in django_airavata/apps/auth/backends.py [0:0]
def _get_token_and_userinfo_redirect_flow(self, request):
authorization_code_url = request.build_absolute_uri()
client_id = settings.KEYCLOAK_CLIENT_ID
client_secret = settings.KEYCLOAK_CLIENT_SECRET
token_url = settings.KEYCLOAK_TOKEN_URL
userinfo_url = settings.KEYCLOAK_USERINFO_URL
verify_ssl = settings.KEYCLOAK_VERIFY_SSL
state = request.session['OAUTH2_STATE']
redirect_uri = request.session['OAUTH2_REDIRECT_URI']
logger.debug("state={}".format(state))
oauth2_session = OAuth2Session(client_id,
scope='openid profile email',
redirect_uri=redirect_uri,
state=state)
verify = verify_ssl
if verify_ssl and hasattr(settings, 'KEYCLOAK_CA_CERTFILE'):
verify = settings.KEYCLOAK_CA_CERTFILE
if not request.is_secure() and settings.DEBUG and not os.environ.get('OAUTHLIB_INSECURE_TRANSPORT'):
# For local development (DEBUG=True), allow insecure OAuth redirect flow
# if OAUTHLIB_INSECURE_TRANSPORT isn't already set
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = "1"
logger.info("Adding env var OAUTHLIB_INSECURE_TRANSPORT=1 to allow "
"OAuth redirect flow even though request is not secure")
token = oauth2_session.fetch_token(
token_url, client_secret=client_secret,
authorization_response=authorization_code_url, verify=verify)
userinfo = oauth2_session.get(userinfo_url).json()
return token, userinfo