This commit is contained in:
Ignacio Fiorentino 2016-05-31 14:57:47 -03:00
commit 0b6c64e049
4 changed files with 21 additions and 40 deletions

View file

@ -46,9 +46,9 @@ Expressed in seconds. Default is ``60*10``.
OIDC_EXTRA_SCOPE_CLAIMS
=======================
OPTIONAL. ``str``. A string with the location of your class. Default is ``oidc_provider.lib.claims.AbstractScopeClaims``.
OPTIONAL. ``str``. A string with the location of your class. Default is ``oidc_provider.lib.claims.ScopeClaims``.
Used to add extra scopes specific for your app. This class MUST inherit ``AbstractScopeClaims``.
Used to add extra scopes specific for your app. This class MUST inherit ``ScopeClaims``.
OpenID Connect Clients will use scope values to specify what access privileges are being requested for Access Tokens.
@ -56,24 +56,15 @@ OpenID Connect Clients will use scope values to specify what access privileges a
Check out an example of how to implement it::
from oidc_provider.lib.claims import AbstractScopeClaims
from oidc_provider.lib.claims import ScopeClaims
class MyAppScopeClaims(AbstractScopeClaims):
class MyAppScopeClaims(ScopeClaims):
def setup(self):
# Here you can load models that will be used
# in more than one scope for example.
# print self.user
# print self.scopes
try:
self.some_model = SomeModel.objects.get(user=self.user)
except SomeModel.DoesNotExist:
# Create an empty model object.
self.some_model = SomeModel()
def scope_books(self, user):
# Here you can search books for this user.
def scope_books(self):
# Here, for example, you can search books for this user.
# self.user - Django user instance.
# self.userinfo - Instance of your custom OIDC_USERINFO class.
# self.scopes - List of scopes requested.
dic = {
'books_readed': books_readed_count,
@ -83,7 +74,7 @@ Check out an example of how to implement it::
You can create our own scopes using the convention:
``def scope_SCOPENAMEHERE(self, user):``
``def scope_somename(self):``
If a field is empty or ``None`` will be cleaned from the response.

View file

@ -3,17 +3,13 @@ from django.utils.translation import ugettext as _
from oidc_provider import settings
class AbstractScopeClaims(object):
class ScopeClaims(object):
def __init__(self, user, scopes):
self.user = user
self.userinfo = settings.get('OIDC_USERINFO', import_str=True).get_by_user(self.user)
self.scopes = scopes
self.setup()
def setup(self):
pass
def create_response_dic(self):
"""
Generate the dic that will be jsonify. Checking scopes given vs
@ -25,7 +21,7 @@ class AbstractScopeClaims(object):
for scope in self.scopes:
if scope in self._scopes_registered():
dic.update(getattr(self, 'scope_' + scope)(self.user))
dic.update(getattr(self, 'scope_' + scope)())
dic = self._clean_dic(dic)
@ -61,20 +57,13 @@ class AbstractScopeClaims(object):
return aux_dic
class StandardScopeClaims(AbstractScopeClaims):
class StandardScopeClaims(ScopeClaims):
"""
Based on OpenID Standard Claims.
See: http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
"""
def setup(self):
try:
self.userinfo = settings.get('OIDC_USERINFO',
import_str=True).get_by_user(self.user)
except:
self.userinfo = None
def scope_profile(self, user):
def scope_profile(self):
dic = {
'name': getattr(self.userinfo, 'name', None),
'given_name': getattr(self.userinfo, 'given_name', None),
@ -94,7 +83,7 @@ class StandardScopeClaims(AbstractScopeClaims):
return dic
def scope_email(self, user):
def scope_email(self):
dic = {
'email': getattr(self.user, 'email', None),
'email_verified': getattr(self.userinfo, 'email_verified', None),
@ -102,7 +91,7 @@ class StandardScopeClaims(AbstractScopeClaims):
return dic
def scope_phone(self, user):
def scope_phone(self):
dic = {
'phone_number': getattr(self.userinfo, 'phone_number', None),
'phone_number_verified': getattr(self.userinfo, 'phone_number_verified', None),
@ -110,7 +99,7 @@ class StandardScopeClaims(AbstractScopeClaims):
return dic
def scope_address(self, user):
def scope_address(self):
dic = {
'address': {
'formatted': getattr(self.userinfo, 'address_formatted', None),

View file

@ -43,7 +43,7 @@ class DefaultSettings(object):
OPTIONAL. A string with the location of your class.
Used to add extra scopes specific for your app.
"""
return 'oidc_provider.lib.claims.AbstractScopeClaims'
return 'oidc_provider.lib.claims.ScopeClaims'
@property
def OIDC_IDTOKEN_EXPIRE(self):

View file

@ -168,6 +168,7 @@ def userinfo(request, *args, **kwargs):
response = JsonResponse(dic, status=200)
response['Cache-Control'] = 'no-store'
response['Pragma'] = 'no-cache'
return response