Use urljoin() to compose OAuth URLs instead of string concatenation

String concatenation is bound to mess up; in this case it was producing
double slashes instead of single ones when `BLENDER_ID_ENDPOINT` ends in
a slash. Since URLs generally end in a slash, this should be supported.

pillar/api/blender_id.py

@@ -261,9 +261,9 @@ def setup_app(app, url_prefix):
 
 
 def switch_user_url(next_url: str) -> str:
-    from urllib.parse import quote
+    from urllib.parse import quote, urljoin
 
-    base_url = '%s/switch' % current_app.config['BLENDER_ID_ENDPOINT']
+    base_url = urljoin(current_app.config['BLENDER_ID_ENDPOINT'], 'switch')
     if next_url:
         return '%s?next=%s' % (base_url, quote(next_url))
     return base_url

pillar/auth/oauth.py

@@ -129,6 +129,7 @@ class BlenderIdSignIn(OAuthSignIn):
     provider_name = 'blender-id'
 
     def __init__(self):
+        from urllib.parse import urljoin
         super().__init__()
 
         base_url = current_app.config['BLENDER_ID_ENDPOINT']
@@ -137,8 +138,8 @@ class BlenderIdSignIn(OAuthSignIn):
             name='blender-id',
             client_id=self.consumer_id,
             client_secret=self.consumer_secret,
-            authorize_url='%s/oauth/authorize' % base_url,
-            access_token_url='%s/oauth/token' % base_url,
+            authorize_url=urljoin(base_url, 'oauth/authorize'),
+            access_token_url=urljoin(base_url, 'oauth/token'),
             base_url='%s/api/' % base_url
         )
 

pillar/config.py

@@ -32,7 +32,7 @@ SECRET_KEY = ''
 AUTH_TOKEN_HMAC_KEY = b''
 
 # Authentication settings
-BLENDER_ID_ENDPOINT = 'http://id.local:8000'
+BLENDER_ID_ENDPOINT = 'http://id.local:8000/'
 
 CDN_USE_URL_SIGNING = True
 CDN_SERVICE_DOMAIN_PROTOCOL = 'https'