fix: Add cacertfile to client args when provided (#4451)

2025-10-27 08:14:30 -04:00 · 2024-10-25 11:53:58 -05:00
parent f7e595b404
commit ea0d2ece6a
1 changed files with 5 additions and 1 deletions
--- a/mealie/routes/auth/auth.py
+++ b/mealie/routes/auth/auth.py
@@ -30,12 +30,16 @@ if settings.OIDC_READY:
    oauth = OAuth()
    groups_claim = settings.OIDC_GROUPS_CLAIM if settings.OIDC_REQUIRES_GROUP_CLAIM else ""
    scope = f"openid email profile {groups_claim}"
+    client_args = {"scope": scope.rstrip()}
+    if settings.OIDC_TLS_CACERTFILE:
+        client_args["verify"] = settings.OIDC_TLS_CACERTFILE
+
    oauth.register(
        "oidc",
        client_id=settings.OIDC_CLIENT_ID,
        client_secret=settings.OIDC_CLIENT_SECRET,
        server_metadata_url=settings.OIDC_CONFIGURATION_URL,
-        client_kwargs={"scope": scope.rstrip()},
+        client_kwargs=client_args,
        code_challenge_method="S256",
    )