how to turn off ssl check in Authlib

Question

I'm using authlib in my project. I have a local IDP setup using http atm. For testing, this code is blocking me because my dev environment is http.

I can carry on by commenting out the line. But, i think having a way to turn of https check is neater.

So, dose anyway know a way to turn off https check in Authlib ?

Also see [How to create a self-signed certificate with openssl?](http://stackoverflow.com/a/27931596/608639). — jww, Mar 11 '18 at 21:38
@jww Are you suggesting using ssl instead of dont check ssl? — Anakin Hao, Mar 11 '18 at 22:08

score 4 · Accepted Answer · answered Mar 12 '18 at 01:57

4

It can be solved by setting an environment:

AUTHLIB_INSECURE_TRANSPORT=true

This is not documented on client sections, it is documented on the server parts like https://docs.authlib.org/en/latest/flask/oauth2.html

answered Mar 12 '18 at 01:57

lepture

Dont you love getting a reply from the author of the lib. I'm running into more issues. E.g. Expecting a PEM-formatted key. I saw the TODO comment in jws._jwk_to_key: TODO: send a PR to PyJWT – Anakin Hao Mar 12 '18 at 04:13
Ignore my last comment. That's me using a wrong public key. – Anakin Hao Mar 12 '18 at 04:43
Very bad advice; see [The most dangerous code in the world: validating SSL certificates in non-browser software](http://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html). Perhaps the OP should create a certificate with the proper names. Or show the OP how to do what is necessary so TLS remains enabled. – jww Mar 12 '18 at 19:38
3

@jww it is ok for testing – lepture Mar 13 '18 at 11:46

1 Answers1