From 76a97bd8de9704eb41c12469614833a00c368d44 Mon Sep 17 00:00:00 2001
From: Salomon Popp <salomon.popp@bakdata.com>
Date: Wed, 6 Mar 2024 10:20:47 +0000
Subject: [PATCH] Add workaround for custom HTTPS certificate

---
 keycloak_oauth/__init__.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/keycloak_oauth/__init__.py b/keycloak_oauth/__init__.py
index 6f647b6..1a49751 100644
--- a/keycloak_oauth/__init__.py
+++ b/keycloak_oauth/__init__.py
@@ -1,4 +1,5 @@
 from pathlib import Path
+import ssl
 from typing import Any
 import pydantic
 from authlib.common.security import generate_token
@@ -37,6 +38,11 @@ def __init__(
 
         oauth = OAuth()
 
+        # HACK: load custom certificate including default certifi cacert chain
+        if verify := client_kwargs.get("verify"):
+            ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23, verify=verify)
+            client_kwargs["verify"] = ssl_context
+
         oauth.register(
             name="keycloak",
             # client_id and client_secret are created in keycloak