CODEWITHSUNDEEP
pythonsslkeycloakauthlib
Wal D
Wal D

Reputation: 11

How to disable SSL verification for OAuth client of Authlib Python library?

I'm using Python 3.9.12 on Windows 10. My goal is to connect to KeyCloak server through browser to fetch access token. I'm using Authlib 0.15.5 to connect to the server to fetch the authentication URL. Below is the code.

from authlib.integrations.flask_client import OAuth

    oauth_client = OAuth()
    oauth_client.register(
        name=_configuration.oauht2_provider,
        client_id=_configuration.oauth2_client_id,
        client_secret=_configuration.oauth2_client_secret,
        authorize_url=_configuration.oauht2_authorize_url,
        authorize_params=_configuration.oauht2_authorize_params,
        refresh_token_url=_configuration.oauht2_refresh_token_url,
        refresh_token_params=_configuration.oauht2_refresh_token_param,
        access_token_url=_configuration.oauht2_access_token_url,
        access_token_params=_configuration.oauht2_access_token_params,
        client_kwargs={"scope": _configuration.oauht2_scope},
        server_metadata_url=_configuration.oauht2_open_id_url)
        
    oauth_client.init_app(app=_app)
    _oauth_client = oauth_client.create_client(_configuration.oauht2_provider)    

    redirect_url = _oauth_client.create_authorization_url(_configuration.oauth2_client_redirect_url, verify=False)['url']

The create_authorization_url is throwing this error HTTPSConnectionPool(host='keycloak-xxxx-xxxxxxx-xxx.xx.xxxx-xxxxx-xxx.xx.xx.xx.x', port=443): Max retries exceeded with url: /auth/realms/WXYZ/.well-known/uma2-configuration (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)')))

How can I disable SSL certification verification in the above code? Thank you.

I tried adding verify=False argument to the create_authorization_url, however, it did not work. redirect_url = _oauth_client.create_authorization_url(_configuration.oauth2_client_redirect_url, verify=False)['url']

Upvotes: 1

Views: 1971

Answers (1)

Catalin Patrut
Catalin Patrut

Reputation: 31

It seems that what you are looking for is to enrich your client_kwargs with one more flag, 'verify': False, as in:

client_kwargs={'verify': False,'scope': oauth2_config.get(
            'OAUTH2_SCOPE', 'email profile')},

Upvotes: 1

Related Questions