included required scopes for keycloak v24

apache · Sep 16, 2024 · 64486e7 · 64486e7
1 parent 3cd1b2d
commit 64486e7
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 5 deletions.
diff --git a/django_airavata/apps/auth/backends.py b/django_airavata/apps/auth/backends.py
@@ -103,8 +103,8 @@ def _get_token_and_userinfo_password_flow(self, username, password):
             token_url = settings.KEYCLOAK_TOKEN_URL
             userinfo_url = settings.KEYCLOAK_USERINFO_URL
             verify_ssl = settings.KEYCLOAK_VERIFY_SSL
-            oauth2_session = OAuth2Session(client=LegacyApplicationClient(
-                client_id=client_id))
+            scope = ['openid', 'profile', 'email']
+            oauth2_session = OAuth2Session(client=LegacyApplicationClient(client_id=client_id), scope=scope)
             verify = verify_ssl
             if verify_ssl and hasattr(settings, 'KEYCLOAK_CA_CERTFILE'):
                 verify = settings.KEYCLOAK_CA_CERTFILE
@@ -113,7 +113,8 @@ def _get_token_and_userinfo_password_flow(self, username, password):
                                                password=password,
                                                client_id=client_id,
                                                client_secret=client_secret,
-                                               verify=verify)
+                                               verify=verify,
+                                               scope=scope)
             userinfo = oauth2_session.get(userinfo_url).json()
             return token, userinfo
         except InvalidGrantError as e:
@@ -133,7 +134,7 @@ def _get_token_and_userinfo_redirect_flow(self, request):
         redirect_uri = request.session['OAUTH2_REDIRECT_URI']
         logger.debug("state={}".format(state))
         oauth2_session = OAuth2Session(client_id,
-                                       scope='openid',
+                                       scope='openid profile email',
                                        redirect_uri=redirect_uri,
                                        state=state)
         verify = verify_ssl

diff --git a/django_airavata/apps/auth/views.py b/django_airavata/apps/auth/views.py
@@ -78,7 +78,7 @@ def redirect_login(request, idp_alias):
         if passthrough_query_param in request.GET:
             redirect_uri += f"&{passthrough_query_param}={quote(request.GET[passthrough_query_param])}"
     oauth2_session = OAuth2Session(
-        client_id, scope='openid', redirect_uri=redirect_uri)
+        client_id, scope='openid profile email', redirect_uri=redirect_uri)
     authorization_url, state = oauth2_session.authorization_url(
         base_authorize_url)
     authorization_url += '&kc_idp_hint=' + quote(idp_alias)