feat: allow to override OAuth2 URLs in settings

This allows to use the backends with other than hardcoded URLs easily.

Fixes #893

Author: nijel

social_core/backends/azuread.py

@@ -68,16 +68,16 @@ def tenant_id(self) -> str:
         return "common"
 
     @property
-    def base_url(self):
+    def base_url(self) -> str:
         return self.BASE_URL.format(
             authority_host=self.authority_host, tenant_id=self.tenant_id
         )
 
-    def authorization_url(self):
-        return self.AUTHORIZATION_URL.format(base_url=self.base_url)
+    def get_authorization_url_format(self) -> dict[str, str]:
+        return {"base_url": self.base_url}
 
-    def access_token_url(self):
-        return self.ACCESS_TOKEN_URL.format(base_url=self.base_url)
+    def get_access_token_url_format(self) -> dict[str, str]:
+        return {"base_url": self.base_url}
 
     def get_user_id(self, details, response):
         """Use upn as unique id"""

social_core/backends/azuread_b2c.py

@@ -101,12 +101,10 @@ def openid_configuration_url(self):
             base_url=self.base_url, policy=self.policy
         )
 
-    def authorization_url(self):
-        # Policy is required, but added later by `auth_extra_arguments()`
-        return self.AUTHORIZATION_URL.format(base_url=self.base_url)
-
-    def access_token_url(self):
-        return self.ACCESS_TOKEN_URL.format(base_url=self.base_url, policy=self.policy)
+    def get_access_token_url_format(self) -> dict[str, str]:
+        params = super().get_access_token_url_format()
+        params["policy"] = self.policy
+        return params
 
     def jwks_url(self):
         return self.JWKS_URL.format(base_url=self.base_url, policy=self.policy)

social_core/backends/base.py

@@ -41,7 +41,7 @@ def log_debug(self, message, *args) -> None:
     def log_warning(self, message, *args) -> None:
         social_logger.warning(f"{self.name}: {message}", *args)
 
-    def setting(self, name, default=None):
+    def setting(self, name: str, default=None):
         """Return setting value from strategy"""
         return self.strategy.setting(name, default=default, backend=self)
 

social_core/backends/facebook.py

@@ -47,13 +47,11 @@ def auth_params(self, state=None):
         params["return_scopes"] = "true"
         return params
 
-    def authorization_url(self):
-        version = self.setting("API_VERSION", API_VERSION)
-        return self.AUTHORIZATION_URL.format(version=version)
+    def get_authorization_url_format(self) -> dict[str, str]:
+        return {"version": self.setting("API_VERSION", API_VERSION)}
 
-    def access_token_url(self):
-        version = self.setting("API_VERSION", API_VERSION)
-        return self.ACCESS_TOKEN_URL.format(version=version)
+    def get_access_token_url_format(self) -> dict[str, str]:
+        return {"version": self.setting("API_VERSION", API_VERSION)}
 
     def get_user_details(self, response):
         """Return user details from Facebook account"""

social_core/backends/google.py

@@ -115,7 +115,7 @@ def auth_complete(self, *args, **kwargs):
             return self.do_auth(token, *args, response=response, **kwargs)
         if "code" in self.data:  # Server-side workflow
             response = self.request_access_token(
-                self.ACCESS_TOKEN_URL,
+                self.access_token_url(),
                 data=self.auth_complete_params(),
                 headers=self.auth_headers(),
                 method=self.ACCESS_TOKEN_METHOD,

social_core/backends/keycloak.py

@@ -99,12 +99,6 @@ class KeycloakOAuth2(BaseOAuth2):  # pylint: disable=abstract-method
     ID_KEY = "username"
     REDIRECT_STATE = False
 
-    def authorization_url(self):
-        return self.setting("AUTHORIZATION_URL")
-
-    def access_token_url(self):
-        return self.setting("ACCESS_TOKEN_URL")
-
     def audience(self):
         return self.setting("KEY")
 

social_core/backends/mineid.py

@@ -5,8 +5,8 @@ class MineIDOAuth2(BaseOAuth2):
     """MineID OAuth2 authentication backend"""
 
     name = "mineid"
-    _AUTHORIZATION_URL = "%(scheme)s://%(host)s/oauth/authorize"
-    _ACCESS_TOKEN_URL = "%(scheme)s://%(host)s/oauth/access_token"
+    AUTHORIZATION_URL = "{scheme}://{host}/oauth/authorize"
+    ACCESS_TOKEN_URL = "{scheme}://{host}/oauth/access_token"
     SCOPE_SEPARATOR = ","
     EXTRA_DATA = []
 
@@ -21,15 +21,13 @@ def _user_data(self, access_token, path=None):
         url = "{scheme}://{host}/api/user".format(**self.get_mineid_url_params())
         return self.get_json(url, params={"access_token": access_token})
 
-    @property
-    def AUTHORIZATION_URL(self):
-        return self._AUTHORIZATION_URL % self.get_mineid_url_params()
+    def get_authorization_url_format(self) -> dict[str, str]:
+        return self.get_mineid_url_params()
 
-    @property
-    def ACCESS_TOKEN_URL(self):
-        return self._ACCESS_TOKEN_URL % self.get_mineid_url_params()
+    def get_access_token_url_format(self) -> dict[str, str]:
+        return self.get_mineid_url_params()
 
-    def get_mineid_url_params(self):
+    def get_mineid_url_params(self) -> dict[str, str]:
         return {
             "host": self.setting("HOST", "www.mineid.org"),
             "scheme": self.setting("SCHEME", "https"),

social_core/backends/nationbuilder.py

@@ -16,11 +16,11 @@ class NationBuilderOAuth2(BaseOAuth2):
     SCOPE_SEPARATOR = ","
     EXTRA_DATA = [("id", "id"), ("expires", "expires")]
 
-    def authorization_url(self):
-        return self.AUTHORIZATION_URL.format(slug=self.slug)
+    def get_authorization_url_format(self) -> dict[str, str]:
+        return {"slug": self.slug}
 
-    def access_token_url(self):
-        return self.ACCESS_TOKEN_URL.format(slug=self.slug)
+    def get_access_token_url_format(self) -> dict[str, str]:
+        return {"slug": self.slug}
 
     @property
     def slug(self):

social_core/backends/oauth.py

@@ -147,13 +147,25 @@ def user_data(self, access_token, *args, **kwargs) -> dict[str, Any] | None:
         return {}
 
     def authorization_url(self) -> str:
-        return self.AUTHORIZATION_URL
+        url = self.setting("AUTHORIZATION_URL", self.AUTHORIZATION_URL)
+        if format_params := self.get_authorization_url_format():
+            return url.format(**format_params)
+        return url
+
+    def get_authorization_url_format(self) -> dict[str, str]:
+        return {}
 
     def access_token_url(self) -> str:
-        return self.ACCESS_TOKEN_URL
+        url = self.setting("ACCESS_TOKEN_URL", self.ACCESS_TOKEN_URL)
+        if format_params := self.get_access_token_url_format():
+            return url.format(**format_params)
+        return url
+
+    def get_access_token_url_format(self) -> dict[str, str]:
+        return {}
 
     def revoke_token_url(self, token, uid) -> str:
-        return self.REVOKE_TOKEN_URL
+        return self.setting("REVOKE_TOKEN_URL", self.REVOKE_TOKEN_URL)
 
     def revoke_token_params(self, token, uid) -> dict[str, Any]:
         return {}

social_core/backends/osso.py

@@ -16,11 +16,11 @@ class OssoOAuth2(BaseOAuth2):
     def osso_base_url(self):
         return self.setting("OSSO_BASE_URL", "https://demo.ossoapp.com")
 
-    def authorization_url(self):
-        return self.AUTHORIZATION_URL.format(osso_base_url=self.osso_base_url)
+    def get_authorization_url_format(self) -> dict[str, str]:
+        return {"osso_base_url": self.osso_base_url}
 
-    def access_token_url(self):
-        return self.ACCESS_TOKEN_URL.format(osso_base_url=self.osso_base_url)
+    def get_access_token_url_format(self) -> dict[str, str]:
+        return {"osso_base_url": self.osso_base_url}
 
     def auth_params(self, state=None):
         client_id, _client_secret = self.get_key_and_secret()