Remove introspection_endpoint from required secrets

The field is not mandatory and some OIDC providers (such as Nextcloud) don't provide it resulting in a key error. Also, refactored client secrets to use json.dumps() for better code readibility. Signed-off-by: Marek Pikuła <marek@serenitycode.dev>
2026-03-25 01:34:45 +01:00 · 2023-04-02 20:13:49 +02:00
parent 87d39e85a6
commit df6f337a25
1 changed files with 12 additions and 14 deletions
--- a/server.py
+++ b/server.py
@@ -55,21 +55,19 @@ if AUTH_TYPE == "oidc":
    oidc_info = response.json()
    app.logger.debug("JSON Dumps for OIDC_INFO:  "+json.dumps(oidc_info))

-    client_secrets = """{
-        "web": {
-            "issuer": \""""+oidc_info["issuer"]+"""\",
-            "auth_uri": \""""+oidc_info["authorization_endpoint"]+"""\",
-            "client_id": \""""+OIDC_CLIENT_ID+"""\",
-            "client_secret": \""""+OIDC_SECRET+"""\",
-            "redirect_uris": [
-                \""""+DOMAIN_NAME+BASE_PATH+"""/oidc_callback"
-            ],
-            "userinfo_uri": \""""+oidc_info["userinfo_endpoint"]+"""\", 
-            "token_uri": \""""+oidc_info["token_endpoint"]+"""\",
-            "token_introspection_uri": \""""+oidc_info["introspection_endpoint"]+"""\"
+    client_secrets = json.dumps(
+        {
+            "web": {
+                "issuer": oidc_info["issuer"],
+                "auth_uri": oidc_info["authorization_endpoint"],
+                "client_id": OIDC_CLIENT_ID,
+                "client_secret": OIDC_SECRET,
+                "redirect_uris": [DOMAIN_NAME + BASE_PATH + "/oidc_callback"],
+                "userinfo_uri": oidc_info["userinfo_endpoint"],
+                "token_uri": oidc_info["token_endpoint"],
+            }
        }
-    }
-    """
+    )

    with open("/app/instance/secrets.json", "w+") as secrets_json:
        secrets_json.write(client_secrets)