Reputation: 1079
How to change the redirect_uri in moziila_django_oidc?
I want to integrate Keycloak into a Django project and I am using mozilla_django_oidc to do so.
The problem I have is that when I send a request to the authorization endpoint of keycloak the redirect_uri is being set as: redirect_uri=http%3A%2F%2Fdjango%3A8000%2Foidc%2Fcallback%2F, but instead of django there should be the IP of my application. I don't know why it uses django as the domain name.
My configuration in the settings.py looks like this:
OIDC_RP_CLIENT_ID = os.environ['OIDC_RP_CLIENT_ID']
OIDC_RP_CLIENT_SECRET = os.environ['OIDC_RP_CLIENT_SECRET']
OIDC_OP_AUTHORIZATION_ENDPOINT = 'http://172.20.159.83:8080/auth/realms/Test/protocol/openid-connect/auth'
OIDC_OP_TOKEN_ENDPOINT = 'http://172.20.159.83:8080/auth/realms/Test/protocol/openid-connect/token'
OIDC_OP_USER_ENDPOINT = 'http://172.20.159.83:8080/auth/realms/Test/protocol/openid-connect/userinfo'
OIDC_OP_JWKS_ENDPOINT = 'http://172.20.159.83:8080/auth/realms/Test/protocol/openid-connect/certs'
LOGIN_REDIRECT_URL = 'http://172.20.159.83/test'
LOGOUT_REDIRECT_URL = 'http://172.20.159.83/'
And in the urls.py it is:
path('oidc/', include('mozilla_django_oidc.urls')),
The request to the authorization endpoint with all parameters:
http://172.20.159.83:8080/auth/realms/Test/protocol/openid-connect/auth?response_type=code&scope=openid+email&client_id=MyApplication&redirect_uri=http%3A%2F%2Fdjango%3A8000%2Foidc%2Fcallback%2F&state=3YxLAg8kX1bC1yTDMqKh8L05bIP5z9cB&nonce=jZ6KEZhk9tWOwdXRSqTUoF8lzg7aLU70
So, as the title says, how can I change the django part of the redirect uri to point to the IP of my application? How is this parameter being set?
Upvotes: 3
Views: 2226
Answers (2)
Reputation: 677
As far as I can tell, currently, mozilla_django_oidc does not use the hostname, but the value of the Host header; and redirects to IPs as well -- since the port in your redirect URI (http://django:8000/oidc/callback/) differs from 8080 too, I'd guess you are using a reverse proxy which does not pass the Host header to the backend server.
For nginx, proxy_set_header Host $host ; might help, other reverse proxies might have similar settings.
Upvotes: 1
Reputation: 1079
I have been looking through the Source code of mozilla_django_oidc and it appears that this parameter can not be set manually. Rather it will always use the hostname sending the request (which does happen to django in my case).
Here the code snipped responsible for anyone wondering:
reverse_url = self.get_settings('OIDC_AUTHENTICATION_CALLBACK_URL',
'oidc_authentication_callback')
token_payload = {
'client_id': self.OIDC_RP_CLIENT_ID,
'client_secret': self.OIDC_RP_CLIENT_SECRET,
'grant_type': 'authorization_code',
'code': code,
'redirect_uri': absolutify(
self.request,
reverse(reverse_url)
),
}
and absolutify is a function defined as:
def absolutify(request, path):
"""Return the absolute URL of a path."""
return request.build_absolute_uri(path)
Upvotes: 1
Related Questions
- How to set redirect_uri parameter on OpenIdConnectOptions for ASP.NET Core
- Django, mozilla-django-oidc and admin
- mozilla-django-oidc with keycloak on django 3
- django.contrib.auth.urls change redirect path
- How to rediect to redirect url in Django, Python, Keycloak
- Flask-OIDC redirect_uri value being overwritten somewhere?
- explicitly set redirect_uri in keycloak java adapters for oidc
- redirect_uri for a website using oAuth
- redirect_uri error in oauth for facebook django app
- Django redirect to custom URL