24339 - Pay admin secret changes (#1819)

bcgov · Nov 12, 2024 · 84b4b58 · 84b4b58
1 parent 5da31d0
commit 84b4b58
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/pay-admin/admin/config.py b/pay-admin/admin/config.py
@@ -19,6 +19,7 @@
 rather than reading environment variables directly or by accessing this configuration directly.
 """
 
+import json
 import os
 import sys
 
@@ -85,7 +86,10 @@ class _Config:  # pylint: disable=too-few-public-methods
     SQLALCHEMY_ECHO = _get_config("SQLALCHEMY_ECHO", default="False").lower() == "true"
 
     # Normal Keycloak parameters.
+    # Backwards compat for OCP and GCP.
     OIDC_CLIENT_SECRETS = os.getenv("PAY_OIDC_CLIENT_SECRETS", "secrets/keycloak.json")
+    if not os.path.isfile(OIDC_CLIENT_SECRETS):
+        OIDC_CLIENT_SECRETS = json.loads(OIDC_CLIENT_SECRETS)
     OIDC_SCOPES = ["openid", "email", "profile"]
     # Undocumented Keycloak parameter: allows sending cookies without the secure flag, which we need for the local
     # non-TLS HTTP server. Set this to non-"True" for local development, and use the default everywhere else.