Add workaround for custom HTTPS certificate

bakdata · Mar 6, 2024 · 76a97bd · 76a97bd
1 parent 1a7fa47
commit 76a97bd
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/keycloak_oauth/__init__.py b/keycloak_oauth/__init__.py
@@ -1,4 +1,5 @@
 from pathlib import Path
+import ssl
 from typing import Any
 import pydantic
 from authlib.common.security import generate_token
@@ -37,6 +38,11 @@ def __init__(
 
         oauth = OAuth()
 
+        # HACK: load custom certificate including default certifi cacert chain
+        if verify := client_kwargs.get("verify"):
+            ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23, verify=verify)
+            client_kwargs["verify"] = ssl_context
+
         oauth.register(
             name="keycloak",
             # client_id and client_secret are created in keycloak