Add custom SUB generator for ID TOKEN.
This commit is contained in:
parent
08c81fef0b
commit
3190599967
3 changed files with 49 additions and 33 deletions
|
@ -1,10 +1,12 @@
|
|||
import urllib
|
||||
|
||||
from django.http import JsonResponse
|
||||
|
||||
from oidc_provider.lib.errors import *
|
||||
from oidc_provider.lib.utils.params import *
|
||||
from oidc_provider.lib.utils.token import *
|
||||
from oidc_provider.models import *
|
||||
from oidc_provider import settings
|
||||
import urllib
|
||||
|
||||
|
||||
class TokenEndpoint(object):
|
||||
|
@ -55,10 +57,15 @@ class TokenEndpoint(object):
|
|||
|
||||
def create_response_dic(self):
|
||||
|
||||
id_token_dic = create_id_token_dic(
|
||||
self.code.user,
|
||||
settings.get('SITE_URL'),
|
||||
self.client.client_id)
|
||||
sub = settings.get('OIDC_IDTOKEN_SUB_GENERATOR')(
|
||||
user=self.code.user,
|
||||
client=self.client)
|
||||
|
||||
id_token_dic = create_id_token(
|
||||
iss=settings.get('SITE_URL'),
|
||||
sub=sub,
|
||||
aud=self.client.client_id,
|
||||
auth_time=self.code.user.last_login)
|
||||
|
||||
token = create_token(
|
||||
user=self.code.user,
|
||||
|
|
|
@ -1,13 +1,15 @@
|
|||
from datetime import timedelta
|
||||
from django.utils import timezone
|
||||
from oidc_provider.models import *
|
||||
from oidc_provider import settings
|
||||
import jwt
|
||||
import time
|
||||
import uuid
|
||||
|
||||
from django.utils import timezone
|
||||
import jwt
|
||||
|
||||
def create_id_token_dic(user, iss, aud):
|
||||
from oidc_provider.models import *
|
||||
from oidc_provider import settings
|
||||
|
||||
|
||||
def create_id_token(iss, sub, aud, auth_time):
|
||||
"""
|
||||
Receives a user object, iss (issuer) and aud (audience).
|
||||
Then creates the id_token dic.
|
||||
|
@ -22,11 +24,11 @@ def create_id_token_dic(user, iss, aud):
|
|||
# Convert datetimes into timestamps.
|
||||
iat_time = time.mktime(now.timetuple())
|
||||
exp_time = time.mktime((now + timedelta(seconds=expires_in)).timetuple())
|
||||
user_auth_time = time.mktime(user.last_login.timetuple())
|
||||
user_auth_time = time.mktime(auth_time.timetuple())
|
||||
|
||||
dic = {
|
||||
'iss': iss,
|
||||
'sub': user.id,
|
||||
'sub': sub,
|
||||
'aud': aud,
|
||||
'exp': exp_time,
|
||||
'iat': iat_time,
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
from django.conf import settings
|
||||
|
||||
from oidc_provider.lib.claims import AbstractScopeClaims
|
||||
|
||||
|
||||
# Here goes all the package default settings.
|
||||
def default_sub_generator(user, client):
|
||||
|
||||
return user.id
|
||||
|
||||
|
||||
# Here goes all the package default settings.
|
||||
default_settings = {
|
||||
# Required.
|
||||
'LOGIN_URL': None,
|
||||
|
@ -13,9 +18,11 @@ default_settings = {
|
|||
'OIDC_CODE_EXPIRE': 60*10,
|
||||
'OIDC_EXTRA_SCOPE_CLAIMS': AbstractScopeClaims,
|
||||
'OIDC_IDTOKEN_EXPIRE': 60*10,
|
||||
'OIDC_IDTOKEN_SUB_GENERATOR': default_sub_generator,
|
||||
'OIDC_TOKEN_EXPIRE': 60*60,
|
||||
}
|
||||
|
||||
|
||||
def get(name):
|
||||
'''
|
||||
Helper function to use inside the package.
|
||||
|
|
Loading…
Reference in a new issue