From 3c24c6a729b9e265f599833c8f39d41ca621580b Mon Sep 17 00:00:00 2001 From: kobros-tech Date: Sun, 29 Mar 2026 03:46:54 +0300 Subject: [PATCH] [IMP] auth_oidc: enforce JSON response for token endpoint (code flow) Ensure the token endpoint always returns a JSON response when using `_auth_oauth_get_tokens_auth_code_flow`. Some OAuth2 providers (e.g., GitHub) return a URL-encoded or plain text response by default if the "Accept: application/json" header is not set. This leads to parsing errors when calling `response.json()`. This commit enforces: headers={"Accept": "application/json"} when performing the token exchange request. This method is shared by both OAuth2 Authorization Code flow and OpenID Connect flows, so enforcing JSON ensures consistent and reliable behavior across all providers. Without this header, the response format may vary depending on the provider, causing failures in access_token/id_token extraction. This change improves compatibility with non-OIDC providers and prevents unexpected decoding errors. --- auth_oidc/README.rst | 7 +-- auth_oidc/models/res_users.py | 1 + auth_oidc/readme/CONTRIBUTORS.md | 1 + auth_oidc/static/description/index.html | 59 +++++++++++-------------- 4 files changed, 31 insertions(+), 37 deletions(-) diff --git a/auth_oidc/README.rst b/auth_oidc/README.rst index 47ea133ab5..ce5f61342d 100644 --- a/auth_oidc/README.rst +++ b/auth_oidc/README.rst @@ -1,7 +1,3 @@ -.. image:: https://odoo-community.org/readme-banner-image - :target: https://odoo-community.org/get-involved?utm_source=readme - :alt: Odoo Community Association - ============================= Authentication OpenID Connect ============================= @@ -17,7 +13,7 @@ Authentication OpenID Connect .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png :target: https://odoo-community.org/page/development-status :alt: Beta -.. |badge2| image:: https://img.shields.io/badge/license-AGPL--3-blue.png +.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html :alt: License: AGPL-3 .. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github @@ -224,6 +220,7 @@ Contributors - Stéphane Bidoul - David Jaen - Andreas Perhab +- Mohamed Alkobrosli Maintainers ----------- diff --git a/auth_oidc/models/res_users.py b/auth_oidc/models/res_users.py index 1684480fa4..38d5173959 100644 --- a/auth_oidc/models/res_users.py +++ b/auth_oidc/models/res_users.py @@ -36,6 +36,7 @@ def _auth_oauth_get_tokens_auth_code_flow(self, oauth_provider, params): code_verifier=oauth_provider.code_verifier, # PKCE redirect_uri=request.httprequest.url_root + "auth_oauth/signin", ), + headers={"Accept": "application/json"}, auth=auth, timeout=10, ) diff --git a/auth_oidc/readme/CONTRIBUTORS.md b/auth_oidc/readme/CONTRIBUTORS.md index 8bdbc1daa2..3fe79f9897 100644 --- a/auth_oidc/readme/CONTRIBUTORS.md +++ b/auth_oidc/readme/CONTRIBUTORS.md @@ -2,3 +2,4 @@ - Stéphane Bidoul \<\> - David Jaen \<\> - Andreas Perhab \<\> +- Mohamed Alkobrosli \<\> diff --git a/auth_oidc/static/description/index.html b/auth_oidc/static/description/index.html index 319e44bead..6933f656f5 100644 --- a/auth_oidc/static/description/index.html +++ b/auth_oidc/static/description/index.html @@ -3,7 +3,7 @@ -README.rst +Authentication OpenID Connect -
+
+

Authentication OpenID Connect

- - -Odoo Community Association - -
-

Authentication OpenID Connect

-

Beta License: AGPL-3 OCA/server-auth Translate me on Weblate Try me on Runboat

+

Beta License: AGPL-3 OCA/server-auth Translate me on Weblate Try me on Runboat

This module allows users to login through an OpenID Connect provider using the authorization code flow or implicit flow.

Note the implicit flow is not recommended because it exposes access @@ -413,15 +408,15 @@

Authentication OpenID Connect

-

Installation

+

Installation

This module depends on the python-jose library, not to be confused with jose which is also available on PyPI.

-

Configuration

+

Configuration

-

Setup for Microsoft Azure

+

Setup for Microsoft Azure

Example configuration with OpenID Connect authorization code flow.

  1. configure a new web application in Azure with OpenID and code flow @@ -457,7 +452,7 @@

    Setup for Microsoft Azure

    image2

-

Setup for Keycloak

+

Setup for Keycloak

Example configuration with OpenID Connect authorization code flow.

In Keycloak:

    @@ -490,11 +485,11 @@

    Setup for Keycloak

-

Usage

+

Usage

On the login page, click on the authentication provider you configured.

-

Known issues / Roadmap

+

Known issues / Roadmap

  • When going to the login screen, check for a existing token and do a direct login without the clicking on the SSO link
    • @@ -503,70 +498,70 @@

    Known issues / Roadmap

-

Changelog

+

Changelog

-

16.0.1.1.0 2024-02-28

+

16.0.1.1.0 2024-02-28

  • Forward port OpenID Connect fixes from 15.0 to 16.0
-

16.0.1.0.1 2023-10-09

+

16.0.1.0.1 2023-10-09

  • Add AzureAD code flow provider
-

13.0.1.0.0 2020-04-10

+

13.0.1.0.0 2020-04-10

  • Odoo 13 migration, add authorization code flow.
-

10.0.1.0.0 2018-10-05

+

10.0.1.0.0 2018-10-05

  • Initial implementation
-

Bug Tracker

+

Bug Tracker

Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us to smash it by providing a detailed and welcomed @@ -574,9 +569,9 @@

Bug Tracker

Do not contact contributors directly about support or help with technical issues.

-

Credits

+

Credits

-

Authors

+

Authors

  • ICTSTUDIO
  • André Schenkels
    • @@ -584,16 +579,17 @@

    Authors

-

Maintainers

+

Maintainers

This module is maintained by the OCA.

Odoo Community Association @@ -608,6 +604,5 @@

Maintainers

-