django-oidc-provider/oidc_provider/lib/utils/token.py

93 lines
2.1 KiB
Python
Raw Normal View History

2015-01-08 20:55:24 +00:00
from datetime import timedelta
2015-03-02 20:37:54 +00:00
import time
import uuid
2015-01-08 20:55:24 +00:00
from django.utils import timezone
2015-03-02 20:37:54 +00:00
import jwt
2015-07-13 20:37:13 +00:00
from oidc_provider.lib.utils.common import get_issuer, get_rsa_key
2015-02-18 18:07:22 +00:00
from oidc_provider.models import *
from oidc_provider import settings
2015-01-08 20:55:24 +00:00
def create_id_token(user, aud, nonce):
"""
Receives a user object and aud (audience).
Then creates the id_token dictionary.
2015-01-08 20:55:24 +00:00
See: http://openid.net/specs/openid-connect-core-1_0.html#IDToken
Return a dic.
"""
2015-07-13 20:37:13 +00:00
sub = settings.get('OIDC_IDTOKEN_SUB_GENERATOR')(user=user)
2015-02-26 19:14:36 +00:00
expires_in = settings.get('OIDC_IDTOKEN_EXPIRE')
2015-01-08 20:55:24 +00:00
# Convert datetimes into timestamps.
now = timezone.now()
iat_time = int(time.mktime(now.timetuple()))
exp_time = int(time.mktime((now + timedelta(seconds=expires_in)).timetuple()))
user_auth_time = user.last_login or user.date_joined
auth_time = int(time.mktime(user_auth_time.timetuple()))
2015-01-08 20:55:24 +00:00
dic = {
'iss': get_issuer(),
2015-03-02 20:37:54 +00:00
'sub': sub,
2015-01-08 20:55:24 +00:00
'aud': aud,
'exp': exp_time,
'iat': iat_time,
'auth_time': auth_time,
2015-01-08 20:55:24 +00:00
}
if nonce:
dic['nonce'] = nonce
2015-01-08 20:55:24 +00:00
return dic
2015-07-13 20:37:13 +00:00
def encode_id_token(dic):
"""
2015-01-08 20:55:24 +00:00
Represent the ID Token as a JSON Web Token (JWT).
Return a hash.
"""
2015-07-13 20:37:13 +00:00
return jwt.encode(dic, get_rsa_key(), algorithm='RS256').decode('utf-8')
2015-01-08 20:55:24 +00:00
2015-01-08 20:55:24 +00:00
def create_token(user, client, id_token_dic, scope):
"""
2015-01-08 20:55:24 +00:00
Create and populate a Token object.
Return a Token object.
"""
2015-01-08 20:55:24 +00:00
token = Token()
token.user = user
token.client = client
token.access_token = uuid.uuid4().hex
token.id_token = id_token_dic
token.refresh_token = uuid.uuid4().hex
token.expires_at = timezone.now() + timedelta(
2015-02-26 19:14:36 +00:00
seconds=settings.get('OIDC_TOKEN_EXPIRE'))
2015-01-08 20:55:24 +00:00
token.scope = scope
return token
def create_code(user, client, scope, nonce):
"""
Create and populate a Code object.
Return a Code object.
"""
code = Code()
code.user = user
code.client = client
code.code = uuid.uuid4().hex
code.expires_at = timezone.now() + timedelta(
seconds=settings.get('OIDC_CODE_EXPIRE'))
code.scope = scope
code.nonce = nonce
return code