member/member-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): correct userinfo endpoint fallback for authentik profile enrichment

Browse Source
This commit is contained in:
Chris
2026-03-30 03:13:29 +08:00
parent 5cc322f783
commit 58ea76f8b6
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.env.development
View File

@@ -17,6 +17,7 @@ AUTHENTIK_AUDIENCE=gKtjk5ExsITK74I1WG9RkHbylBjoZO83xab7YHiN
AUTHENTIK_CLIENT_ID=gKtjk5ExsITK74I1WG9RkHbylBjoZO83xab7YHiN AUTHENTIK_CLIENT_ID=gKtjk5ExsITK74I1WG9RkHbylBjoZO83xab7YHiN
AUTHENTIK_CLIENT_SECRET=MHTv0SHkIuic9Quk8Br9jB9gzT2bERvRfhHU4ogPlUtY3eBEXJj80RTEp3zpFBUXQ8PAwYrihWfNqKawWUOmKpQd8SwuyiAuVwLJTS7vB3LGvx1XtXqgMhR76EL2mLnP AUTHENTIK_CLIENT_SECRET=MHTv0SHkIuic9Quk8Br9jB9gzT2bERvRfhHU4ogPlUtY3eBEXJj80RTEp3zpFBUXQ8PAwYrihWfNqKawWUOmKpQd8SwuyiAuVwLJTS7vB3LGvx1XtXqgMhR76EL2mLnP
AUTHENTIK_TOKEN_ENDPOINT=https://auth.ose.tw/application/o/token/ AUTHENTIK_TOKEN_ENDPOINT=https://auth.ose.tw/application/o/token/
AUTHENTIK_USERINFO_ENDPOINT=https://auth.ose.tw/application/o/userinfo/
PUBLIC_FRONTEND_ORIGINS=http://127.0.0.1:5173,http://localhost:5173 PUBLIC_FRONTEND_ORIGINS=http://127.0.0.1:5173,http://localhost:5173
INTERNAL_SHARED_SECRET=CHANGE_ME INTERNAL_SHARED_SECRET=CHANGE_ME

10
app/security/authentik_jwt.py
View File

@@ -50,10 +50,16 @@ class AuthentikTokenVerifier:
@staticmethod @staticmethod
def _infer_userinfo_endpoint(issuer: str | None, base_url: str | None) -> str | None: def _infer_userinfo_endpoint(issuer: str | None, base_url: str | None) -> str | None:
if issuer:
return issuer.rstrip("/") + "/userinfo/"
if base_url: if base_url:
return base_url.rstrip("/") + "/application/o/userinfo/" return base_url.rstrip("/") + "/application/o/userinfo/"
if issuer:
normalized = issuer.rstrip("/")
marker = "/application/o/"
marker_index = normalized.find(marker)
if marker_index != -1:
root = normalized[:marker_index]
return root + marker + "userinfo/"
return normalized + "/userinfo/"
return None return None
def _enrich_from_userinfo(self, principal: AuthentikPrincipal, token: str) -> AuthentikPrincipal: def _enrich_from_userinfo(self, principal: AuthentikPrincipal, token: str) -> AuthentikPrincipal: