Add custom SUB generator for ID TOKEN.
This commit is contained in:
parent
08c81fef0b
commit
3190599967
|
@ -1,10 +1,12 @@
|
||||||
|
import urllib
|
||||||
|
|
||||||
from django.http import JsonResponse
|
from django.http import JsonResponse
|
||||||
|
|
||||||
from oidc_provider.lib.errors import *
|
from oidc_provider.lib.errors import *
|
||||||
from oidc_provider.lib.utils.params import *
|
from oidc_provider.lib.utils.params import *
|
||||||
from oidc_provider.lib.utils.token import *
|
from oidc_provider.lib.utils.token import *
|
||||||
from oidc_provider.models import *
|
from oidc_provider.models import *
|
||||||
from oidc_provider import settings
|
from oidc_provider import settings
|
||||||
import urllib
|
|
||||||
|
|
||||||
|
|
||||||
class TokenEndpoint(object):
|
class TokenEndpoint(object):
|
||||||
|
@ -55,10 +57,15 @@ class TokenEndpoint(object):
|
||||||
|
|
||||||
def create_response_dic(self):
|
def create_response_dic(self):
|
||||||
|
|
||||||
id_token_dic = create_id_token_dic(
|
sub = settings.get('OIDC_IDTOKEN_SUB_GENERATOR')(
|
||||||
self.code.user,
|
user=self.code.user,
|
||||||
settings.get('SITE_URL'),
|
client=self.client)
|
||||||
self.client.client_id)
|
|
||||||
|
id_token_dic = create_id_token(
|
||||||
|
iss=settings.get('SITE_URL'),
|
||||||
|
sub=sub,
|
||||||
|
aud=self.client.client_id,
|
||||||
|
auth_time=self.code.user.last_login)
|
||||||
|
|
||||||
token = create_token(
|
token = create_token(
|
||||||
user=self.code.user,
|
user=self.code.user,
|
||||||
|
|
|
@ -1,13 +1,15 @@
|
||||||
from datetime import timedelta
|
from datetime import timedelta
|
||||||
from django.utils import timezone
|
|
||||||
from oidc_provider.models import *
|
|
||||||
from oidc_provider import settings
|
|
||||||
import jwt
|
|
||||||
import time
|
import time
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
|
from django.utils import timezone
|
||||||
|
import jwt
|
||||||
|
|
||||||
def create_id_token_dic(user, iss, aud):
|
from oidc_provider.models import *
|
||||||
|
from oidc_provider import settings
|
||||||
|
|
||||||
|
|
||||||
|
def create_id_token(iss, sub, aud, auth_time):
|
||||||
"""
|
"""
|
||||||
Receives a user object, iss (issuer) and aud (audience).
|
Receives a user object, iss (issuer) and aud (audience).
|
||||||
Then creates the id_token dic.
|
Then creates the id_token dic.
|
||||||
|
@ -22,11 +24,11 @@ def create_id_token_dic(user, iss, aud):
|
||||||
# Convert datetimes into timestamps.
|
# Convert datetimes into timestamps.
|
||||||
iat_time = time.mktime(now.timetuple())
|
iat_time = time.mktime(now.timetuple())
|
||||||
exp_time = time.mktime((now + timedelta(seconds=expires_in)).timetuple())
|
exp_time = time.mktime((now + timedelta(seconds=expires_in)).timetuple())
|
||||||
user_auth_time = time.mktime(user.last_login.timetuple())
|
user_auth_time = time.mktime(auth_time.timetuple())
|
||||||
|
|
||||||
dic = {
|
dic = {
|
||||||
'iss': iss,
|
'iss': iss,
|
||||||
'sub': user.id,
|
'sub': sub,
|
||||||
'aud': aud,
|
'aud': aud,
|
||||||
'exp': exp_time,
|
'exp': exp_time,
|
||||||
'iat': iat_time,
|
'iat': iat_time,
|
||||||
|
@ -65,4 +67,4 @@ def create_token(user, client, id_token_dic, scope):
|
||||||
seconds=settings.get('OIDC_TOKEN_EXPIRE'))
|
seconds=settings.get('OIDC_TOKEN_EXPIRE'))
|
||||||
token.scope = scope
|
token.scope = scope
|
||||||
|
|
||||||
return token
|
return token
|
|
@ -1,30 +1,37 @@
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
|
|
||||||
from oidc_provider.lib.claims import AbstractScopeClaims
|
from oidc_provider.lib.claims import AbstractScopeClaims
|
||||||
|
|
||||||
|
|
||||||
|
def default_sub_generator(user, client):
|
||||||
|
|
||||||
|
return user.id
|
||||||
|
|
||||||
|
|
||||||
# Here goes all the package default settings.
|
# Here goes all the package default settings.
|
||||||
|
|
||||||
default_settings = {
|
default_settings = {
|
||||||
# Required.
|
# Required.
|
||||||
'LOGIN_URL': None,
|
'LOGIN_URL': None,
|
||||||
'SITE_URL': None,
|
'SITE_URL': None,
|
||||||
|
|
||||||
# Optional.
|
# Optional.
|
||||||
'OIDC_CODE_EXPIRE': 60*10,
|
'OIDC_CODE_EXPIRE': 60*10,
|
||||||
'OIDC_EXTRA_SCOPE_CLAIMS': AbstractScopeClaims,
|
'OIDC_EXTRA_SCOPE_CLAIMS': AbstractScopeClaims,
|
||||||
'OIDC_IDTOKEN_EXPIRE': 60*10,
|
'OIDC_IDTOKEN_EXPIRE': 60*10,
|
||||||
'OIDC_TOKEN_EXPIRE': 60*60,
|
'OIDC_IDTOKEN_SUB_GENERATOR': default_sub_generator,
|
||||||
|
'OIDC_TOKEN_EXPIRE': 60*60,
|
||||||
}
|
}
|
||||||
|
|
||||||
def get(name):
|
|
||||||
'''
|
|
||||||
Helper function to use inside the package.
|
|
||||||
'''
|
|
||||||
try:
|
|
||||||
value = default_settings[name]
|
|
||||||
value = getattr(settings, name)
|
|
||||||
except AttributeError:
|
|
||||||
if value == None:
|
|
||||||
raise Exception('You must set ' + name + ' in your settings.')
|
|
||||||
|
|
||||||
return value
|
def get(name):
|
||||||
|
'''
|
||||||
|
Helper function to use inside the package.
|
||||||
|
'''
|
||||||
|
try:
|
||||||
|
value = default_settings[name]
|
||||||
|
value = getattr(settings, name)
|
||||||
|
except AttributeError:
|
||||||
|
if value == None:
|
||||||
|
raise Exception('You must set ' + name + ' in your settings.')
|
||||||
|
|
||||||
|
return value
|
Loading…
Reference in a new issue