From 4e94f5b83ada161aa2bdbeabc0dd0eda845c5e96 Mon Sep 17 00:00:00 2001 From: Anthony LC Date: Thu, 12 Sep 2024 13:37:14 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=82(backend)=20oidc=20userinfo=20endpo?= =?UTF-8?q?int=20json=20format?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The userinfo endpoint can return 2 content types: - application/json - application/jwt Gitlab oidc returns a json object, while Agent Connect oidc returns a jwt token. We are adapting the authentication to handle both cases. --- CHANGELOG.md | 1 + src/backend/core/authentication/backends.py | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3ed62afd..e6fb00ca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ and this project adheres to - 🐛 Fix forcing ID when creating a document via API endpoint #234 - 🐛 Rebuild frontend dev container from makefile #248 +- 🐛 (backend) gitlab oicd userinfo endpoint #232 ## [1.3.0] - 2024-09-05 diff --git a/src/backend/core/authentication/backends.py b/src/backend/core/authentication/backends.py index bfa2c107..7d8b7e89 100644 --- a/src/backend/core/authentication/backends.py +++ b/src/backend/core/authentication/backends.py @@ -18,6 +18,11 @@ class OIDCAuthenticationBackend(MozillaOIDCAuthenticationBackend): in the User and Identity models, and handles signed and/or encrypted UserInfo response. """ + def is_jwt(self, token): + """Check if the token is a JWT token.""" + parts = token.split(".") + return len(parts) == 3 + def get_userinfo(self, access_token, id_token, payload): """Return user details dictionary. @@ -45,7 +50,16 @@ def get_userinfo(self, access_token, id_token, payload): proxies=self.get_settings("OIDC_PROXY", None), ) user_response.raise_for_status() - userinfo = self.verify_token(user_response.text) + + try: + userinfo = ( + self.verify_token(user_response.text) + if self.is_jwt(user_response.text) + else user_response.json() + ) + except ValueError as e: + raise SuspiciousOperation(_("Invalid response format")) from e + return userinfo def get_or_create_user(self, access_token, id_token, payload):