django-oidc-provider/oidc_provider/lib/utils/token.py

from datetime import timedelta
import time
import uuid

from django.utils import timezone
import jwt

from oidc_provider.lib.utils.common import get_issuer, get_rsa_key
from oidc_provider.models import *
from oidc_provider import settings


def create_id_token(user, aud, nonce=None):
    """
    Receives a user object and aud (audience).
    Then creates the id_token dictionary.
    See: http://openid.net/specs/openid-connect-core-1_0.html#IDToken

    Return a dic.
    """
    sub = settings.get('OIDC_IDTOKEN_SUB_GENERATOR')(user=user)

    expires_in = settings.get('OIDC_IDTOKEN_EXPIRE')

    now = timezone.now()
    # Convert datetimes into timestamps.
    iat_time = time.mktime(now.timetuple())
    exp_time = time.mktime((now + timedelta(seconds=expires_in)).timetuple())

    user_auth_time = user.last_login or user.date_joined
    auth_time = time.mktime(user_auth_time.timetuple())

    dic = {
        'iss': get_issuer(),
        'sub': sub,
        'aud': aud,
        'exp': exp_time,
        'iat': iat_time,
        'auth_time': auth_time,
    }

    if nonce:
        dic['nonce'] = nonce

    return dic


def encode_id_token(dic):
    """
    Represent the ID Token as a JSON Web Token (JWT).

    Return a hash.
    """
    return jwt.encode(dic, get_rsa_key(), algorithm='RS256').decode('utf-8')


def create_token(user, client, id_token_dic, scope):
    """
    Create and populate a Token object.

    Return a Token object.
    """
    token = Token()
    token.user = user
    token.client = client
    token.access_token = uuid.uuid4().hex

    token.id_token = id_token_dic

    token.refresh_token = uuid.uuid4().hex
    token.expires_at = timezone.now() + timedelta(
        seconds=settings.get('OIDC_TOKEN_EXPIRE'))
    token.scope = scope

    return token


def create_code(user, client, scope):
    """
    Create and populate a Code object.

    Return a Code object.
    """
    code = Code()
    code.user = user
    code.client = client
    code.code = uuid.uuid4().hex
    code.expires_at = timezone.now() + timedelta(
        seconds=settings.get('OIDC_CODE_EXPIRE'))
    code.scope = scope

    return code
Add Implicit flow support. 2015-01-08 20:55:24 +00:00			`from datetime import timedelta`
Add custom SUB generator for ID TOKEN. 2015-03-02 20:37:54 +00:00			`import time`
			`import uuid`

Add Implicit flow support. 2015-01-08 20:55:24 +00:00			`from django.utils import timezone`
Add custom SUB generator for ID TOKEN. 2015-03-02 20:37:54 +00:00			`import jwt`

Encode id_toke with using RSA now. 2015-07-13 20:37:13 +00:00			`from oidc_provider.lib.utils.common import get_issuer, get_rsa_key`
Change name of the package. 2015-02-18 18:07:22 +00:00			`from oidc_provider.models import *`
			`from oidc_provider import settings`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00

Add nonce in id_token when included in auth request http://openid.net/specs/openid-connect-core-1_0.html#IDToken If present in the Authentication Request, Authorization Servers MUST include a nonce Claim in the ID Token with the Claim Value being the nonce value sent in the Authentication Request. This patch adds the nonce to the id_token. 2015-07-10 12:44:26 +00:00			`def create_id_token(user, aud, nonce=None):`
Pull request PEP8 compliant from nicchub:master. 2015-01-28 18:19:36 +00:00			`"""`
Refactoring for create_id_token function. 2015-04-29 21:55:48 +00:00			`Receives a user object and aud (audience).`
			`Then creates the id_token dictionary.`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00			`See: http://openid.net/specs/openid-connect-core-1_0.html#IDToken`

			`Return a dic.`
Pull request PEP8 compliant from nicchub:master. 2015-01-28 18:19:36 +00:00			`"""`
Encode id_toke with using RSA now. 2015-07-13 20:37:13 +00:00			`sub = settings.get('OIDC_IDTOKEN_SUB_GENERATOR')(user=user)`
Refactoring for create_id_token function. 2015-04-29 21:55:48 +00:00
Change "DOP" with "OIDC" in settings. 2015-02-26 19:14:36 +00:00			`expires_in = settings.get('OIDC_IDTOKEN_EXPIRE')`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00
			`now = timezone.now()`
			`# Convert datetimes into timestamps.`
			`iat_time = time.mktime(now.timetuple())`
			`exp_time = time.mktime((now + timedelta(seconds=expires_in)).timetuple())`
Refactoring for create_id_token function. 2015-04-29 21:55:48 +00:00
			`user_auth_time = user.last_login or user.date_joined`
			`auth_time = time.mktime(user_auth_time.timetuple())`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00
			`dic = {`
Refactoring for create_id_token function. 2015-04-29 21:55:48 +00:00			`'iss': get_issuer(),`
Add custom SUB generator for ID TOKEN. 2015-03-02 20:37:54 +00:00			`'sub': sub,`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00			`'aud': aud,`
			`'exp': exp_time,`
			`'iat': iat_time,`
Refactoring for create_id_token function. 2015-04-29 21:55:48 +00:00			`'auth_time': auth_time,`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00			`}`

Add nonce in id_token when included in auth request http://openid.net/specs/openid-connect-core-1_0.html#IDToken If present in the Authentication Request, Authorization Servers MUST include a nonce Claim in the ID Token with the Claim Value being the nonce value sent in the Authentication Request. This patch adds the nonce to the id_token. 2015-07-10 12:44:26 +00:00			`if nonce:`
			`dic['nonce'] = nonce`

Add Implicit flow support. 2015-01-08 20:55:24 +00:00			`return dic`

Pull request PEP8 compliant from nicchub:master. 2015-01-28 18:19:36 +00:00
Encode id_toke with using RSA now. 2015-07-13 20:37:13 +00:00			`def encode_id_token(dic):`
Pull request PEP8 compliant from nicchub:master. 2015-01-28 18:19:36 +00:00			`"""`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00			`Represent the ID Token as a JSON Web Token (JWT).`

			`Return a hash.`
Pull request PEP8 compliant from nicchub:master. 2015-01-28 18:19:36 +00:00			`"""`
Encode id_toke with using RSA now. 2015-07-13 20:37:13 +00:00			`return jwt.encode(dic, get_rsa_key(), algorithm='RS256').decode('utf-8')`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00
Pull request PEP8 compliant from nicchub:master. 2015-01-28 18:19:36 +00:00
Add Implicit flow support. 2015-01-08 20:55:24 +00:00			`def create_token(user, client, id_token_dic, scope):`
Pull request PEP8 compliant from nicchub:master. 2015-01-28 18:19:36 +00:00			`"""`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00			`Create and populate a Token object.`

			`Return a Token object.`
Pull request PEP8 compliant from nicchub:master. 2015-01-28 18:19:36 +00:00			`"""`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00			`token = Token()`
			`token.user = user`
			`token.client = client`
			`token.access_token = uuid.uuid4().hex`

			`token.id_token = id_token_dic`

			`token.refresh_token = uuid.uuid4().hex`
A few changes in settings. Add more variables to it. 2015-01-28 20:00:04 +00:00			`token.expires_at = timezone.now() + timedelta(`
Change "DOP" with "OIDC" in settings. 2015-02-26 19:14:36 +00:00			`seconds=settings.get('OIDC_TOKEN_EXPIRE'))`
Add Implicit flow support. 2015-01-08 20:55:24 +00:00			`token.scope = scope`

Move Grant Code creation logic into a functon. 2015-03-12 15:40:36 +00:00			`return token`


			`def create_code(user, client, scope):`
			`"""`
			`Create and populate a Code object.`

			`Return a Code object.`
			`"""`
			`code = Code()`
			`code.user = user`
			`code.client = client`
			`code.code = uuid.uuid4().hex`
			`code.expires_at = timezone.now() + timedelta(`
			`seconds=settings.get('OIDC_CODE_EXPIRE'))`
			`code.scope = scope`

Add nonce in id_token when included in auth request http://openid.net/specs/openid-connect-core-1_0.html#IDToken If present in the Authentication Request, Authorization Servers MUST include a nonce Claim in the ID Token with the Claim Value being the nonce value sent in the Authentication Request. This patch adds the nonce to the id_token. 2015-07-10 12:44:26 +00:00			`return code`