jazzband · n2ygk · Oct 20, 2023 · Oct 19, 2023
diff --git a/tests/app/idp/idp/apps.py b/tests/app/idp/idp/apps.py
@@ -0,0 +1,14 @@
+from corsheaders.signals import check_request_enabled
+from django.apps import AppConfig
+
+
+def cors_allow_origin(sender, request, **kwargs):
+    return request.path == "/o/userinfo/" or request.path == "/o/userinfo"
+
+
+class IDPAppConfig(AppConfig):
+    name = "idp"
+    default = True
+
+    def ready(self):
+        check_request_enabled.connect(cors_allow_origin)
diff --git a/tests/app/idp/idp/settings.py b/tests/app/idp/idp/settings.py
@@ -10,6 +10,7 @@
 https://docs.djangoproject.com/en/4.2/ref/settings/
 """
 
+import os
 from pathlib import Path
 
 
@@ -32,6 +33,7 @@
 # Application definition
 
 INSTALLED_APPS = [
+    "idp.apps.IDPAppConfig",
     "django.contrib.admin",
     "django.contrib.auth",
     "django.contrib.contenttypes",
@@ -186,10 +188,10 @@
     "SCOPES": {
         "openid": "OpenID Connect scope",
     },
+    "ALLOWED_SCHEMES": ["https", "http"],
 }
-
-# just for this example
-CORS_ORIGIN_ALLOW_ALL = True
+# needs to be set to allow cors requests from the test app, along with ALLOWED_SCHEMES=["http"]
+os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1"
 
 LOGGING = {
     "version": 1,
@@ -210,5 +212,11 @@
             "level": "DEBUG",
             "propagate": False,
         },
+        # occasionally you may want to see what's going on in upstream in oauthlib
+        # "oauthlib": {
+        #     "handlers": ["console"],
+        #     "level": "DEBUG",
+        #     "propagate": False,
+        # },
     },
 }