Add custom SUB generator for ID TOKEN.

oidc_provider/lib/endpoints/token.py

@@ -1,10 +1,12 @@
+import urllib
+
 from django.http import JsonResponse
+
 from oidc_provider.lib.errors import *
 from oidc_provider.lib.utils.params import *
 from oidc_provider.lib.utils.token import *
 from oidc_provider.models import *
 from oidc_provider import settings
-import urllib
 
 
 class TokenEndpoint(object):
@@ -55,10 +57,15 @@ class TokenEndpoint(object):
 
     def create_response_dic(self):
 
-        id_token_dic = create_id_token_dic(
+        sub = settings.get('OIDC_IDTOKEN_SUB_GENERATOR')(
-            self.code.user,
+            user=self.code.user,
-            settings.get('SITE_URL'),
+            client=self.client)
-            self.client.client_id)
+
+        id_token_dic = create_id_token(
+            iss=settings.get('SITE_URL'),
+            sub=sub,
+            aud=self.client.client_id,
+            auth_time=self.code.user.last_login)
 
         token = create_token(
             user=self.code.user,

oidc_provider/lib/utils/token.py

@@ -1,13 +1,15 @@
 from datetime import timedelta
-from django.utils import timezone
-from oidc_provider.models import *
-from oidc_provider import settings
-import jwt
 import time
 import uuid
 
+from django.utils import timezone
+import jwt
 
-def create_id_token_dic(user, iss, aud):
+from oidc_provider.models import *
+from oidc_provider import settings
+
+
+def create_id_token(iss, sub, aud, auth_time):
     """
     Receives a user object, iss (issuer) and aud (audience).
     Then creates the id_token dic.
@@ -22,11 +24,11 @@ def create_id_token_dic(user, iss, aud):
     # Convert datetimes into timestamps.
     iat_time = time.mktime(now.timetuple())
     exp_time = time.mktime((now + timedelta(seconds=expires_in)).timetuple())
-    user_auth_time = time.mktime(user.last_login.timetuple())
+    user_auth_time = time.mktime(auth_time.timetuple())
 
     dic = {
         'iss': iss,
-        'sub': user.id,
+        'sub': sub,
         'aud': aud,
         'exp': exp_time,
         'iat': iat_time,
@@ -65,4 +67,4 @@ def create_token(user, client, id_token_dic, scope):
         seconds=settings.get('OIDC_TOKEN_EXPIRE'))
     token.scope = scope
 
-    return token
+    return token

oidc_provider/settings.py

@@ -1,30 +1,37 @@
 from django.conf import settings
+
 from oidc_provider.lib.claims import AbstractScopeClaims
 
 
+def default_sub_generator(user, client):
+
+    return user.id
+
+
 # Here goes all the package default settings.
-
 default_settings = {
-	# Required.
+    # Required.
-	'LOGIN_URL': None,
+    'LOGIN_URL': None,
-	'SITE_URL': None,
+    'SITE_URL': None,
 
-	# Optional.
+    # Optional.
-	'OIDC_CODE_EXPIRE': 60*10,
+    'OIDC_CODE_EXPIRE': 60*10,
-	'OIDC_EXTRA_SCOPE_CLAIMS': AbstractScopeClaims,
+    'OIDC_EXTRA_SCOPE_CLAIMS': AbstractScopeClaims,
-	'OIDC_IDTOKEN_EXPIRE': 60*10,
+    'OIDC_IDTOKEN_EXPIRE': 60*10,
-	'OIDC_TOKEN_EXPIRE': 60*60,
+    'OIDC_IDTOKEN_SUB_GENERATOR': default_sub_generator,
+    'OIDC_TOKEN_EXPIRE': 60*60,
 }
 
-def get(name):
-	'''
-	Helper function to use inside the package.
-	'''
-	try:
-		value = default_settings[name]
-		value = getattr(settings, name)
-	except AttributeError:
-		if value == None:
-			raise Exception('You must set ' + name + ' in your settings.')
 
-	return value
+def get(name):
+    '''
+    Helper function to use inside the package.
+    '''
+    try:
+        value = default_settings[name]
+        value = getattr(settings, name)
+    except AttributeError:
+        if value == None:
+            raise Exception('You must set ' + name + ' in your settings.')
+
+    return value