Refactoring for create_id_token function.

oidc_provider/lib/endpoints/authorize.py

@@ -4,7 +4,6 @@ import uuid
 from django.utils import timezone
 
 from oidc_provider.lib.errors import *
-from oidc_provider.lib.utils.common import get_issuer
 from oidc_provider.lib.utils.params import *
 from oidc_provider.lib.utils.token import *
 from oidc_provider.models import *
@@ -95,7 +94,6 @@ class AuthorizeEndpoint(object):
             self.validate_params()
 
             if self.grant_type == 'authorization_code':
-
                 code = create_code(
                     user=self.request.user,
                     client=self.client,
@@ -107,16 +105,9 @@ class AuthorizeEndpoint(object):
                 uri = self.params.redirect_uri + '?code={0}'.format(code.code)
 
             else:  # Implicit Flow
-
-                # TODO refactor since it's the same as the token endpoint
-                sub = settings.get('OIDC_IDTOKEN_SUB_GENERATOR')(
-                    user=self.request.user)
-
                 id_token_dic = create_id_token(
-                    iss=get_issuer(),
+                    user=self.request.user,
-                    sub=sub,
+                    aud=self.client.client_id)
-                    aud=self.client.client_id,
-                    auth_time=self.request.user.last_login)
 
                 token = create_token(
                     user=self.request.user,

oidc_provider/lib/endpoints/token.py

@@ -3,7 +3,6 @@ import urllib
 from django.http import JsonResponse
 
 from oidc_provider.lib.errors import *
-from oidc_provider.lib.utils.common import get_issuer
 from oidc_provider.lib.utils.params import *
 from oidc_provider.lib.utils.token import *
 from oidc_provider.models import *
@@ -54,14 +53,9 @@ class TokenEndpoint(object):
             raise TokenError('invalid_grant')
 
     def create_response_dic(self):
-        sub = settings.get('OIDC_IDTOKEN_SUB_GENERATOR')(
-            user=self.code.user)
-
         id_token_dic = create_id_token(
-            iss=get_issuer(),
+            user=self.code.user,
-            sub=sub,
+            aud=self.client.client_id)
-            aud=self.client.client_id,
-            auth_time=self.code.user.last_login)
 
         token = create_token(
             user=self.code.user,

oidc_provider/lib/utils/token.py

@@ -5,34 +5,39 @@ import uuid
 from django.utils import timezone
 import jwt
 
+from oidc_provider.lib.utils.common import get_issuer
 from oidc_provider.models import *
 from oidc_provider import settings
 
 
-def create_id_token(iss, sub, aud, auth_time):
+def create_id_token(user, aud):
     """
-    Receives a user object, iss (issuer) and aud (audience).
+    Receives a user object and aud (audience).
-    Then creates the id_token dic.
+    Then creates the id_token dictionary.
     See: http://openid.net/specs/openid-connect-core-1_0.html#IDToken
 
     Return a dic.
     """
+    sub = settings.get('OIDC_IDTOKEN_SUB_GENERATOR')(
+        user=user)
+
     expires_in = settings.get('OIDC_IDTOKEN_EXPIRE')
 
     now = timezone.now()
-
     # Convert datetimes into timestamps.
     iat_time = time.mktime(now.timetuple())
     exp_time = time.mktime((now + timedelta(seconds=expires_in)).timetuple())
-    user_auth_time = time.mktime(auth_time.timetuple())
+
+    user_auth_time = user.last_login or user.date_joined
+    auth_time = time.mktime(user_auth_time.timetuple())
 
     dic = {
-        'iss': iss,
+        'iss': get_issuer(),
         'sub': sub,
         'aud': aud,
         'exp': exp_time,
         'iat': iat_time,
-        'auth_time': user_auth_time,
+        'auth_time': auth_time,
     }
 
     return dic