Staging instance, all changes can be removed at any time

Skip to content

keycloak: Fix issue in authorization_url since python-keycloak 1.8.1

The scope and state query parameters in the authorization URL are now handled by the KeycloakOpenID.auth_url method since the release of python-keycloak 1.8.1 (see commit and recent build failure).

To keep backward compatibility with older python-keycloak versions, like the one used in production, while ensuring support for recent ones we need to ensure scope and state query parameters will be overridden if provided in extra_params dict.

Before ending up with that fix, I tried to upgrade the custom python3-keycloak debian package we are using in production. Unfortunately, it depends on python3-jose 3.3.0 which cannot currently be built for debian buster as a newer version of python3-ecdsa is required, the one packaged in buster being too old (see package build log).


Migrated from D8125 (view on Phabricator)

Merge request reports

Loading