From cd829a3c9ac99384d3578b391a232ab74f403bc1 Mon Sep 17 00:00:00 2001
From: Christian Cueni <christian.cueni@iterativ.ch>
Date: Mon, 15 Aug 2022 11:33:44 +0200
Subject: [PATCH] WIP: Update config

---
 server/config/settings/base.py    |  4 +++-
 server/vbv_lernwelt/sso/client.py | 11 ++++++-----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/server/config/settings/base.py b/server/config/settings/base.py
index 86cc8254..c19d9792 100644
--- a/server/config/settings/base.py
+++ b/server/config/settings/base.py
@@ -525,12 +525,14 @@ OAUTH = {
     "access_token_url": env("IT_OAUTH_ACCESS_TOKEN_URL", default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/token"),
     "authorize_url": env("IT_OAUTH_AUTHORIZE_URL", default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/auth"),
     "authorize_params": IT_OAUTH_AUTHORIZE_PARAMS,
+    "access_token_params": IT_OAUTH_AUTHORIZE_PARAMS,
     "api_base_url": env("IT_OAUTH_API_BASE_URL", default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/"),
     "local_redirect_uri": env("IT_OAUTH_LOCAL_DIRECT_URI", default="http://localhost:8000/sso/callback/"),
+    "server_metadata_url": env("IT_OAUTH_SERVER_METADATA_URL", default="https://sso.test.b.lernetz.host/auth/realms/vbv/.well-known/openid-configuration"),
     "client_kwargs": {
         'scope': env("IT_OAUTH_SCOPE", default=''),
         'token_endpoint_auth_method': 'client_secret_post',
-        'token_placement': 'header',
+        'token_placement': 'body',
     }
 }
 
diff --git a/server/vbv_lernwelt/sso/client.py b/server/vbv_lernwelt/sso/client.py
index 0170f2e3..71d1954a 100644
--- a/server/vbv_lernwelt/sso/client.py
+++ b/server/vbv_lernwelt/sso/client.py
@@ -20,10 +20,11 @@ oauth.register(
     client_secret=settings.OAUTH["client_secret"],
     request_token_url=None,
     request_token_params=None,
-    access_token_url=settings.OAUTH["access_token_url"],
-    access_token_params=None,
-    authorize_url=settings.OAUTH["authorize_url"],
+    # access_token_url=settings.OAUTH["access_token_url"],
+    access_token_params=settings.OAUTH["access_token_params"],
+    # authorize_url=settings.OAUTH["authorize_url"],
     authorize_params=settings.OAUTH["authorize_params"],
-    api_base_url=settings.OAUTH["api_base_url"],
-    client_kwargs=settings.OAUTH["client_kwargs"]
+    # api_base_url=settings.OAUTH["api_base_url"],
+    client_kwargs=settings.OAUTH["client_kwargs"],
+    server_metadata_url=settings.OAUTH["server_metadata_url"],
 )