From ea0d2ece6aeedb8239f142ba8cb071ec1c6726d3 Mon Sep 17 00:00:00 2001
From: Carter <35710697+cmintey@users.noreply.github.com>
Date: Fri, 25 Oct 2024 11:53:58 -0500
Subject: [PATCH] fix: Add cacertfile to client args when provided (#4451)

---
 mealie/routes/auth/auth.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/mealie/routes/auth/auth.py b/mealie/routes/auth/auth.py
index 520c86b3e0a..0cab75d7497 100644
--- a/mealie/routes/auth/auth.py
+++ b/mealie/routes/auth/auth.py
@@ -30,12 +30,16 @@
     oauth = OAuth()
     groups_claim = settings.OIDC_GROUPS_CLAIM if settings.OIDC_REQUIRES_GROUP_CLAIM else ""
     scope = f"openid email profile {groups_claim}"
+    client_args = {"scope": scope.rstrip()}
+    if settings.OIDC_TLS_CACERTFILE:
+        client_args["verify"] = settings.OIDC_TLS_CACERTFILE
+
     oauth.register(
         "oidc",
         client_id=settings.OIDC_CLIENT_ID,
         client_secret=settings.OIDC_CLIENT_SECRET,
         server_metadata_url=settings.OIDC_CONFIGURATION_URL,
-        client_kwargs={"scope": scope.rstrip()},
+        client_kwargs=client_args,
         code_challenge_method="S256",
     )