(airavata-django-portal) 01/02: included required scopes for keycloak v24

Mon, 28 Apr 2025 03:14:29 -0700 

This is an automated email from the ASF dual-hosted git repository.

lahirujayathilake pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git

commit 4de75da3c1ae4ad7826c6f8de22c8d8ec195b785
Author: lahiruj <[email protected]>
AuthorDate: Mon Sep 16 17:18:24 2024 -0400

    included required scopes for keycloak v24
---
 django_airavata/apps/auth/backends.py | 9 +++++----
 django_airavata/apps/auth/views.py    | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/django_airavata/apps/auth/backends.py 
b/django_airavata/apps/auth/backends.py
index 1987e4b7..e882c8e4 100644
--- a/django_airavata/apps/auth/backends.py
+++ b/django_airavata/apps/auth/backends.py
@@ -103,8 +103,8 @@ class KeycloakBackend(object):
             token_url = settings.KEYCLOAK_TOKEN_URL
             userinfo_url = settings.KEYCLOAK_USERINFO_URL
             verify_ssl = settings.KEYCLOAK_VERIFY_SSL
-            oauth2_session = OAuth2Session(client=LegacyApplicationClient(
-                client_id=client_id))
+            scope = ['openid', 'profile', 'email']
+            oauth2_session = 
OAuth2Session(client=LegacyApplicationClient(client_id=client_id), scope=scope)
             verify = verify_ssl
             if verify_ssl and hasattr(settings, 'KEYCLOAK_CA_CERTFILE'):
                 verify = settings.KEYCLOAK_CA_CERTFILE
@@ -113,7 +113,8 @@ class KeycloakBackend(object):
                                                password=password,
                                                client_id=client_id,
                                                client_secret=client_secret,
-                                               verify=verify)
+                                               verify=verify,
+                                               scope=scope)
             userinfo = oauth2_session.get(userinfo_url).json()
             return token, userinfo
         except InvalidGrantError as e:
@@ -133,7 +134,7 @@ class KeycloakBackend(object):
         redirect_uri = request.session['OAUTH2_REDIRECT_URI']
         logger.debug("state={}".format(state))
         oauth2_session = OAuth2Session(client_id,
-                                       scope='openid',
+                                       scope='openid profile email',
                                        redirect_uri=redirect_uri,
                                        state=state)
         verify = verify_ssl
diff --git a/django_airavata/apps/auth/views.py 
b/django_airavata/apps/auth/views.py
index 1c7cf6a5..02f0c86e 100644
--- a/django_airavata/apps/auth/views.py
+++ b/django_airavata/apps/auth/views.py
@@ -78,7 +78,7 @@ def redirect_login(request, idp_alias):
         if passthrough_query_param in request.GET:
             redirect_uri += 
f"&{passthrough_query_param}={quote(request.GET[passthrough_query_param])}"
     oauth2_session = OAuth2Session(
-        client_id, scope='openid', redirect_uri=redirect_uri)
+        client_id, scope='openid profile email', redirect_uri=redirect_uri)
     authorization_url, state = oauth2_session.authorization_url(
         base_authorize_url)
     authorization_url += '&kc_idp_hint=' + quote(idp_alias)

Reply via email to