Add verbose name and description for scopes.
This commit is contained in:
parent
d4f25c3dd2
commit
4cc7474c19
5 changed files with 73 additions and 12 deletions
|
@ -54,12 +54,23 @@ OpenID Connect Clients will use scope values to specify what access privileges a
|
||||||
|
|
||||||
`Here <http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims>`_ you have the standard scopes defined by the protocol.
|
`Here <http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims>`_ you have the standard scopes defined by the protocol.
|
||||||
|
|
||||||
|
You can create or modify scopes using:
|
||||||
|
|
||||||
|
* ``info_scopename`` class property for setting the verbose name and description.
|
||||||
|
* ``scope_scopename`` method for returning some information related.
|
||||||
|
|
||||||
Check out an example of how to implement it::
|
Check out an example of how to implement it::
|
||||||
|
|
||||||
|
from django.utils.translation import ugettext as _
|
||||||
from oidc_provider.lib.claims import ScopeClaims
|
from oidc_provider.lib.claims import ScopeClaims
|
||||||
|
|
||||||
class MyAppScopeClaims(ScopeClaims):
|
class MyAppScopeClaims(ScopeClaims):
|
||||||
|
|
||||||
|
info_books = (
|
||||||
|
_(u'Books'), # Verbose name of the scope.
|
||||||
|
_(u'Access to your books.'), # Description of the scope.
|
||||||
|
)
|
||||||
|
|
||||||
def scope_books(self):
|
def scope_books(self):
|
||||||
# Here, for example, you can search books for this user.
|
# Here, for example, you can search books for this user.
|
||||||
# self.user - Django user instance.
|
# self.user - Django user instance.
|
||||||
|
@ -72,11 +83,14 @@ Check out an example of how to implement it::
|
||||||
|
|
||||||
return dic
|
return dic
|
||||||
|
|
||||||
You can create our own scopes using the convention:
|
# If you want to change the description of the profile scope, you can redefine it.
|
||||||
|
info_profile = (
|
||||||
|
_(u'Profile'),
|
||||||
|
_(u'Another description.'),
|
||||||
|
)
|
||||||
|
|
||||||
``def scope_somename(self):``
|
.. note::
|
||||||
|
If a field is empty or ``None`` inside the dictionary your return on ``scope_scopename`` method, it will be cleaned from the response.
|
||||||
If a field is empty or ``None`` will be cleaned from the response.
|
|
||||||
|
|
||||||
OIDC_IDTOKEN_EXPIRE
|
OIDC_IDTOKEN_EXPIRE
|
||||||
===================
|
===================
|
||||||
|
@ -93,9 +107,9 @@ OPTIONAL. ``str`` or ``(list, tuple)``.
|
||||||
A string with the location of your function hook or ``list`` or ``tuple`` with hook functions.
|
A string with the location of your function hook or ``list`` or ``tuple`` with hook functions.
|
||||||
Here you can add extra dictionary values specific for your app into id_token.
|
Here you can add extra dictionary values specific for your app into id_token.
|
||||||
|
|
||||||
The ``list`` or ``tuple`` is useful when You want to set multiple hooks, i.e. one for permissions and second for some special field.
|
The ``list`` or ``tuple`` is useful when you want to set multiple hooks, i.e. one for permissions and second for some special field.
|
||||||
|
|
||||||
The function receives a ``id_token`` dictionary and ``user`` instance
|
The function receives a ``id_token`` dictionary and ``user`` instance
|
||||||
and returns it with additional fields.
|
and returns it with additional fields.
|
||||||
|
|
||||||
Default is::
|
Default is::
|
||||||
|
|
|
@ -35,7 +35,6 @@ class ScopeClaims(object):
|
||||||
scopes = []
|
scopes = []
|
||||||
|
|
||||||
for name in self.__class__.__dict__:
|
for name in self.__class__.__dict__:
|
||||||
|
|
||||||
if name.startswith('scope_'):
|
if name.startswith('scope_'):
|
||||||
scope = name.split('scope_')[1]
|
scope = name.split('scope_')[1]
|
||||||
scopes.append(scope)
|
scopes.append(scope)
|
||||||
|
@ -56,13 +55,34 @@ class ScopeClaims(object):
|
||||||
|
|
||||||
return aux_dic
|
return aux_dic
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def get_scopes_info(cls, scopes=[]):
|
||||||
|
scopes_info = []
|
||||||
|
|
||||||
|
for name in cls.__dict__:
|
||||||
|
if name.startswith('info_'):
|
||||||
|
scope_name = name.split('info_')[1]
|
||||||
|
if scope_name in scopes:
|
||||||
|
touple_info = getattr(cls, name)
|
||||||
|
scopes_info.append({
|
||||||
|
'scope': scope_name,
|
||||||
|
'name': touple_info[0],
|
||||||
|
'description': touple_info[1],
|
||||||
|
})
|
||||||
|
|
||||||
|
return scopes_info
|
||||||
|
|
||||||
|
|
||||||
class StandardScopeClaims(ScopeClaims):
|
class StandardScopeClaims(ScopeClaims):
|
||||||
"""
|
"""
|
||||||
Based on OpenID Standard Claims.
|
Based on OpenID Standard Claims.
|
||||||
See: http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
|
See: http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
info_profile = (
|
||||||
|
_(u'Basic profile'),
|
||||||
|
_(u'Access to your basic information. Includes names, gender, birthdate and other information.'),
|
||||||
|
)
|
||||||
def scope_profile(self):
|
def scope_profile(self):
|
||||||
dic = {
|
dic = {
|
||||||
'name': getattr(self.userinfo, 'name', None),
|
'name': getattr(self.userinfo, 'name', None),
|
||||||
|
@ -83,6 +103,10 @@ class StandardScopeClaims(ScopeClaims):
|
||||||
|
|
||||||
return dic
|
return dic
|
||||||
|
|
||||||
|
info_email = (
|
||||||
|
_(u'Email'),
|
||||||
|
_(u'Access to your email address.'),
|
||||||
|
)
|
||||||
def scope_email(self):
|
def scope_email(self):
|
||||||
dic = {
|
dic = {
|
||||||
'email': getattr(self.user, 'email', None),
|
'email': getattr(self.user, 'email', None),
|
||||||
|
@ -91,6 +115,10 @@ class StandardScopeClaims(ScopeClaims):
|
||||||
|
|
||||||
return dic
|
return dic
|
||||||
|
|
||||||
|
info_phone = (
|
||||||
|
_(u'Phone number'),
|
||||||
|
_(u'Access to your phone number.'),
|
||||||
|
)
|
||||||
def scope_phone(self):
|
def scope_phone(self):
|
||||||
dic = {
|
dic = {
|
||||||
'phone_number': getattr(self.userinfo, 'phone_number', None),
|
'phone_number': getattr(self.userinfo, 'phone_number', None),
|
||||||
|
@ -99,6 +127,10 @@ class StandardScopeClaims(ScopeClaims):
|
||||||
|
|
||||||
return dic
|
return dic
|
||||||
|
|
||||||
|
info_address = (
|
||||||
|
_(u'Address information'),
|
||||||
|
_(u'Access to your address. Includes country, locality, street and other information.'),
|
||||||
|
)
|
||||||
def scope_address(self):
|
def scope_address(self):
|
||||||
dic = {
|
dic = {
|
||||||
'address': {
|
'address': {
|
||||||
|
|
|
@ -7,6 +7,7 @@ except ImportError:
|
||||||
|
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
|
|
||||||
|
from oidc_provider.lib.claims import StandardScopeClaims
|
||||||
from oidc_provider.lib.errors import *
|
from oidc_provider.lib.errors import *
|
||||||
from oidc_provider.lib.utils.params import *
|
from oidc_provider.lib.utils.params import *
|
||||||
from oidc_provider.lib.utils.token import *
|
from oidc_provider.lib.utils.token import *
|
||||||
|
@ -207,3 +208,16 @@ class AuthorizeEndpoint(object):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
return value
|
return value
|
||||||
|
|
||||||
|
def get_scopes_information(self):
|
||||||
|
"""
|
||||||
|
Return a list with the description of all the scopes requested.
|
||||||
|
"""
|
||||||
|
scopes = StandardScopeClaims.get_scopes_info(self.params.scope)
|
||||||
|
scopes_extra = settings.get('OIDC_EXTRA_SCOPE_CLAIMS', import_str=True).get_scopes_info(self.params.scope)
|
||||||
|
for index_extra, scope_extra in enumerate(scopes_extra):
|
||||||
|
for index, scope in enumerate(scopes[:]):
|
||||||
|
if scope_extra['scope'] == scope['scope']:
|
||||||
|
del scopes[index]
|
||||||
|
|
||||||
|
return scopes + scopes_extra
|
||||||
|
|
|
@ -3,15 +3,15 @@
|
||||||
<p>Client <strong>{{ client.name }}</strong> would like to access this information of you ...</p>
|
<p>Client <strong>{{ client.name }}</strong> would like to access this information of you ...</p>
|
||||||
|
|
||||||
<form method="post" action="{% url 'oidc_provider:authorize' %}">
|
<form method="post" action="{% url 'oidc_provider:authorize' %}">
|
||||||
|
|
||||||
{% csrf_token %}
|
{% csrf_token %}
|
||||||
|
|
||||||
{{ hidden_inputs }}
|
{{ hidden_inputs }}
|
||||||
|
|
||||||
<ul>
|
<ul>
|
||||||
{% for scope in params.scope %}
|
{% for scope in scopes %}
|
||||||
<li>{{ scope | capfirst }}</li>
|
<li><strong>{{ scope.name }}</strong> <br><i>{{ scope.description }}</i></li>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<input type="submit" value="Decline" />
|
<input type="submit" value="Decline" />
|
||||||
|
|
|
@ -73,6 +73,7 @@ class AuthorizeView(View):
|
||||||
'client': authorize.client,
|
'client': authorize.client,
|
||||||
'hidden_inputs': hidden_inputs,
|
'hidden_inputs': hidden_inputs,
|
||||||
'params': authorize.params,
|
'params': authorize.params,
|
||||||
|
'scopes': authorize.get_scopes_information(),
|
||||||
}
|
}
|
||||||
|
|
||||||
return render(request, 'oidc_provider/authorize.html', context)
|
return render(request, 'oidc_provider/authorize.html', context)
|
||||||
|
|
Loading…
Reference in a new issue