fix(auth): correct userinfo endpoint fallback for authentik profile enrichment

2026-03-30 03:13:29 +08:00
parent 5cc322f783
commit 58ea76f8b6
2 changed files with 9 additions and 2 deletions
--- a/app/security/authentik_jwt.py
+++ b/app/security/authentik_jwt.py
@@ -50,10 +50,16 @@ class AuthentikTokenVerifier:

    @staticmethod
    def _infer_userinfo_endpoint(issuer: str | None, base_url: str | None) -> str | None:
-        if issuer:
-            return issuer.rstrip("/") + "/userinfo/"
        if base_url:
            return base_url.rstrip("/") + "/application/o/userinfo/"
+        if issuer:
+            normalized = issuer.rstrip("/")
+            marker = "/application/o/"
+            marker_index = normalized.find(marker)
+            if marker_index != -1:
+                root = normalized[:marker_index]
+                return root + marker + "userinfo/"
+            return normalized + "/userinfo/"
        return None

    def _enrich_from_userinfo(self, principal: AuthentikPrincipal, token: str) -> AuthentikPrincipal: