Merge branch 'master' of https://github.com/juanifioren/django-openid-provider

doc.md

@@ -7,7 +7,7 @@ Django OIDC Provider can help you providing out of the box all the endpoints, da
 Before getting started there are some important things that you should know:
 * Although OpenID was built on top of OAuth2, this isn't an OAuth2 server. Maybe in a future it will be.
 * Despite that implementation MUST support TLS. You can make request without using SSL. There is no control on that.
-* This cover authorization_code flow and implicit flow, NO support for hybrid flow at this moment.
+* This cover `Authorization Code` flow and `Implicit` flow, NO support for `Hybrid` flow at this moment.
 * Only support for requesting Claims using Scope Values.
 
 # Table Of Contents
@@ -15,10 +15,15 @@ Before getting started there are some important things that you should know:
 - [Requirements](#requirements)
 - [Installation](#installation)
 - [Settings](#settings)
+    - [SITE_URL](#site_url)
+    - [LOGIN_URL](#login_url)
+    - [OIDC_CODE_EXPIRE](#oidc_code_expire)
+    - [OIDC_EXTRA_SCOPE_CLAIMS](#oidc_extra_scope_claims)
+    - [OIDC_IDTOKEN_EXPIRE](#oidc_idtoken_expire)
+    - [OIDC_TOKEN_EXPIRE](#oidc_token_expire)
 - [Users And Clients](#users-and-clients)
 - [Templates](#templates)
 - [Server Endpoints](#server-endpoints)
-- [Claims And Scopes](#claims-and-scopes)
 
 ## Requirements
 
@@ -64,24 +69,64 @@ urlpatterns = patterns('',
 
 Add required variables to your project settings.
 
+##### SITE_URL
+REQUIRED. The OP server url. For example `http://localhost:8000`.
+
+##### LOGIN_URL
+REQUIRED. Used to log the user in. [Read more in Django docs](https://docs.djangoproject.com/en/1.7/ref/settings/#login-url). Default is `/accounts/login/`.
+
+##### OIDC_CODE_EXPIRE
+OPTIONAL. Expressed in seconds. Default is `60*10`.
+
+##### OIDC_EXTRA_SCOPE_CLAIMS
+OPTIONAL. Used to add extra scopes specific for your app. This class MUST inherit ``AbstractScopeClaims``.
+
+OpenID Connect Clients will use scope values to specify what access privileges are being requested for Access Tokens.
+
+[Here](http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims) you have the standard scopes defined by the protocol.
+
+Check out an example:
+
 ```python
-# REQUIRED SETTINGS.
+from oidc_provider.lib.claims import AbstractScopeClaims
 
-# Your server provider url.
-SITE_URL = 'http://localhost:8000'
+class MyAppScopeClaims(AbstractScopeClaims):
 
-# Used to log the user in.
-# See: https://docs.djangoproject.com/en/1.7/ref/settings/#login-url
-LOGIN_URL = '/accounts/login/'
+    def __init__(self, user, scopes):
+        # Don't forget this.
+        super(StandardScopeClaims, self).__init__(user, scopes)
 
-# OPTIONAL SETTINGS.
+        # Here you can load models that will be used
+        # in more than one scope for example.
+        try:
+            self.some_model = SomeModel.objects.get(user=self.user)
+        except UserInfo.DoesNotExist:
+            # Create an empty model object.
+            self.some_model = SomeModel()
 
-OIDC_CODE_EXPIRE = 60*10 # 10 min.
-OIDC_EXTRA_SCOPE_CLAIMS = MyAppScopeClaims,
-OIDC_IDTOKEN_EXPIRE = 60*10, # 10 min.
-OIDC_TOKEN_EXPIRE = 60*60 # 1 hour.
+    def scope_books(self, user):
+
+        # Here you can search books for this user.
+
+        dic = {
+            'books_readed': books_readed_count,
+        }
+
+        return dic
 ```
 
+See how we create our own scopes using the convention:
+
+``def scope_<SCOPE_NAME>(self, user):``
+
+If a field is empty or ``None`` will be cleaned from the response.
+
+##### OIDC_IDTOKEN_EXPIRE
+OPTIONAL. Expressed in seconds. Default is `60*10`.
+
+##### OIDC_TOKEN_EXPIRE
+OPTIONAL. Token object expiration after been created. Expressed in seconds. Default is `60*60`.
+
 ## Users And Clients
 
 User and client creation it's up to you. This is because is out of the scope in the core implementation of OIDC.
@@ -179,52 +224,3 @@ POST /openid/userinfo/ HTTP/1.1
 Host: localhost:8000
 Authorization: Bearer [ACCESS_TOKEN]
 ```
-
-## Claims And Scopes
-
-OpenID Connect Clients will use scope values to specify what access privileges are being requested for Access Tokens.
-
-Here you have the standard scopes defined by the protocol.
-http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
-
-If you need to add extra scopes specific for your app you can add them using the ``DOP_EXTRA_SCOPE_CLAIMS`` settings variable.
-This class MUST inherit ``AbstractScopeClaims``.
-
-Check out an example:
-
-```python
-from openid_provider.lib.claims import AbstractScopeClaims
-
-class MyAppScopeClaims(AbstractScopeClaims):
-
-    def __init__(self, user, scopes):
-        # Don't forget this.
-        super(StandardScopeClaims, self).__init__(user, scopes)
-
-        # Here you can load models that will be used
-        # in more than one scope for example.
-        try:
-            self.some_model = SomeModel.objects.get(user=self.user)
-        except UserInfo.DoesNotExist:
-            # Create an empty model object.
-            self.some_model = SomeModel()
-
-    def scope_books(self, user):
-
-        # Here you can search books for this user.
-        # Remember that you have "self.some_model" also.
-
-        dic = {
-            'books_readed': books_readed_count,
-        }
-
-        return dic
-```
-
-See how we create our own scopes using the convention:
-
-``def scope_<SCOPE_NAME>(self, user):``
-
-If a field is empty or ``None`` will be cleaned from the response.
-
-**Don't forget to add your class into your app settings.**