From 6bfff1db40b074420f73aaf79b7e27f05b37eb78 Mon Sep 17 00:00:00 2001 From: Darrel O'Pry Date: Sat, 11 Nov 2023 11:53:23 -0500 Subject: [PATCH] fix: Connect Discovery Endpoint redirects --- docs/oidc.rst | 2 +- docs/settings.rst | 2 +- oauth2_provider/settings.py | 2 +- oauth2_provider/urls.py | 6 +++++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/docs/oidc.rst b/docs/oidc.rst index 7a758ed65..88c3b6ffc 100644 --- a/docs/oidc.rst +++ b/docs/oidc.rst @@ -407,7 +407,7 @@ the URLs accordingly. ConnectDiscoveryInfoView ~~~~~~~~~~~~~~~~~~~~~~~~ -Available at ``/o/.well-known/openid-configuration/``, this view provides auto +Available at ``/o/.well-known/openid-configuration``, this view provides auto discovery information to OIDC clients, telling them the JWT issuer to use, the location of the JWKs to verify JWTs with, the token and userinfo endpoints to query, and other details. diff --git a/docs/settings.rst b/docs/settings.rst index a7cac94a1..c64c24954 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -366,7 +366,7 @@ Default: ``""`` The URL of the issuer that is used in the ID token JWT and advertised in the OIDC discovery metadata. Clients use this location to retrieve the OIDC discovery metadata from ``OIDC_ISS_ENDPOINT`` + -``/.well-known/openid-configuration/``. +``/.well-known/openid-configuration``. If unset, the default location is used, eg if ``django-oauth-toolkit`` is mounted at ``/o``, it will be ``/o``. diff --git a/oauth2_provider/settings.py b/oauth2_provider/settings.py index 1672b40df..e608799e1 100644 --- a/oauth2_provider/settings.py +++ b/oauth2_provider/settings.py @@ -295,7 +295,7 @@ def oidc_issuer(self, request): else: raise TypeError("request must be a django or oauthlib request: got %r" % request) abs_url = django_request.build_absolute_uri(reverse("oauth2_provider:oidc-connect-discovery-info")) - return abs_url[: -len("/.well-known/openid-configuration/")] + return abs_url[: -len("/.well-known/openid-configuration")] oauth2_settings = OAuth2ProviderSettings(USER_SETTINGS, DEFAULTS, IMPORT_STRINGS, MANDATORY) diff --git a/oauth2_provider/urls.py b/oauth2_provider/urls.py index 4d23a3a5f..038a7eaf9 100644 --- a/oauth2_provider/urls.py +++ b/oauth2_provider/urls.py @@ -31,8 +31,12 @@ ] oidc_urlpatterns = [ + # .well-known/openid-configuration/ is deprecated + # https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig + # does not specify a trailing slash + # Support for trailing slash should shall be removed in a future release. re_path( - r"^\.well-known/openid-configuration/$", + r"^\.well-known/openid-configuration/?$", views.ConnectDiscoveryInfoView.as_view(), name="oidc-connect-discovery-info", ),