diff --git a/docs/sections/settings.rst b/docs/sections/settings.rst index 29b7837..4f07360 100644 --- a/docs/sections/settings.rst +++ b/docs/sections/settings.rst @@ -54,12 +54,23 @@ OpenID Connect Clients will use scope values to specify what access privileges a `Here `_ you have the standard scopes defined by the protocol. +You can create or modify scopes using: + +* ``info_scopename`` class property for setting the verbose name and description. +* ``scope_scopename`` method for returning some information related. + Check out an example of how to implement it:: + from django.utils.translation import ugettext as _ from oidc_provider.lib.claims import ScopeClaims class MyAppScopeClaims(ScopeClaims): + info_books = ( + _(u'Books'), # Verbose name of the scope. + _(u'Access to your books.'), # Description of the scope. + ) + def scope_books(self): # Here, for example, you can search books for this user. # self.user - Django user instance. @@ -72,11 +83,14 @@ Check out an example of how to implement it:: return dic -You can create our own scopes using the convention: + # If you want to change the description of the profile scope, you can redefine it. + info_profile = ( + _(u'Profile'), + _(u'Another description.'), + ) -``def scope_somename(self):`` - -If a field is empty or ``None`` will be cleaned from the response. +.. note:: + If a field is empty or ``None`` inside the dictionary your return on ``scope_scopename`` method, it will be cleaned from the response. OIDC_IDTOKEN_EXPIRE =================== @@ -93,9 +107,9 @@ OPTIONAL. ``str`` or ``(list, tuple)``. A string with the location of your function hook or ``list`` or ``tuple`` with hook functions. Here you can add extra dictionary values specific for your app into id_token. -The ``list`` or ``tuple`` is useful when You want to set multiple hooks, i.e. one for permissions and second for some special field. +The ``list`` or ``tuple`` is useful when you want to set multiple hooks, i.e. one for permissions and second for some special field. -The function receives a ``id_token`` dictionary and ``user`` instance +The function receives a ``id_token`` dictionary and ``user`` instance and returns it with additional fields. Default is:: diff --git a/oidc_provider/lib/claims.py b/oidc_provider/lib/claims.py index 660ae05..0e288e2 100644 --- a/oidc_provider/lib/claims.py +++ b/oidc_provider/lib/claims.py @@ -35,7 +35,6 @@ class ScopeClaims(object): scopes = [] for name in self.__class__.__dict__: - if name.startswith('scope_'): scope = name.split('scope_')[1] scopes.append(scope) @@ -56,13 +55,34 @@ class ScopeClaims(object): return aux_dic + @classmethod + def get_scopes_info(cls, scopes=[]): + scopes_info = [] + + for name in cls.__dict__: + if name.startswith('info_'): + scope_name = name.split('info_')[1] + if scope_name in scopes: + touple_info = getattr(cls, name) + scopes_info.append({ + 'scope': scope_name, + 'name': touple_info[0], + 'description': touple_info[1], + }) + + return scopes_info + class StandardScopeClaims(ScopeClaims): """ Based on OpenID Standard Claims. See: http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims """ - + + info_profile = ( + _(u'Basic profile'), + _(u'Access to your basic information. Includes names, gender, birthdate and other information.'), + ) def scope_profile(self): dic = { 'name': getattr(self.userinfo, 'name', None), @@ -83,6 +103,10 @@ class StandardScopeClaims(ScopeClaims): return dic + info_email = ( + _(u'Email'), + _(u'Access to your email address.'), + ) def scope_email(self): dic = { 'email': getattr(self.user, 'email', None), @@ -91,6 +115,10 @@ class StandardScopeClaims(ScopeClaims): return dic + info_phone = ( + _(u'Phone number'), + _(u'Access to your phone number.'), + ) def scope_phone(self): dic = { 'phone_number': getattr(self.userinfo, 'phone_number', None), @@ -99,6 +127,10 @@ class StandardScopeClaims(ScopeClaims): return dic + info_address = ( + _(u'Address information'), + _(u'Access to your address. Includes country, locality, street and other information.'), + ) def scope_address(self): dic = { 'address': { diff --git a/oidc_provider/lib/endpoints/authorize.py b/oidc_provider/lib/endpoints/authorize.py index 602ff89..01f49d8 100644 --- a/oidc_provider/lib/endpoints/authorize.py +++ b/oidc_provider/lib/endpoints/authorize.py @@ -7,6 +7,7 @@ except ImportError: from django.utils import timezone +from oidc_provider.lib.claims import StandardScopeClaims from oidc_provider.lib.errors import * from oidc_provider.lib.utils.params import * from oidc_provider.lib.utils.token import * @@ -207,3 +208,16 @@ class AuthorizeEndpoint(object): pass return value + + def get_scopes_information(self): + """ + Return a list with the description of all the scopes requested. + """ + scopes = StandardScopeClaims.get_scopes_info(self.params.scope) + scopes_extra = settings.get('OIDC_EXTRA_SCOPE_CLAIMS', import_str=True).get_scopes_info(self.params.scope) + for index_extra, scope_extra in enumerate(scopes_extra): + for index, scope in enumerate(scopes[:]): + if scope_extra['scope'] == scope['scope']: + del scopes[index] + + return scopes + scopes_extra diff --git a/oidc_provider/templates/oidc_provider/authorize.html b/oidc_provider/templates/oidc_provider/authorize.html index 95591b4..8d5e08d 100644 --- a/oidc_provider/templates/oidc_provider/authorize.html +++ b/oidc_provider/templates/oidc_provider/authorize.html @@ -3,15 +3,15 @@

Client {{ client.name }} would like to access this information of you ...

- + {% csrf_token %} {{ hidden_inputs }} diff --git a/oidc_provider/views.py b/oidc_provider/views.py index 54229c7..417958e 100644 --- a/oidc_provider/views.py +++ b/oidc_provider/views.py @@ -73,6 +73,7 @@ class AuthorizeView(View): 'client': authorize.client, 'hidden_inputs': hidden_inputs, 'params': authorize.params, + 'scopes': authorize.get_scopes_information(), } return render(request, 'oidc_provider/authorize.html', context)