Provide a way to bypass the SSL cert verification for OAuth2 provider. #6095

docs/en_US/oauth2.rst

@@ -46,6 +46,8 @@ and modify the values for the following parameters:
     "OAUTH2_ADDITIONAL_CLAIMS", "If a dictionary is provided, pgAdmin will check for a matching key and value on the userinfo endpoint 
     and in the Id Token. In case there is no match with the provided config, the user will receive an authorization error.
     Useful for checking AzureAD_ *wids* or *groups*, GitLab_ *owner*, *maintainer* and *reporter* claims."
+    "OAUTH2_SSL_CERT_VERIFICATION", "Set this variable to False to disable SSL certificate verification for OAuth2 provider.
+    This may need to set False, in case of self-signed certificates."
 
 Redirect URL
 ============

web/config.py

@@ -808,6 +808,11 @@ OAUTH2_CONFIG = [
         #     'wids': ["cf1c38e5-3621-4004-a7cb-879624dced7c"],
         # }
         'OAUTH2_ADDITIONAL_CLAIMS': None,
+        # Set this variable to False to disable SSL certificate verification
+        # for OAuth2 provider.
+        # This may need to set False, in case of self-signed certificates.
+        # Ref: https://github.com/psf/requests/issues/6071
+        'OAUTH2_SSL_CERT_VERIFICATION': True
     }
 ]
 

web/pgadmin/authenticate/oauth2.py

@@ -106,7 +106,9 @@ class OAuth2Authentication(BaseAuthentication):
                 authorize_url=oauth2_config['OAUTH2_AUTHORIZATION_URL'],
                 api_base_url=oauth2_config['OAUTH2_API_BASE_URL'],
                 client_kwargs={'scope': oauth2_config.get(
-                    'OAUTH2_SCOPE', 'email profile')},
+                    'OAUTH2_SCOPE', 'email profile'),
+                    'verify': oauth2_config.get(
+                    'OAUTH2_SSL_CERT_VERIFICATION', True)},
                 server_metadata_url=oauth2_config.get(
                     'OAUTH2_SERVER_METADATA_URL', None)
             )