Test relying on OIDC_ISSUER instead of USER_API

uc-cdis · Apr 11, 2024 · 82d4bc3 · 82d4bc3
1 parent 9f06ff0
commit 82d4bc3
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 4 deletions.
diff --git a/sheepdog/blueprint/routes/views/__init__.py b/sheepdog/blueprint/routes/views/__init__.py
@@ -58,7 +58,8 @@ def get_programs():
     if flask.current_app.config.get("AUTH_SUBMISSION_LIST", True) is True:
         auth.validate_request(
             scope={"openid"},
-            audience=flask.current_app.config.get("USER_API"),
+            audience=flask.current_app.config.get("OIDC_ISSUER")
+            or flask.current_app.config.get("USER_API"),
             purpose=None,
         )
     with flask.current_app.db.session_scope():

diff --git a/sheepdog/blueprint/routes/views/program/__init__.py b/sheepdog/blueprint/routes/views/program/__init__.py
@@ -61,7 +61,8 @@ def get_projects(program):
     if flask.current_app.config.get("AUTH_SUBMISSION_LIST", True) is True:
         auth.validate_request(
             scope={"openid"},
-            audience=flask.current_app.config.get("USER_API"),
+            audience=flask.current_app.config.get("OIDC_ISSUER")
+            or flask.current_app.config.get("USER_API"),
             purpose=None,
         )
     with flask.current_app.db.session_scope():

diff --git a/sheepdog/blueprint/routes/views/program/project.py b/sheepdog/blueprint/routes/views/program/project.py
@@ -135,7 +135,8 @@ def get_project_dictionary(program=None, project=None):
     if flask.current_app.config.get("AUTH_SUBMISSION_LIST", True) is True:
         auth.validate_request(
             scope={"openid"},
-            audience=flask.current_app.config.get("USER_API"),
+            audience=flask.current_app.config.get("OIDC_ISSUER")
+            or flask.current_app.config.get("USER_API"),
             purpose=None,
         )
     keys = list(dictionary.schema.keys()) + ["_all"]
@@ -235,7 +236,8 @@ def get_project_dictionary_entry(program, project, entry):
     if flask.current_app.config.get("AUTH_SUBMISSION_LIST", True) is True:
         auth.validate_request(
             scope={"openid"},
-            audience=flask.current_app.config.get("USER_API"),
+            audience=flask.current_app.config.get("OIDC_ISSUER")
+            or flask.current_app.config.get("USER_API"),
             purpose=None,
         )
     return get_dictionary_entry(entry)