MSC3861: allow overriding the introspection endpoint (#17406)

This makes it easier to go through an internal endpoint instead of the
public facing URL when introspecting tokens, reducing latency.
This commit is contained in:
Quentin Gliech 2024-07-08 14:08:11 +02:00 committed by GitHub
parent 4d7e53707c
commit c896030f67
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 20 additions and 2 deletions

1
changelog.d/17406.misc Normal file
View file

@ -0,0 +1 @@
MSC3861: allow overriding the introspection endpoint.

View file

@ -145,6 +145,18 @@ class MSC3861DelegatedAuth(BaseAuth):
# metadata.validate_introspection_endpoint() # metadata.validate_introspection_endpoint()
return metadata return metadata
async def _introspection_endpoint(self) -> str:
"""
Returns the introspection endpoint of the issuer
It uses the config option if set, otherwise it will use OIDC discovery to get it
"""
if self._config.introspection_endpoint is not None:
return self._config.introspection_endpoint
metadata = await self._load_metadata()
return metadata.get("introspection_endpoint")
async def _introspect_token(self, token: str) -> IntrospectionToken: async def _introspect_token(self, token: str) -> IntrospectionToken:
""" """
Send a token to the introspection endpoint and returns the introspection response Send a token to the introspection endpoint and returns the introspection response
@ -161,8 +173,7 @@ class MSC3861DelegatedAuth(BaseAuth):
Returns: Returns:
The introspection response The introspection response
""" """
metadata = await self._issuer_metadata.get() introspection_endpoint = await self._introspection_endpoint()
introspection_endpoint = metadata.get("introspection_endpoint")
raw_headers: Dict[str, str] = { raw_headers: Dict[str, str] = {
"Content-Type": "application/x-www-form-urlencoded", "Content-Type": "application/x-www-form-urlencoded",
"User-Agent": str(self._http_client.user_agent, "utf-8"), "User-Agent": str(self._http_client.user_agent, "utf-8"),

View file

@ -140,6 +140,12 @@ class MSC3861:
("experimental", "msc3861", "client_auth_method"), ("experimental", "msc3861", "client_auth_method"),
) )
introspection_endpoint: Optional[str] = attr.ib(
default=None,
validator=attr.validators.optional(attr.validators.instance_of(str)),
)
"""The URL of the introspection endpoint used to validate access tokens."""
account_management_url: Optional[str] = attr.ib( account_management_url: Optional[str] = attr.ib(
default=None, default=None,
validator=attr.validators.optional(attr.validators.instance_of(str)), validator=attr.validators.optional(attr.validators.instance_of(str)),