From 71b869a975695be56f680487b8afd9bb6a90f50e Mon Sep 17 00:00:00 2001
From: Akhil Narang <me@akhilnarang.dev>
Date: Thu, 19 Sep 2024 13:42:11 +0530
Subject: [PATCH] refactor(keycloak): set API endpoint while getting list of
 oauth providers

urljoin() just adds the base URL to the relative path, here our base URL has an extra route in the path which isn't added in.

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
---
 .../doctype/social_login_key/social_login_key.py             | 5 +----
 frappe/utils/oauth.py                                        | 5 +++++
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/frappe/integrations/doctype/social_login_key/social_login_key.py b/frappe/integrations/doctype/social_login_key/social_login_key.py
index 6f65c2c642..231fe71d8e 100644
--- a/frappe/integrations/doctype/social_login_key/social_login_key.py
+++ b/frappe/integrations/doctype/social_login_key/social_login_key.py
@@ -88,8 +88,6 @@ class SocialLoginKey(Document):
 			frappe.throw(
 				_("Please enter Client Secret before social login is enabled"), exc=ClientSecretNotSetError
 			)
-		if self.social_login_provider == "Keycloak":
-			self.api_endpoint = self.base_url + "/protocol/openid-connect/userinfo"
 
 	def set_icon(self):
 		icon_map = {
@@ -219,10 +217,9 @@ class SocialLoginKey(Document):
 		providers["Keycloak"] = {
 			"provider_name": "Keycloak",
 			"enable_social_login": 1,
-			"base_url": "realms/master",
 			"custom_base_url": 1,
 			"redirect_url": "/api/method/frappe.integrations.oauth2_logins.login_via_keycloak/keycloak",
-			"api_endpoint": "realms/masterl/protocol/openid-connect/userinfo",
+			"api_endpoint": "/protocol/openid-connect/userinfo",
 			"api_endpoint_args": None,
 			"authorize_url": "/protocol/openid-connect/auth",
 			"access_token_url": "/protocol/openid-connect/token",
diff --git a/frappe/utils/oauth.py b/frappe/utils/oauth.py
index 002ebabcf0..28de03e785 100644
--- a/frappe/utils/oauth.py
+++ b/frappe/utils/oauth.py
@@ -28,6 +28,11 @@ def get_oauth2_providers() -> dict[str, dict]:
 		if provider.custom_base_url:
 			authorize_url = provider.base_url + provider.authorize_url
 			access_token_url = provider.base_url + provider.access_token_url
+
+		# Keycloak needs this, the base URL also has a route, that urljoin() ignores
+		if provider.name == "keycloak":
+			provider.api_endpoint = provider.base_url + provider.api_endpoint
+
 		out[provider.name] = {
 			"flow_params": {
 				"name": provider.name,