diff --git a/docs/en_US/oauth2.rst b/docs/en_US/oauth2.rst index 54895cc15..a3d6d0880 100644 --- a/docs/en_US/oauth2.rst +++ b/docs/en_US/oauth2.rst @@ -46,6 +46,8 @@ and modify the values for the following parameters: "OAUTH2_ADDITIONAL_CLAIMS", "If a dictionary is provided, pgAdmin will check for a matching key and value on the userinfo endpoint and in the Id Token. In case there is no match with the provided config, the user will receive an authorization error. Useful for checking AzureAD_ *wids* or *groups*, GitLab_ *owner*, *maintainer* and *reporter* claims." + "OAUTH2_SSL_CERT_VERIFICATION", "Set this variable to False to disable SSL certificate verification for OAuth2 provider. + This may need to set False, in case of self-signed certificates." Redirect URL ============ diff --git a/web/config.py b/web/config.py index 2b939fba5..5da28634a 100644 --- a/web/config.py +++ b/web/config.py @@ -808,6 +808,11 @@ OAUTH2_CONFIG = [ # 'wids': ["cf1c38e5-3621-4004-a7cb-879624dced7c"], # } 'OAUTH2_ADDITIONAL_CLAIMS': None, + # Set this variable to False to disable SSL certificate verification + # for OAuth2 provider. + # This may need to set False, in case of self-signed certificates. + # Ref: https://github.com/psf/requests/issues/6071 + 'OAUTH2_SSL_CERT_VERIFICATION': True } ] diff --git a/web/pgadmin/authenticate/oauth2.py b/web/pgadmin/authenticate/oauth2.py index d1b6113aa..5db7eedda 100644 --- a/web/pgadmin/authenticate/oauth2.py +++ b/web/pgadmin/authenticate/oauth2.py @@ -106,7 +106,9 @@ class OAuth2Authentication(BaseAuthentication): authorize_url=oauth2_config['OAUTH2_AUTHORIZATION_URL'], api_base_url=oauth2_config['OAUTH2_API_BASE_URL'], client_kwargs={'scope': oauth2_config.get( - 'OAUTH2_SCOPE', 'email profile')}, + 'OAUTH2_SCOPE', 'email profile'), + 'verify': oauth2_config.get( + 'OAUTH2_SSL_CERT_VERIFICATION', True)}, server_metadata_url=oauth2_config.get( 'OAUTH2_SERVER_METADATA_URL', None) )