Fix OIDC login with Google by adding OIDC_SERVER_METADATA_URL config option

Co-authored-by: gantoine <3247106+gantoine@users.noreply.github.com>
2026-06-28 06:46:00 +00:00 · 2026-03-09 17:39:43 +00:00
parent 3a7ef20045
commit ff1c8b680e
2 changed files with 4 additions and 3 deletions
--- a/backend/config/init.py
+++ b/backend/config/init.py
@@ -138,6 +138,7 @@ OIDC_CLIENT_ID: Final[str] = _get_env("OIDC_CLIENT_ID", "")
 OIDC_CLIENT_SECRET: Final[str] = _get_env("OIDC_CLIENT_SECRET", "")
 OIDC_REDIRECT_URI: Final[str] = _get_env("OIDC_REDIRECT_URI", "")
 OIDC_SERVER_APPLICATION_URL: Final[str] = _get_env("OIDC_SERVER_APPLICATION_URL", "")
+OIDC_SERVER_METADATA_URL: Final[str | None] = _get_env("OIDC_SERVER_METADATA_URL")
 OIDC_CLAIM_ROLES: Final[str] = _get_env("OIDC_CLAIM_ROLES", "")
 OIDC_ROLE_VIEWER: Final[str | None] = _get_env("OIDC_ROLE_VIEWER")
 OIDC_ROLE_EDITOR: Final[str | None] = _get_env("OIDC_ROLE_EDITOR")
--- a/backend/decorators/auth.py
+++ b/backend/decorators/auth.py
@@ -17,6 +17,7 @@ from config import (
    OIDC_PROVIDER,
    OIDC_REDIRECT_URI,
    OIDC_SERVER_APPLICATION_URL,
+    OIDC_SERVER_METADATA_URL,
    OIDC_TLS_CACERTFILE,
 )
 from handler.auth.constants import (
@@ -55,9 +56,8 @@ oauth.register(
    name="openid",
    client_id=config.get("OIDC_CLIENT_ID"),
    client_secret=config.get("OIDC_CLIENT_SECRET"),
-    server_metadata_url=get_well_known_url(
-        config.get("OIDC_SERVER_APPLICATION_URL"), external=True
-    ),
+    server_metadata_url=OIDC_SERVER_METADATA_URL
+    or get_well_known_url(config.get("OIDC_SERVER_APPLICATION_URL"), external=True),
    client_kwargs={
        "scope": f"openid profile email {OIDC_CLAIM_ROLES}".strip(),
        "verify": OIDC_TLS_CACERTFILE,