Merge pull request #141 from uhavin/feature-granttype-password

[WIP] Support grant type password - basics
This commit is contained in:
Juan Ignacio Fiorentino 2016-12-05 12:13:40 -03:00 committed by GitHub
commit 218cc0afed

View file

@ -27,12 +27,10 @@ from oidc_provider.models import (
)
from oidc_provider import settings
logger = logging.getLogger(__name__)
class TokenEndpoint(object):
def __init__(self, request):
self.request = request
self.params = {}
@ -53,6 +51,9 @@ class TokenEndpoint(object):
# PKCE parameter.
self.params['code_verifier'] = self.request.POST.get('code_verifier')
self.params['username'] = self.request.POST.get('username', '')
self.params['password'] = self.request.POST.get('password', '')
def _extract_client_auth(self):
"""
Get client credentials using HTTP Basic Authentication method.
@ -120,6 +121,25 @@ class TokenEndpoint(object):
if not (new_code_challenge == self.code.code_challenge):
raise TokenError('invalid_grant')
elif self.params['grant_type'] == 'password':
from django.contrib.auth import authenticate
user = authenticate(username=self.params['username'], password=self.params['password'])
if not user:
raise TokenError('Invalid user credentials')
self.token = create_token(user, self.client, self.params['scope'].split(' '))
self.token.id_token = create_id_token(
user=user,
aud=self.client.client_id,
nonce='self.code.nonce',
at_hash=self.token.at_hash,
request=self.request,
scope=self.params['scope'],
)
self.token.save()
elif self.params['grant_type'] == 'refresh_token':
if not self.params['refresh_token']:
logger.debug('[Token] Missing refresh token')
@ -142,6 +162,8 @@ class TokenEndpoint(object):
return self.create_code_response_dic()
elif self.params['grant_type'] == 'refresh_token':
return self.create_refresh_response_dic()
elif self.params['grant_type'] == 'password':
return {'access_token': self.token.access_token}
def create_code_response_dic(self):
token = create_token(