diff --git a/oidc_provider/lib/endpoints/token.py b/oidc_provider/lib/endpoints/token.py index 87f73f1..37eaf44 100644 --- a/oidc_provider/lib/endpoints/token.py +++ b/oidc_provider/lib/endpoints/token.py @@ -1,10 +1,12 @@ +import urllib + from django.http import JsonResponse + from oidc_provider.lib.errors import * from oidc_provider.lib.utils.params import * from oidc_provider.lib.utils.token import * from oidc_provider.models import * from oidc_provider import settings -import urllib class TokenEndpoint(object): @@ -55,10 +57,15 @@ class TokenEndpoint(object): def create_response_dic(self): - id_token_dic = create_id_token_dic( - self.code.user, - settings.get('SITE_URL'), - self.client.client_id) + sub = settings.get('OIDC_IDTOKEN_SUB_GENERATOR')( + user=self.code.user, + client=self.client) + + id_token_dic = create_id_token( + iss=settings.get('SITE_URL'), + sub=sub, + aud=self.client.client_id, + auth_time=self.code.user.last_login) token = create_token( user=self.code.user, diff --git a/oidc_provider/lib/utils/token.py b/oidc_provider/lib/utils/token.py index d24ac7c..0dcd019 100644 --- a/oidc_provider/lib/utils/token.py +++ b/oidc_provider/lib/utils/token.py @@ -1,13 +1,15 @@ from datetime import timedelta -from django.utils import timezone -from oidc_provider.models import * -from oidc_provider import settings -import jwt import time import uuid +from django.utils import timezone +import jwt -def create_id_token_dic(user, iss, aud): +from oidc_provider.models import * +from oidc_provider import settings + + +def create_id_token(iss, sub, aud, auth_time): """ Receives a user object, iss (issuer) and aud (audience). Then creates the id_token dic. @@ -22,11 +24,11 @@ def create_id_token_dic(user, iss, aud): # Convert datetimes into timestamps. iat_time = time.mktime(now.timetuple()) exp_time = time.mktime((now + timedelta(seconds=expires_in)).timetuple()) - user_auth_time = time.mktime(user.last_login.timetuple()) + user_auth_time = time.mktime(auth_time.timetuple()) dic = { 'iss': iss, - 'sub': user.id, + 'sub': sub, 'aud': aud, 'exp': exp_time, 'iat': iat_time, @@ -65,4 +67,4 @@ def create_token(user, client, id_token_dic, scope): seconds=settings.get('OIDC_TOKEN_EXPIRE')) token.scope = scope - return token + return token \ No newline at end of file diff --git a/oidc_provider/settings.py b/oidc_provider/settings.py index f557d39..a661890 100644 --- a/oidc_provider/settings.py +++ b/oidc_provider/settings.py @@ -1,30 +1,37 @@ from django.conf import settings + from oidc_provider.lib.claims import AbstractScopeClaims +def default_sub_generator(user, client): + + return user.id + + # Here goes all the package default settings. - default_settings = { - # Required. - 'LOGIN_URL': None, - 'SITE_URL': None, + # Required. + 'LOGIN_URL': None, + 'SITE_URL': None, - # Optional. - 'OIDC_CODE_EXPIRE': 60*10, - 'OIDC_EXTRA_SCOPE_CLAIMS': AbstractScopeClaims, - 'OIDC_IDTOKEN_EXPIRE': 60*10, - 'OIDC_TOKEN_EXPIRE': 60*60, + # Optional. + 'OIDC_CODE_EXPIRE': 60*10, + 'OIDC_EXTRA_SCOPE_CLAIMS': AbstractScopeClaims, + 'OIDC_IDTOKEN_EXPIRE': 60*10, + 'OIDC_IDTOKEN_SUB_GENERATOR': default_sub_generator, + 'OIDC_TOKEN_EXPIRE': 60*60, } -def get(name): - ''' - Helper function to use inside the package. - ''' - try: - value = default_settings[name] - value = getattr(settings, name) - except AttributeError: - if value == None: - raise Exception('You must set ' + name + ' in your settings.') - return value +def get(name): + ''' + Helper function to use inside the package. + ''' + try: + value = default_settings[name] + value = getattr(settings, name) + except AttributeError: + if value == None: + raise Exception('You must set ' + name + ' in your settings.') + + return value \ No newline at end of file