From 52c608f088190b4f712afdc1042551791c737c19 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Jul 18 2024 16:23:46 +0000 Subject: openidc: add token_introspection_endpoint to well-known config flask-oidc expects the server metadata (found at .well-known/openid-configuration, and constructed by this method) to contain a 'token_introspection_endpoint' key in order to validate tokens via introspection, but we aren't setting it. Per @puiterwijk it's a de facto but not de jure standard, and he was trying to follow the spec strictly when writing it. However, we need this to make token auth work with waiverdb now it's relying on flask-oidc to validate the token via introspection, so let's add it. See https://github.com/release-engineering/waiverdb/issues/219 Signed-off-by: Adam Williamson --- diff --git a/ipsilon/providers/openidc/auth.py b/ipsilon/providers/openidc/auth.py index 9c69be8..2e5b732 100644 --- a/ipsilon/providers/openidc/auth.py +++ b/ipsilon/providers/openidc/auth.py @@ -750,6 +750,8 @@ class OpenIDC(ProviderPageBase): 'Authorization'), 'token_endpoint': '%s%s' % (self.cfg.endpoint_url, 'Token'), + 'token_introspection_endpoint': '%s%s' % (self.cfg.endpoint_url, + 'TokenInfo'), 'userinfo_endpoint': '%s%s' % (self.cfg.endpoint_url, 'UserInfo'), 'jwks_uri': '%s%s' % (self.cfg.endpoint_url,