This is an automated email from the ASF dual-hosted git repository. lahirujayathilake pushed a commit to branch refactoring in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git
commit c8e03750e4935544290c2ea655722ab7b1250de9 Author: lahiruj <[email protected]> AuthorDate: Tue Jul 22 21:06:27 2025 -0400 support for keycloak 24+ --- django_airavata/apps/auth/backends.py | 11 ++++++----- django_airavata/apps/auth/views.py | 7 ++----- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/django_airavata/apps/auth/backends.py b/django_airavata/apps/auth/backends.py index 1987e4b7..bd8292a0 100644 --- a/django_airavata/apps/auth/backends.py +++ b/django_airavata/apps/auth/backends.py @@ -103,8 +103,8 @@ class KeycloakBackend(object): token_url = settings.KEYCLOAK_TOKEN_URL userinfo_url = settings.KEYCLOAK_USERINFO_URL verify_ssl = settings.KEYCLOAK_VERIFY_SSL - oauth2_session = OAuth2Session(client=LegacyApplicationClient( - client_id=client_id)) + scope = ['openid', 'profile', 'email'] + oauth2_session = OAuth2Session(client=LegacyApplicationClient(client_id=client_id), scope=scope) verify = verify_ssl if verify_ssl and hasattr(settings, 'KEYCLOAK_CA_CERTFILE'): verify = settings.KEYCLOAK_CA_CERTFILE @@ -113,7 +113,8 @@ class KeycloakBackend(object): password=password, client_id=client_id, client_secret=client_secret, - verify=verify) + verify=verify, + scope=scope) userinfo = oauth2_session.get(userinfo_url).json() return token, userinfo except InvalidGrantError as e: @@ -133,7 +134,7 @@ class KeycloakBackend(object): redirect_uri = request.session['OAUTH2_REDIRECT_URI'] logger.debug("state={}".format(state)) oauth2_session = OAuth2Session(client_id, - scope='openid', + scope='openid profile email', redirect_uri=redirect_uri, state=state) verify = verify_ssl @@ -159,7 +160,7 @@ class KeycloakBackend(object): token_url = settings.KEYCLOAK_TOKEN_URL userinfo_url = settings.KEYCLOAK_USERINFO_URL verify_ssl = settings.KEYCLOAK_VERIFY_SSL - oauth2_session = OAuth2Session(client_id, scope='openid') + oauth2_session = OAuth2Session(client_id, scope='openid profile email') verify = verify_ssl if verify_ssl and hasattr(settings, 'KEYCLOAK_CA_CERTFILE'): verify = settings.KEYCLOAK_CA_CERTFILE diff --git a/django_airavata/apps/auth/views.py b/django_airavata/apps/auth/views.py index 1c7cf6a5..a05b2480 100644 --- a/django_airavata/apps/auth/views.py +++ b/django_airavata/apps/auth/views.py @@ -78,7 +78,7 @@ def redirect_login(request, idp_alias): if passthrough_query_param in request.GET: redirect_uri += f"&{passthrough_query_param}={quote(request.GET[passthrough_query_param])}" oauth2_session = OAuth2Session( - client_id, scope='openid', redirect_uri=redirect_uri) + client_id, scope='openid profile email', redirect_uri=redirect_uri) authorization_url, state = oauth2_session.authorization_url( base_authorize_url) authorization_url += '&kc_idp_hint=' + quote(idp_alias) @@ -145,10 +145,7 @@ def handle_login(request): def start_logout(request): logout(request) - redirect_url = request.build_absolute_uri( - resolve_url(settings.LOGOUT_REDIRECT_URL)) - return redirect(settings.KEYCLOAK_LOGOUT_URL + - "?redirect_uri=" + quote(redirect_url)) + return redirect(settings.KEYCLOAK_LOGOUT_URL) def callback(request):
