1

I'm using Python 3.9.12 on Windows 10. My goal is to connect to KeyCloak server through browser to fetch access token. I'm using Authlib 0.15.5 to connect to the server to fetch the authentication URL. Below is the code.

from authlib.integrations.flask_client import OAuth

    oauth_client = OAuth()
    oauth_client.register(
        name=_configuration.oauht2_provider,
        client_id=_configuration.oauth2_client_id,
        client_secret=_configuration.oauth2_client_secret,
        authorize_url=_configuration.oauht2_authorize_url,
        authorize_params=_configuration.oauht2_authorize_params,
        refresh_token_url=_configuration.oauht2_refresh_token_url,
        refresh_token_params=_configuration.oauht2_refresh_token_param,
        access_token_url=_configuration.oauht2_access_token_url,
        access_token_params=_configuration.oauht2_access_token_params,
        client_kwargs={"scope": _configuration.oauht2_scope},
        server_metadata_url=_configuration.oauht2_open_id_url)
        
    oauth_client.init_app(app=_app)
    _oauth_client = oauth_client.create_client(_configuration.oauht2_provider)    

    redirect_url = _oauth_client.create_authorization_url(_configuration.oauth2_client_redirect_url, verify=False)['url']

The create_authorization_url is throwing this error HTTPSConnectionPool(host='keycloak-xxxx-xxxxxxx-xxx.xx.xxxx-xxxxx-xxx.xx.xx.xx.x', port=443): Max retries exceeded with url: /auth/realms/WXYZ/.well-known/uma2-configuration (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)')))

How can I disable SSL certification verification in the above code? Thank you.

I tried adding verify=False argument to the create_authorization_url, however, it did not work. redirect_url = _oauth_client.create_authorization_url(_configuration.oauth2_client_redirect_url, verify=False)['url']

Wal D
  • 11
  • 3
  • Have you tried installing the certificates that come with Python? Safer option if it works. Otherwise sample code to disable SSL -> https://stackoverflow.com/a/41351871/1167890 – Simon O'Doherty Nov 23 '22 at 08:54
  • @SimonO'Doherty Thanks for the reply. I was able to locate the certificates folder here - lib\site-packages\certifi where the cacert.pem certificate file is present. I added the the keycloak server cert in the same folder. Next, added the code in [link]( stackoverflow.com/a/41351871/1167890). Both did not work. Couple of points to add though, 1. I'm using Anaconda for Python and 2. The Keycloak certificate is a self-signed one. – Wal D Nov 24 '22 at 05:11

1 Answers1

0

It seems that what you are looking for is to enrich your client_kwargs with one more flag, 'verify': False, as in:

client_kwargs={'verify': False,'scope': oauth2_config.get(
            'OAUTH2_SCOPE', 'email profile')},
Catalin Patrut
  • 11
  • 2