move userdata_url / userdata_from_id_token conflict to config validation

rather than if attribute is defined
benjimin · Feb 13, 2024 · e6e68fd · e6e68fd
1 parent 12695d5
commit e6e68fd
Showing 1 changed file with 9 additions and 5 deletions.
diff --git a/oauthenticator/oauth2.py b/oauthenticator/oauth2.py
@@ -19,7 +19,7 @@
 from tornado.httpclient import AsyncHTTPClient, HTTPClientError, HTTPRequest
 from tornado.httputil import url_concat
 from tornado.log import app_log
-from traitlets import Any, Bool, Dict, List, Unicode, default
+from traitlets import Any, Bool, Dict, List, Unicode, default, validate
 
 
 def guess_callback_uri(protocol, host, hub_server_url):
@@ -397,6 +397,14 @@ def _token_url_default(self):
     def _userdata_url_default(self):
         return os.environ.get("OAUTH2_USERDATA_URL", "")
 
+    @validate("userdata_url")
+    def _validate_userdata_url(self, proposal):
+        if proposal.value and self.userdata_from_id_token:
+            raise ValueError(
+                "Cannot specify both authenticator.userdata_url and authenticator.userdata_from_id_token."
+            )
+        return proposal.value
+
     username_claim = Unicode(
         "username",
         config=True,
@@ -897,10 +905,6 @@ async def token_to_user(self, token_info):
         """
         if self.userdata_from_id_token:
             # Use id token instead of exchanging access token with userinfo endpoint.
-            if self.userdata_url:
-                raise ValueError(
-                    "Cannot specify both authenticator.userdata_url and authenticator.userdata_from_id_token."
-                )
             id_token = token_info.get("id_token", None)
             if not id_token:
                 raise web.HTTPError(