"Bearer {idp_token['access_token']}"}
-            r = requests.get("https://cilogon.org/oauth2/userinfo", headers=idp_headers)
+            r = requests.get(userinfo_url, headers=idp_headers)
             userinfo = r.json()
             logger.debug(f"userinfo={userinfo}")