|
@@ -431,6 +431,12 @@ OAUTH_SCOPES = PersistentConfig(
|
|
|
os.environ.get("OAUTH_SCOPES", "openid email profile"),
|
|
os.environ.get("OAUTH_SCOPES", "openid email profile"),
|
|
|
)
|
|
)
|
|
|
|
|
|
|
|
|
|
+OAUTH_TIMEOUT = PersistentConfig(
|
|
|
|
|
+ "OAUTH_TIMEOUT",
|
|
|
|
|
+ "oauth.oidc.oauth_timeout",
|
|
|
|
|
+ os.environ.get("OAUTH_TIMEOUT", 5),
|
|
|
|
|
+)
|
|
|
|
|
+
|
|
|
OAUTH_CODE_CHALLENGE_METHOD = PersistentConfig(
|
|
OAUTH_CODE_CHALLENGE_METHOD = PersistentConfig(
|
|
|
"OAUTH_CODE_CHALLENGE_METHOD",
|
|
"OAUTH_CODE_CHALLENGE_METHOD",
|
|
|
"oauth.oidc.code_challenge_method",
|
|
"oauth.oidc.code_challenge_method",
|
|
@@ -540,7 +546,10 @@ def load_oauth_providers():
|
|
|
client_id=GOOGLE_CLIENT_ID.value,
|
|
client_id=GOOGLE_CLIENT_ID.value,
|
|
|
client_secret=GOOGLE_CLIENT_SECRET.value,
|
|
client_secret=GOOGLE_CLIENT_SECRET.value,
|
|
|
server_metadata_url="https://accounts.google.com/.well-known/openid-configuration",
|
|
server_metadata_url="https://accounts.google.com/.well-known/openid-configuration",
|
|
|
- client_kwargs={"scope": GOOGLE_OAUTH_SCOPE.value},
|
|
|
|
|
|
|
+ client_kwargs={
|
|
|
|
|
+ "scope": GOOGLE_OAUTH_SCOPE.value,
|
|
|
|
|
+ "timeout": OAUTH_TIMEOUT.value
|
|
|
|
|
+ },
|
|
|
redirect_uri=GOOGLE_REDIRECT_URI.value,
|
|
redirect_uri=GOOGLE_REDIRECT_URI.value,
|
|
|
)
|
|
)
|
|
|
|
|
|
|
@@ -563,6 +572,7 @@ def load_oauth_providers():
|
|
|
server_metadata_url=f"{MICROSOFT_CLIENT_LOGIN_BASE_URL.value}/{MICROSOFT_CLIENT_TENANT_ID.value}/v2.0/.well-known/openid-configuration?appid={MICROSOFT_CLIENT_ID.value}",
|
|
server_metadata_url=f"{MICROSOFT_CLIENT_LOGIN_BASE_URL.value}/{MICROSOFT_CLIENT_TENANT_ID.value}/v2.0/.well-known/openid-configuration?appid={MICROSOFT_CLIENT_ID.value}",
|
|
|
client_kwargs={
|
|
client_kwargs={
|
|
|
"scope": MICROSOFT_OAUTH_SCOPE.value,
|
|
"scope": MICROSOFT_OAUTH_SCOPE.value,
|
|
|
|
|
+ "timeout": OAUTH_TIMEOUT.value
|
|
|
},
|
|
},
|
|
|
redirect_uri=MICROSOFT_REDIRECT_URI.value,
|
|
redirect_uri=MICROSOFT_REDIRECT_URI.value,
|
|
|
)
|
|
)
|
|
@@ -584,7 +594,10 @@ def load_oauth_providers():
|
|
|
authorize_url="https://github.com/login/oauth/authorize",
|
|
authorize_url="https://github.com/login/oauth/authorize",
|
|
|
api_base_url="https://api.github.com",
|
|
api_base_url="https://api.github.com",
|
|
|
userinfo_endpoint="https://api.github.com/user",
|
|
userinfo_endpoint="https://api.github.com/user",
|
|
|
- client_kwargs={"scope": GITHUB_CLIENT_SCOPE.value},
|
|
|
|
|
|
|
+ client_kwargs={
|
|
|
|
|
+ "scope": GITHUB_CLIENT_SCOPE.value,
|
|
|
|
|
+ "timeout": OAUTH_TIMEOUT.value
|
|
|
|
|
+ },
|
|
|
redirect_uri=GITHUB_CLIENT_REDIRECT_URI.value,
|
|
redirect_uri=GITHUB_CLIENT_REDIRECT_URI.value,
|
|
|
)
|
|
)
|
|
|
|
|
|
|
@@ -603,6 +616,7 @@ def load_oauth_providers():
|
|
|
def oidc_oauth_register(client):
|
|
def oidc_oauth_register(client):
|
|
|
client_kwargs = {
|
|
client_kwargs = {
|
|
|
"scope": OAUTH_SCOPES.value,
|
|
"scope": OAUTH_SCOPES.value,
|
|
|
|
|
+ "timeout": OAUTH_TIMEOUT.value
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
if (
|
|
if (
|
Haziq Yusof