Add custom SUB generator for ID TOKEN.

2015-03-02 17:37:54 -03:00 · 2015-03-02 17:37:54 -03:00 · 3190599967
parent 08c81fef0b
commit 3190599967
3 changed files with 49 additions and 33 deletions
--- a/oidc_provider/lib/endpoints/token.py
+++ b/oidc_provider/lib/endpoints/token.py
@ -1,10 +1,12 @@
+import urllib
+
 from django.http import JsonResponse
+
 from oidc_provider.lib.errors import *
 from oidc_provider.lib.utils.params import *
 from oidc_provider.lib.utils.token import *
 from oidc_provider.models import *
 from oidc_provider import settings
-import urllib


 class TokenEndpoint(object):
@ -55,10 +57,15 @@ class TokenEndpoint(object):

    def create_response_dic(self):

-        id_token_dic = create_id_token_dic(
-            self.code.user,
-            settings.get('SITE_URL'),
-            self.client.client_id)
+        sub = settings.get('OIDC_IDTOKEN_SUB_GENERATOR')(
+            user=self.code.user,
+            client=self.client)
+
+        id_token_dic = create_id_token(
+            iss=settings.get('SITE_URL'),
+            sub=sub,
+            aud=self.client.client_id,
+            auth_time=self.code.user.last_login)

        token = create_token(
            user=self.code.user,
--- a/oidc_provider/lib/utils/token.py
+++ b/oidc_provider/lib/utils/token.py
@ -1,13 +1,15 @@
 from datetime import timedelta
-from django.utils import timezone
-from oidc_provider.models import *
-from oidc_provider import settings
-import jwt
 import time
 import uuid

+from django.utils import timezone
+import jwt

-def create_id_token_dic(user, iss, aud):
+from oidc_provider.models import *
+from oidc_provider import settings
+
+
+def create_id_token(iss, sub, aud, auth_time):
    """
    Receives a user object, iss (issuer) and aud (audience).
    Then creates the id_token dic.
@ -22,11 +24,11 @@ def create_id_token_dic(user, iss, aud):
    # Convert datetimes into timestamps.
    iat_time = time.mktime(now.timetuple())
    exp_time = time.mktime((now + timedelta(seconds=expires_in)).timetuple())
-    user_auth_time = time.mktime(user.last_login.timetuple())
+    user_auth_time = time.mktime(auth_time.timetuple())

    dic = {
        'iss': iss,
-        'sub': user.id,
+        'sub': sub,
        'aud': aud,
        'exp': exp_time,
        'iat': iat_time,
@ -65,4 +67,4 @@ def create_token(user, client, id_token_dic, scope):
        seconds=settings.get('OIDC_TOKEN_EXPIRE'))
    token.scope = scope

-    return token
+    return token
--- a/oidc_provider/settings.py
+++ b/oidc_provider/settings.py
@ -1,30 +1,37 @@
 from django.conf import settings
+
 from oidc_provider.lib.claims import AbstractScopeClaims


+def default_sub_generator(user, client):
+
+    return user.id
+
+
 # Here goes all the package default settings.
-
 default_settings = {
-	# Required.
-	'LOGIN_URL': None,
-	'SITE_URL': None,
+    # Required.
+    'LOGIN_URL': None,
+    'SITE_URL': None,

-	# Optional.
-	'OIDC_CODE_EXPIRE': 60*10,
-	'OIDC_EXTRA_SCOPE_CLAIMS': AbstractScopeClaims,
-	'OIDC_IDTOKEN_EXPIRE': 60*10,
-	'OIDC_TOKEN_EXPIRE': 60*60,
+    # Optional.
+    'OIDC_CODE_EXPIRE': 60*10,
+    'OIDC_EXTRA_SCOPE_CLAIMS': AbstractScopeClaims,
+    'OIDC_IDTOKEN_EXPIRE': 60*10,
+    'OIDC_IDTOKEN_SUB_GENERATOR': default_sub_generator,
+    'OIDC_TOKEN_EXPIRE': 60*60,
 }

-def get(name):
-	'''
-	Helper function to use inside the package.
-	'''
-	try:
-		value = default_settings[name]
-		value = getattr(settings, name)
-	except AttributeError:
-		if value == None:
-			raise Exception('You must set ' + name + ' in your settings.')

-	return value
+def get(name):
+    '''
+    Helper function to use inside the package.
+    '''
+    try:
+        value = default_settings[name]
+        value = getattr(settings, name)
+    except AttributeError:
+        if value == None:
+            raise Exception('You must set ' + name + ' in your settings.')
+
+    return value