kumi/django-oidc-provider
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
django-oidc-provider/oidc_provider/settings.py

211 lines
6.2 KiB
Python
Raw Normal View History

Now OIDC_EXTRA_SCOPE_CLAIMS must be a string (lazy imported).
2015-06-19 18:19:46 +00:00
import importlib
Merge develop to v0.5.x (#179) * Log create_uri_response exceptions to logger.exception * Support grant type password - basics * Add tests for Resource Owner Password Credentials Flow * Password Grant -Response according to specification * Better tests for errors, disable grant type password by default * Add documentation for grant type password * User authentication failure to return 403 * Add id_token to response * skipping consent only works for confidential clients * fix URI fragment example not working URL `http://localhost:8100/#/auth/callback/` * OIDC_POST_END_SESSION_HOOK + tests * Explicit function naming * Remove print statements * No need for semicolons, this is Python * Update CHANGELOG.md * fixed logger message * Improved `exp` value calculation * rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK * added docs for OIDC_AFTER_END_SESSION_HOOK * Replaces `LOGIN_URL` with `OIDC_LOGIN_URL` so users can use a different login path for their oidc requests. * Adds a setting variable for custom template paths * Updates documentation * Fixed bad try/except/finally block * Adds test for OIDC_TEMPLATES settings * Determine value for op_browser_state from session_key or default * Do not use cookie for browser_state. It may not yet be there * Add docs on new setting OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY * Fix compatibility for older versions of Django * solved merging typo for missing @property
2017-05-05 03:19:57 +00:00
import random
import string
Now OIDC_EXTRA_SCOPE_CLAIMS must be a string (lazy imported).
2015-06-19 18:19:46 +00:00
Add default package settings. Edit README.
2015-01-28 17:50:14 +00:00
from django.conf import settings
Add custom SUB generator for ID TOKEN.
2015-03-02 20:37:54 +00:00
Add default package settings. Edit README.
2015-01-28 17:50:14 +00:00
Set default settings using class attr.
2015-03-04 20:17:37 +00:00
class DefaultSettings(object):
Merge develop to v0.5.x (#179) * Log create_uri_response exceptions to logger.exception * Support grant type password - basics * Add tests for Resource Owner Password Credentials Flow * Password Grant -Response according to specification * Better tests for errors, disable grant type password by default * Add documentation for grant type password * User authentication failure to return 403 * Add id_token to response * skipping consent only works for confidential clients * fix URI fragment example not working URL `http://localhost:8100/#/auth/callback/` * OIDC_POST_END_SESSION_HOOK + tests * Explicit function naming * Remove print statements * No need for semicolons, this is Python * Update CHANGELOG.md * fixed logger message * Improved `exp` value calculation * rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK * added docs for OIDC_AFTER_END_SESSION_HOOK * Replaces `LOGIN_URL` with `OIDC_LOGIN_URL` so users can use a different login path for their oidc requests. * Adds a setting variable for custom template paths * Updates documentation * Fixed bad try/except/finally block * Adds test for OIDC_TEMPLATES settings * Determine value for op_browser_state from session_key or default * Do not use cookie for browser_state. It may not yet be there * Add docs on new setting OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY * Fix compatibility for older versions of Django * solved merging typo for missing @property
2017-05-05 03:19:57 +00:00
required_attrs = ()
def __init__(self):
self._unauthenticated_session_management_key = None
Add default package settings. Edit README.
2015-01-28 17:50:14 +00:00
Set default settings using class attr.
2015-03-04 20:17:37 +00:00
@property
Merge develop to v0.5.x (#179) * Log create_uri_response exceptions to logger.exception * Support grant type password - basics * Add tests for Resource Owner Password Credentials Flow * Password Grant -Response according to specification * Better tests for errors, disable grant type password by default * Add documentation for grant type password * User authentication failure to return 403 * Add id_token to response * skipping consent only works for confidential clients * fix URI fragment example not working URL `http://localhost:8100/#/auth/callback/` * OIDC_POST_END_SESSION_HOOK + tests * Explicit function naming * Remove print statements * No need for semicolons, this is Python * Update CHANGELOG.md * fixed logger message * Improved `exp` value calculation * rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK * added docs for OIDC_AFTER_END_SESSION_HOOK * Replaces `LOGIN_URL` with `OIDC_LOGIN_URL` so users can use a different login path for their oidc requests. * Adds a setting variable for custom template paths * Updates documentation * Fixed bad try/except/finally block * Adds test for OIDC_TEMPLATES settings * Determine value for op_browser_state from session_key or default * Do not use cookie for browser_state. It may not yet be there * Add docs on new setting OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY * Fix compatibility for older versions of Django * solved merging typo for missing @property
2017-05-05 03:19:57 +00:00
def OIDC_LOGIN_URL(self):
Set default settings using class attr.
2015-03-04 20:17:37 +00:00
"""
Merge develop to v0.5.x (#179) * Log create_uri_response exceptions to logger.exception * Support grant type password - basics * Add tests for Resource Owner Password Credentials Flow * Password Grant -Response according to specification * Better tests for errors, disable grant type password by default * Add documentation for grant type password * User authentication failure to return 403 * Add id_token to response * skipping consent only works for confidential clients * fix URI fragment example not working URL `http://localhost:8100/#/auth/callback/` * OIDC_POST_END_SESSION_HOOK + tests * Explicit function naming * Remove print statements * No need for semicolons, this is Python * Update CHANGELOG.md * fixed logger message * Improved `exp` value calculation * rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK * added docs for OIDC_AFTER_END_SESSION_HOOK * Replaces `LOGIN_URL` with `OIDC_LOGIN_URL` so users can use a different login path for their oidc requests. * Adds a setting variable for custom template paths * Updates documentation * Fixed bad try/except/finally block * Adds test for OIDC_TEMPLATES settings * Determine value for op_browser_state from session_key or default * Do not use cookie for browser_state. It may not yet be there * Add docs on new setting OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY * Fix compatibility for older versions of Django * solved merging typo for missing @property
2017-05-05 03:19:57 +00:00
REQUIRED. Used to log the user in. By default Django's LOGIN_URL will be used.
Set default settings using class attr.
2015-03-04 20:17:37 +00:00
"""
Merge develop to v0.5.x (#179) * Log create_uri_response exceptions to logger.exception * Support grant type password - basics * Add tests for Resource Owner Password Credentials Flow * Password Grant -Response according to specification * Better tests for errors, disable grant type password by default * Add documentation for grant type password * User authentication failure to return 403 * Add id_token to response * skipping consent only works for confidential clients * fix URI fragment example not working URL `http://localhost:8100/#/auth/callback/` * OIDC_POST_END_SESSION_HOOK + tests * Explicit function naming * Remove print statements * No need for semicolons, this is Python * Update CHANGELOG.md * fixed logger message * Improved `exp` value calculation * rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK * added docs for OIDC_AFTER_END_SESSION_HOOK * Replaces `LOGIN_URL` with `OIDC_LOGIN_URL` so users can use a different login path for their oidc requests. * Adds a setting variable for custom template paths * Updates documentation * Fixed bad try/except/finally block * Adds test for OIDC_TEMPLATES settings * Determine value for op_browser_state from session_key or default * Do not use cookie for browser_state. It may not yet be there * Add docs on new setting OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY * Fix compatibility for older versions of Django * solved merging typo for missing @property
2017-05-05 03:19:57 +00:00
return settings.LOGIN_URL
Add custom SUB generator for ID TOKEN.
2015-03-02 20:37:54 +00:00
Set default settings using class attr.
2015-03-04 20:17:37 +00:00
@property
def SITE_URL(self):
"""
Make `SITE_URL` optional.
2016-05-25 21:58:58 +00:00
OPTIONAL. The OP server url.
Set default settings using class attr.
2015-03-04 20:17:37 +00:00
"""
return None
Add custom SUB generator for ID TOKEN.
2015-03-02 20:37:54 +00:00
Add OIDC_AFTER_USERLOGIN_HOOK setting.
2015-03-19 17:04:32 +00:00
@property
def OIDC_AFTER_USERLOGIN_HOOK(self):
"""
Add OIDC_RSA_KEY_FOLDER to settings.
2015-07-14 16:01:29 +00:00
OPTIONAL. Provide a way to plug into the process after
the user has logged in, typically to perform some business logic.
Add OIDC_AFTER_USERLOGIN_HOOK setting.
2015-03-19 17:04:32 +00:00
"""
Make OIDC_AFTER_USERLOGIN_HOOK to be lazy imported by string.
2016-01-19 20:37:32 +00:00
return 'oidc_provider.lib.utils.common.default_after_userlogin_hook'
Add OIDC_AFTER_USERLOGIN_HOOK setting.
2015-03-19 17:04:32 +00:00
Merge develop to v0.5.x (#179) * Log create_uri_response exceptions to logger.exception * Support grant type password - basics * Add tests for Resource Owner Password Credentials Flow * Password Grant -Response according to specification * Better tests for errors, disable grant type password by default * Add documentation for grant type password * User authentication failure to return 403 * Add id_token to response * skipping consent only works for confidential clients * fix URI fragment example not working URL `http://localhost:8100/#/auth/callback/` * OIDC_POST_END_SESSION_HOOK + tests * Explicit function naming * Remove print statements * No need for semicolons, this is Python * Update CHANGELOG.md * fixed logger message * Improved `exp` value calculation * rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK * added docs for OIDC_AFTER_END_SESSION_HOOK * Replaces `LOGIN_URL` with `OIDC_LOGIN_URL` so users can use a different login path for their oidc requests. * Adds a setting variable for custom template paths * Updates documentation * Fixed bad try/except/finally block * Adds test for OIDC_TEMPLATES settings * Determine value for op_browser_state from session_key or default * Do not use cookie for browser_state. It may not yet be there * Add docs on new setting OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY * Fix compatibility for older versions of Django * solved merging typo for missing @property
2017-05-05 03:19:57 +00:00
@property
def OIDC_AFTER_END_SESSION_HOOK(self):
"""
OPTIONAL. Provide a way to plug into the end session process just before calling
Django's logout function, typically to perform some business logic.
"""
return 'oidc_provider.lib.utils.common.default_after_end_session_hook'
Set default settings using class attr.
2015-03-04 20:17:37 +00:00
@property
def OIDC_CODE_EXPIRE(self):
"""
Add OIDC_RSA_KEY_FOLDER to settings.
2015-07-14 16:01:29 +00:00
OPTIONAL. Code expiration time expressed in seconds.
Set default settings using class attr.
2015-03-04 20:17:37 +00:00
"""
return 60*10
Change "DOP" with "OIDC" in settings.
2015-02-26 19:14:36 +00:00
Set default settings using class attr.
2015-03-04 20:17:37 +00:00
@property
def OIDC_EXTRA_SCOPE_CLAIMS(self):
"""
Add OIDC_RSA_KEY_FOLDER to settings.
2015-07-14 16:01:29 +00:00
OPTIONAL. A string with the location of your class.
Change setting OIDC_USERINFO.
2016-07-07 15:50:27 +00:00
Used to add extra scopes specific for your app.
Set default settings using class attr.
2015-03-04 20:17:37 +00:00
"""
Change setting OIDC_USERINFO.
2016-07-07 15:50:27 +00:00
return None
Set default settings using class attr.
2015-03-04 20:17:37 +00:00
@property
def OIDC_IDTOKEN_EXPIRE(self):
"""
Add OIDC_RSA_KEY_FOLDER to settings.
2015-07-14 16:01:29 +00:00
OPTIONAL. Id token expiration time expressed in seconds.
Set default settings using class attr.
2015-03-04 20:17:37 +00:00
"""
return 60*10
@property
def OIDC_IDTOKEN_SUB_GENERATOR(self):
"""
Add OIDC_RSA_KEY_FOLDER to settings.
2015-07-14 16:01:29 +00:00
OPTIONAL. Subject Identifier. A locally unique and never
reassigned identifier within the Issuer for the End-User,
which is intended to be consumed by the Client.
Set default settings using class attr.
2015-03-04 20:17:37 +00:00
"""
Make OIDC_IDTOKEN_SUB_GENERATOR to be lazy imported by the location of the function.
2016-01-12 18:17:22 +00:00
return 'oidc_provider.lib.utils.common.default_sub_generator'
Set default settings using class attr.
2015-03-04 20:17:37 +00:00
Merge branch 'feature/token_retun_claims' of https://github.com/dhrp/django-oidc-provider into dhrp-feature/token_retun_claims
2018-04-10 21:41:38 +00:00
@property
def OIDC_IDTOKEN_INCLUDE_CLAIMS(self):
"""
OPTIONAL. If enabled, id_token will include standard claims of the user.
"""
return False
Initial Session Management version.
2016-10-28 18:25:52 +00:00
@property
def OIDC_SESSION_MANAGEMENT_ENABLE(self):
"""
OPTIONAL. If enabled, the Server will support Session Management 1.0 specification.
"""
return False
Merge develop to v0.5.x (#179) * Log create_uri_response exceptions to logger.exception * Support grant type password - basics * Add tests for Resource Owner Password Credentials Flow * Password Grant -Response according to specification * Better tests for errors, disable grant type password by default * Add documentation for grant type password * User authentication failure to return 403 * Add id_token to response * skipping consent only works for confidential clients * fix URI fragment example not working URL `http://localhost:8100/#/auth/callback/` * OIDC_POST_END_SESSION_HOOK + tests * Explicit function naming * Remove print statements * No need for semicolons, this is Python * Update CHANGELOG.md * fixed logger message * Improved `exp` value calculation * rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK * added docs for OIDC_AFTER_END_SESSION_HOOK * Replaces `LOGIN_URL` with `OIDC_LOGIN_URL` so users can use a different login path for their oidc requests. * Adds a setting variable for custom template paths * Updates documentation * Fixed bad try/except/finally block * Adds test for OIDC_TEMPLATES settings * Determine value for op_browser_state from session_key or default * Do not use cookie for browser_state. It may not yet be there * Add docs on new setting OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY * Fix compatibility for older versions of Django * solved merging typo for missing @property
2017-05-05 03:19:57 +00:00
@property
def OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY(self):
"""
OPTIONAL. Supply a fixed string to use as browser-state key for unauthenticated clients.
"""
# Memoize generated value
if not self._unauthenticated_session_management_key:
self._unauthenticated_session_management_key = ''.join(
random.choice(string.ascii_uppercase + string.digits) for _ in range(100))
return self._unauthenticated_session_management_key
Add settings for user consent.
2015-06-22 21:41:42 +00:00
@property
Rename setting.
2015-06-24 15:40:00 +00:00
def OIDC_SKIP_CONSENT_EXPIRE(self):
Add settings for user consent.
2015-06-22 21:41:42 +00:00
"""
Add OIDC_RSA_KEY_FOLDER to settings.
2015-07-14 16:01:29 +00:00
OPTIONAL. User consent expiration after been granted.
Add settings for user consent.
2015-06-22 21:41:42 +00:00
"""
Rename setting.
2015-06-24 15:40:00 +00:00
return 30*3
Add settings for user consent.
2015-06-22 21:41:42 +00:00
@property
Rename setting.
2015-06-24 15:40:00 +00:00
def OIDC_TOKEN_EXPIRE(self):
Add settings for user consent.
2015-06-22 21:41:42 +00:00
"""
Add OIDC_RSA_KEY_FOLDER to settings.
2015-07-14 16:01:29 +00:00
OPTIONAL. Token object expiration after been created.
Expressed in seconds.
Add settings for user consent.
2015-06-22 21:41:42 +00:00
"""
Rename setting.
2015-06-24 15:40:00 +00:00
return 60*60
Now OIDC_EXTRA_SCOPE_CLAIMS must be a string (lazy imported).
2015-06-19 18:19:46 +00:00
Add custom user info model feature.
2015-08-11 18:58:52 +00:00
@property
def OIDC_USERINFO(self):
"""
Change setting OIDC_USERINFO.
2016-07-07 15:50:27 +00:00
OPTIONAL. A string with the location of your function.
Used to populate standard claims with your user information.
Add custom user info model feature.
2015-08-11 18:58:52 +00:00
"""
Change setting OIDC_USERINFO.
2016-07-07 15:50:27 +00:00
return 'oidc_provider.lib.utils.common.default_userinfo'
Add custom user info model feature.
2015-08-11 18:58:52 +00:00
Added OIDC_ID_TOKEN_PROCESSING_HOOK functionality
2016-02-12 16:02:35 +00:00
@property
Rename setting.
2016-02-12 17:51:43 +00:00
def OIDC_IDTOKEN_PROCESSING_HOOK(self):
Added OIDC_ID_TOKEN_PROCESSING_HOOK functionality
2016-02-12 16:02:35 +00:00
"""
OPTIONAL. A string with the location of your hook.
Used to add extra dictionary values specific for your app into id_token.
"""
Rename setting.
2016-02-12 17:51:43 +00:00
return 'oidc_provider.lib.utils.common.default_idtoken_processing_hook'
Added OIDC_ID_TOKEN_PROCESSING_HOOK functionality
2016-02-12 16:02:35 +00:00
Add token introspection endpoint to satisfy https://tools.ietf.org/html/rfc7662
2018-02-05 15:29:08 +00:00
@property
def OIDC_INTROSPECTION_PROCESSING_HOOK(self):
Remove the Resource model
2018-04-23 13:59:56 +00:00
"""
OPTIONAL. A string with the location of your function.
Used to update the response for a valid introspection token request.
"""
Add token introspection endpoint to satisfy https://tools.ietf.org/html/rfc7662
2018-02-05 15:29:08 +00:00
return 'oidc_provider.lib.utils.common.default_introspection_processing_hook'
Remove the Resource model
2018-04-23 13:59:56 +00:00
@property
def OIDC_INTROSPECTION_VALIDATE_AUDIENCE_SCOPE(self):
"""
OPTIONAL: A boolean to specify whether or not to verify that the introspection
resource has the requesting client id as one of its scopes.
"""
return True
Merge develop to v0.5.x (#179) * Log create_uri_response exceptions to logger.exception * Support grant type password - basics * Add tests for Resource Owner Password Credentials Flow * Password Grant -Response according to specification * Better tests for errors, disable grant type password by default * Add documentation for grant type password * User authentication failure to return 403 * Add id_token to response * skipping consent only works for confidential clients * fix URI fragment example not working URL `http://localhost:8100/#/auth/callback/` * OIDC_POST_END_SESSION_HOOK + tests * Explicit function naming * Remove print statements * No need for semicolons, this is Python * Update CHANGELOG.md * fixed logger message * Improved `exp` value calculation * rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK * added docs for OIDC_AFTER_END_SESSION_HOOK * Replaces `LOGIN_URL` with `OIDC_LOGIN_URL` so users can use a different login path for their oidc requests. * Adds a setting variable for custom template paths * Updates documentation * Fixed bad try/except/finally block * Adds test for OIDC_TEMPLATES settings * Determine value for op_browser_state from session_key or default * Do not use cookie for browser_state. It may not yet be there * Add docs on new setting OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY * Fix compatibility for older versions of Django * solved merging typo for missing @property
2017-05-05 03:19:57 +00:00
@property
def OIDC_GRANT_TYPE_PASSWORD_ENABLE(self):
"""
OPTIONAL. A boolean to set whether to allow the Resource Owner Password
Credentials Grant. https://tools.ietf.org/html/rfc6749#section-4.3
From the specification:
Since this access token request utilizes the resource owner's
password, the authorization server MUST protect the endpoint
against brute force attacks (e.g., using rate-limitation or
generating alerts).
How you do this, is up to you.
"""
return False
@property
def OIDC_TEMPLATES(self):
return {
'authorize': 'oidc_provider/authorize.html',
'error': 'oidc_provider/error.html'
}
Add pep8 compliance and checker
2017-08-08 22:41:42 +00:00
Move class instantiation in settings.
2015-03-06 15:55:50 +00:00
default_settings = DefaultSettings()
Add custom SUB generator for ID TOKEN.
2015-03-02 20:37:54 +00:00
Now OIDC_EXTRA_SCOPE_CLAIMS must be a string (lazy imported).
2015-06-19 18:19:46 +00:00
def import_from_str(value):
"""
Attempt to import a class from a string representation.
"""
try:
parts = value.split('.')
module_path, class_name = '.'.join(parts[:-1]), parts[-1]
module = importlib.import_module(module_path)
return getattr(module, class_name)
except ImportError as e:
msg = 'Could not import %s for settings. %s: %s.' % (value, e.__class__.__name__, e)
raise ImportError(msg)
def get(name, import_str=False):
"""
Add custom SUB generator for ID TOKEN.
2015-03-02 20:37:54 +00:00
Helper function to use inside the package.
Now OIDC_EXTRA_SCOPE_CLAIMS must be a string (lazy imported).
2015-06-19 18:19:46 +00:00
"""
Fixed PEB8 warning about initialization and comparison to None
2016-02-15 19:42:08 +00:00
value = None
Merge develop to v0.5.x (#179) * Log create_uri_response exceptions to logger.exception * Support grant type password - basics * Add tests for Resource Owner Password Credentials Flow * Password Grant -Response according to specification * Better tests for errors, disable grant type password by default * Add documentation for grant type password * User authentication failure to return 403 * Add id_token to response * skipping consent only works for confidential clients * fix URI fragment example not working URL `http://localhost:8100/#/auth/callback/` * OIDC_POST_END_SESSION_HOOK + tests * Explicit function naming * Remove print statements * No need for semicolons, this is Python * Update CHANGELOG.md * fixed logger message * Improved `exp` value calculation * rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK * added docs for OIDC_AFTER_END_SESSION_HOOK * Replaces `LOGIN_URL` with `OIDC_LOGIN_URL` so users can use a different login path for their oidc requests. * Adds a setting variable for custom template paths * Updates documentation * Fixed bad try/except/finally block * Adds test for OIDC_TEMPLATES settings * Determine value for op_browser_state from session_key or default * Do not use cookie for browser_state. It may not yet be there * Add docs on new setting OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY * Fix compatibility for older versions of Django * solved merging typo for missing @property
2017-05-05 03:19:57 +00:00
default_value = getattr(default_settings, name)
Add custom SUB generator for ID TOKEN.
2015-03-02 20:37:54 +00:00
try:
value = getattr(settings, name)
except AttributeError:
Merge develop to v0.5.x (#179) * Log create_uri_response exceptions to logger.exception * Support grant type password - basics * Add tests for Resource Owner Password Credentials Flow * Password Grant -Response according to specification * Better tests for errors, disable grant type password by default * Add documentation for grant type password * User authentication failure to return 403 * Add id_token to response * skipping consent only works for confidential clients * fix URI fragment example not working URL `http://localhost:8100/#/auth/callback/` * OIDC_POST_END_SESSION_HOOK + tests * Explicit function naming * Remove print statements * No need for semicolons, this is Python * Update CHANGELOG.md * fixed logger message * Improved `exp` value calculation * rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK * added docs for OIDC_AFTER_END_SESSION_HOOK * Replaces `LOGIN_URL` with `OIDC_LOGIN_URL` so users can use a different login path for their oidc requests. * Adds a setting variable for custom template paths * Updates documentation * Fixed bad try/except/finally block * Adds test for OIDC_TEMPLATES settings * Determine value for op_browser_state from session_key or default * Do not use cookie for browser_state. It may not yet be there * Add docs on new setting OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY * Fix compatibility for older versions of Django * solved merging typo for missing @property
2017-05-05 03:19:57 +00:00
if name in default_settings.required_attrs:
Add custom SUB generator for ID TOKEN.
2015-03-02 20:37:54 +00:00
raise Exception('You must set ' + name + ' in your settings.')
Merge develop to v0.5.x (#179) * Log create_uri_response exceptions to logger.exception * Support grant type password - basics * Add tests for Resource Owner Password Credentials Flow * Password Grant -Response according to specification * Better tests for errors, disable grant type password by default * Add documentation for grant type password * User authentication failure to return 403 * Add id_token to response * skipping consent only works for confidential clients * fix URI fragment example not working URL `http://localhost:8100/#/auth/callback/` * OIDC_POST_END_SESSION_HOOK + tests * Explicit function naming * Remove print statements * No need for semicolons, this is Python * Update CHANGELOG.md * fixed logger message * Improved `exp` value calculation * rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK * added docs for OIDC_AFTER_END_SESSION_HOOK * Replaces `LOGIN_URL` with `OIDC_LOGIN_URL` so users can use a different login path for their oidc requests. * Adds a setting variable for custom template paths * Updates documentation * Fixed bad try/except/finally block * Adds test for OIDC_TEMPLATES settings * Determine value for op_browser_state from session_key or default * Do not use cookie for browser_state. It may not yet be there * Add docs on new setting OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY * Fix compatibility for older versions of Django * solved merging typo for missing @property
2017-05-05 03:19:57 +00:00
if isinstance(default_value, dict) and value:
default_value.update(value)
value = default_value
else:
fix settings to support falsy valued overrides Up until recently there were settings with truthy defaults but with no need to be set to a false value. That changed with OIDC_INTROSPECTION_VALIDATE_AUDIENCE_SCOPE. Now there is a setting that has both a true default and a meaningful false value, and without this fix that setting cannot be changed making it not much of a setting at all.
2018-07-03 18:17:10 +00:00
if value is None:
value = default_value
Merge develop to v0.5.x (#179) * Log create_uri_response exceptions to logger.exception * Support grant type password - basics * Add tests for Resource Owner Password Credentials Flow * Password Grant -Response according to specification * Better tests for errors, disable grant type password by default * Add documentation for grant type password * User authentication failure to return 403 * Add id_token to response * skipping consent only works for confidential clients * fix URI fragment example not working URL `http://localhost:8100/#/auth/callback/` * OIDC_POST_END_SESSION_HOOK + tests * Explicit function naming * Remove print statements * No need for semicolons, this is Python * Update CHANGELOG.md * fixed logger message * Improved `exp` value calculation * rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK * added docs for OIDC_AFTER_END_SESSION_HOOK * Replaces `LOGIN_URL` with `OIDC_LOGIN_URL` so users can use a different login path for their oidc requests. * Adds a setting variable for custom template paths * Updates documentation * Fixed bad try/except/finally block * Adds test for OIDC_TEMPLATES settings * Determine value for op_browser_state from session_key or default * Do not use cookie for browser_state. It may not yet be there * Add docs on new setting OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY * Fix compatibility for older versions of Django * solved merging typo for missing @property
2017-05-05 03:19:57 +00:00
value = import_from_str(value) if import_str else value
Fix in settings when importing from string.
2015-06-19 18:37:42 +00:00
Now OIDC_EXTRA_SCOPE_CLAIMS must be a string (lazy imported).
2015-06-19 18:19:46 +00:00
return value
Reference in a new issue Copy permalink