mirror of
https://mau.dev/maunium/synapse.git
synced 2024-12-13 23:03:46 +01:00
MSC3861: allow overriding the introspection endpoint (#17406)
This makes it easier to go through an internal endpoint instead of the public facing URL when introspecting tokens, reducing latency.
This commit is contained in:
parent
4d7e53707c
commit
c896030f67
3 changed files with 20 additions and 2 deletions
1
changelog.d/17406.misc
Normal file
1
changelog.d/17406.misc
Normal file
|
@ -0,0 +1 @@
|
||||||
|
MSC3861: allow overriding the introspection endpoint.
|
|
@ -145,6 +145,18 @@ class MSC3861DelegatedAuth(BaseAuth):
|
||||||
# metadata.validate_introspection_endpoint()
|
# metadata.validate_introspection_endpoint()
|
||||||
return metadata
|
return metadata
|
||||||
|
|
||||||
|
async def _introspection_endpoint(self) -> str:
|
||||||
|
"""
|
||||||
|
Returns the introspection endpoint of the issuer
|
||||||
|
|
||||||
|
It uses the config option if set, otherwise it will use OIDC discovery to get it
|
||||||
|
"""
|
||||||
|
if self._config.introspection_endpoint is not None:
|
||||||
|
return self._config.introspection_endpoint
|
||||||
|
|
||||||
|
metadata = await self._load_metadata()
|
||||||
|
return metadata.get("introspection_endpoint")
|
||||||
|
|
||||||
async def _introspect_token(self, token: str) -> IntrospectionToken:
|
async def _introspect_token(self, token: str) -> IntrospectionToken:
|
||||||
"""
|
"""
|
||||||
Send a token to the introspection endpoint and returns the introspection response
|
Send a token to the introspection endpoint and returns the introspection response
|
||||||
|
@ -161,8 +173,7 @@ class MSC3861DelegatedAuth(BaseAuth):
|
||||||
Returns:
|
Returns:
|
||||||
The introspection response
|
The introspection response
|
||||||
"""
|
"""
|
||||||
metadata = await self._issuer_metadata.get()
|
introspection_endpoint = await self._introspection_endpoint()
|
||||||
introspection_endpoint = metadata.get("introspection_endpoint")
|
|
||||||
raw_headers: Dict[str, str] = {
|
raw_headers: Dict[str, str] = {
|
||||||
"Content-Type": "application/x-www-form-urlencoded",
|
"Content-Type": "application/x-www-form-urlencoded",
|
||||||
"User-Agent": str(self._http_client.user_agent, "utf-8"),
|
"User-Agent": str(self._http_client.user_agent, "utf-8"),
|
||||||
|
|
|
@ -140,6 +140,12 @@ class MSC3861:
|
||||||
("experimental", "msc3861", "client_auth_method"),
|
("experimental", "msc3861", "client_auth_method"),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
introspection_endpoint: Optional[str] = attr.ib(
|
||||||
|
default=None,
|
||||||
|
validator=attr.validators.optional(attr.validators.instance_of(str)),
|
||||||
|
)
|
||||||
|
"""The URL of the introspection endpoint used to validate access tokens."""
|
||||||
|
|
||||||
account_management_url: Optional[str] = attr.ib(
|
account_management_url: Optional[str] = attr.ib(
|
||||||
default=None,
|
default=None,
|
||||||
validator=attr.validators.optional(attr.validators.instance_of(str)),
|
validator=attr.validators.optional(attr.validators.instance_of(str)),
|
||||||
|
|
Loading…
Reference in a new issue