keycloak: Fix issue in authorization_url since python-keycloak 1.8.1 (!34) · Merge requests · Platform / Development / swh-auth

Antoine Lambert requested to merge generated-differential-D8125-source into generated-differential-D8125-target Jul 15, 2022

The scope and state query parameters in the authorization URL are now handled by the KeycloakOpenID.auth_url method since the release of python-keycloak 1.8.1 (see commit and recent build failure).

To keep backward compatibility with older python-keycloak versions, like the one used in production, while ensuring support for recent ones we need to ensure scope and state query parameters will be overridden if provided in extra_params dict.

Before ending up with that fix, I tried to upgrade the custom python3-keycloak debian package we are using in production. Unfortunately, it depends on python3-jose 3.3.0 which cannot currently be built for debian buster as a newer version of python3-ecdsa is required, the one packaged in buster being too old (see package build log).

Migrated from D8125 (view on Phabricator)

keycloak: Fix issue in authorization_url since python-keycloak 1.8.1

Merge request reports