fix: Add cacertfile to client args when provided (#4451)

mealie-recipes · Oct 25, 2024 · ea0d2ec · ea0d2ec
1 parent f7e595b
commit ea0d2ec
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/mealie/routes/auth/auth.py b/mealie/routes/auth/auth.py
@@ -30,12 +30,16 @@
     oauth = OAuth()
     groups_claim = settings.OIDC_GROUPS_CLAIM if settings.OIDC_REQUIRES_GROUP_CLAIM else ""
     scope = f"openid email profile {groups_claim}"
+    client_args = {"scope": scope.rstrip()}
+    if settings.OIDC_TLS_CACERTFILE:
+        client_args["verify"] = settings.OIDC_TLS_CACERTFILE
+
     oauth.register(
         "oidc",
         client_id=settings.OIDC_CLIENT_ID,
         client_secret=settings.OIDC_CLIENT_SECRET,
         server_metadata_url=settings.OIDC_CONFIGURATION_URL,
-        client_kwargs={"scope": scope.rstrip()},
+        client_kwargs=client_args,
         code_challenge_method="S256",
     )