Update DashboardOIDC.py

Testing more with OIDC
2025-07-13 16:46:58 +00:00 · 2025-07-01 13:06:16 +08:00 · 2025-07-01 13:06:16 +08:00 · a619e7f571
commit a619e7f571
parent 491119d676
1 changed files with 68 additions and 54 deletions
--- a/src/modules/DashboardOIDC.py
+++ b/src/modules/DashboardOIDC.py
@ -3,6 +3,7 @@ import json
 import requests
 from jose import jwt
 import certifi
+from flask import current_app


 class DashboardOIDC:
@ -29,14 +30,22 @@ class DashboardOIDC:
        providers = {}
        for k in self.providers.keys():
            if all([self.providers[k]['client_id'], self.providers[k]['client_secret'], self.providers[k]['issuer']]):
+                try:
+                    oidc_config = requests.get(
+                        f"{self.providers[k]['issuer'].strip('/')}/.well-known/openid-configuration",
+                        verify=certifi.where()
+                    ).json()
                    providers[k] = {
                        'client_id': self.providers[k]['client_id'],
                        'issuer': self.providers[k]['issuer'].strip('/')
                    }
+                except Exception as e:
+                    current_app.logger.error("Failed to request OIDC config for this provider: " + self.providers[k]['issuer'].strip('/'), exc_info=e)
        
        return providers
    
    def VerifyToken(self, provider, code, redirect_uri):
+        try:
            if not all([provider, code, redirect_uri]):
                return False, ""

@ -65,13 +74,11 @@ class DashboardOIDC:
            except Exception as e:
                return False, str(e)
            
-    
-        
            id_token = tokens.get('id_token')
            jwks_uri = oidc_config.get("jwks_uri")
            issuer = oidc_config.get("issuer")
            jwks = requests.get(jwks_uri, verify=certifi.where()).json()
-        print(jwks)
+    
            headers = jwt.get_unverified_header(id_token)
            kid = headers["kid"]
    
@ -86,10 +93,17 @@ class DashboardOIDC:
            )
    
            return True, payload
+        except Exception as e:
+            current_app.logger.error('Read OIDC file failed. Reason: ' + str(e), provider, code, redirect_uri)
+            return False, str(e)
        
    
    def ReadFile(self):
        decoder = json.JSONDecoder()
+        try:
            self.providers = decoder.decode(
                open(DashboardOIDC.ConfigurationFilePath, 'r').read()
            )
+        except Exception as e:
+            current_app.logger.error('Read OIDC file failed. Reason: ' + str(e))
+            return False