Setting optimization
If the OIDC answer with a json, it means the env var OIDC_RP_SIGN_ALGO is not necessary, see:
|
userinfo = user_response.json() |
|
except ValueError: |
|
try: |
|
userinfo = self.verify_token(user_response.text) |
We should add more control on this part of code, by setting OIDC_RP_SIGN_ALGO only if we are waiting a signed response.
Basic Suggestion
if(self.get_settings("OIDC_RP_SIGN_ALGO", None)):
userinfo = self.verify_token(user_response.text)
else:
userinfo = user_response.json()
Setting optimization
If the OIDC answer with a json, it means the env var
OIDC_RP_SIGN_ALGOis not necessary, see:docs/src/backend/core/authentication/backends.py
Lines 50 to 53 in 9388c8f
We should add more control on this part of code, by setting
OIDC_RP_SIGN_ALGOonly if we are waiting a signed response.Basic Suggestion