From 369248426b8e6290fdbbeb7ac3269ddd46ea32e8 Mon Sep 17 00:00:00 2001 From: Juan Ignacio Fiorentino Date: Fri, 27 Feb 2015 18:14:46 -0300 Subject: [PATCH 1/4] Update Docs. --- doc.md | 118 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 57 insertions(+), 61 deletions(-) diff --git a/doc.md b/doc.md index 5f3ce83..fe5fb80 100644 --- a/doc.md +++ b/doc.md @@ -15,10 +15,15 @@ Before getting started there are some important things that you should know: - [Requirements](#requirements) - [Installation](#installation) - [Settings](#settings) + - [SITE_URL](#site_url) + - [LOGIN_URL](#login_url) + - [OIDC_CODE_EXPIRE](#oidc_code_expire) + - [OIDC_EXTRA_SCOPE_CLAIMS](#) + - [OIDC_IDTOKEN_EXPIRE](#) + - [OIDC_TOKEN_EXPIRE](#) - [Users And Clients](#users-and-clients) - [Templates](#templates) - [Server Endpoints](#server-endpoints) -- [Claims And Scopes](#claims-and-scopes) ## Requirements @@ -64,24 +69,64 @@ urlpatterns = patterns('', Add required variables to your project settings. +### SITE_URL +*REQUIRED.* The OP server url. For example `http://localhost:8000`. + +### LOGIN_URL +*REQUIRED.* Used to log the user in. [Read more in Django docs](https://docs.djangoproject.com/en/1.7/ref/settings/#login-url). Default value is `/accounts/login/`. + +### OIDC_CODE_EXPIRE +*OPTIONAL.* Expressed in seconds. Default value is `60*10`. + +### OIDC_EXTRA_SCOPE_CLAIMS +*OPTIONAL.* Used to add extra scopes specific for your app. This class MUST inherit ``AbstractScopeClaims``. + +OpenID Connect Clients will use scope values to specify what access privileges are being requested for Access Tokens. + +[Here](http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims) you have the standard scopes defined by the protocol. + +Check out an example: + ```python -# REQUIRED SETTINGS. +from oidc_provider.lib.claims import AbstractScopeClaims -# Your server provider url. -SITE_URL = 'http://localhost:8000' +class MyAppScopeClaims(AbstractScopeClaims): -# Used to log the user in. -# See: https://docs.djangoproject.com/en/1.7/ref/settings/#login-url -LOGIN_URL = '/accounts/login/' + def __init__(self, user, scopes): + # Don't forget this. + super(StandardScopeClaims, self).__init__(user, scopes) -# OPTIONAL SETTINGS. + # Here you can load models that will be used + # in more than one scope for example. + try: + self.some_model = SomeModel.objects.get(user=self.user) + except UserInfo.DoesNotExist: + # Create an empty model object. + self.some_model = SomeModel() -OIDC_CODE_EXPIRE = 60*10 # 10 min. -OIDC_EXTRA_SCOPE_CLAIMS = MyAppScopeClaims, -OIDC_IDTOKEN_EXPIRE = 60*10, # 10 min. -OIDC_TOKEN_EXPIRE = 60*60 # 1 hour. + def scope_books(self, user): + + # Here you can search books for this user. + + dic = { + 'books_readed': books_readed_count, + } + + return dic ``` +See how we create our own scopes using the convention: + +``def scope_(self, user):`` + +If a field is empty or ``None`` will be cleaned from the response. + +### OIDC_IDTOKEN_EXPIRE +*OPTIONAL.* Expressed in seconds. Default value is `60*10`. + +### OIDC_TOKEN_EXPIRE +*OPTIONAL.* Expressed in seconds. Default value is `60*60`. + ## Users And Clients User and client creation it's up to you. This is because is out of the scope in the core implementation of OIDC. @@ -179,52 +224,3 @@ POST /openid/userinfo/ HTTP/1.1 Host: localhost:8000 Authorization: Bearer [ACCESS_TOKEN] ``` - -## Claims And Scopes - -OpenID Connect Clients will use scope values to specify what access privileges are being requested for Access Tokens. - -Here you have the standard scopes defined by the protocol. -http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims - -If you need to add extra scopes specific for your app you can add them using the ``DOP_EXTRA_SCOPE_CLAIMS`` settings variable. -This class MUST inherit ``AbstractScopeClaims``. - -Check out an example: - -```python -from openid_provider.lib.claims import AbstractScopeClaims - -class MyAppScopeClaims(AbstractScopeClaims): - - def __init__(self, user, scopes): - # Don't forget this. - super(StandardScopeClaims, self).__init__(user, scopes) - - # Here you can load models that will be used - # in more than one scope for example. - try: - self.some_model = SomeModel.objects.get(user=self.user) - except UserInfo.DoesNotExist: - # Create an empty model object. - self.some_model = SomeModel() - - def scope_books(self, user): - - # Here you can search books for this user. - # Remember that you have "self.some_model" also. - - dic = { - 'books_readed': books_readed_count, - } - - return dic -``` - -See how we create our own scopes using the convention: - -``def scope_(self, user):`` - -If a field is empty or ``None`` will be cleaned from the response. - -**Don't forget to add your class into your app settings.** From c8a4eb90f243d3636c37acaa0a3ca601031c5339 Mon Sep 17 00:00:00 2001 From: Juan Ignacio Fiorentino Date: Fri, 27 Feb 2015 18:17:20 -0300 Subject: [PATCH 2/4] Update Docs. --- doc.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc.md b/doc.md index fe5fb80..21ed103 100644 --- a/doc.md +++ b/doc.md @@ -18,9 +18,9 @@ Before getting started there are some important things that you should know: - [SITE_URL](#site_url) - [LOGIN_URL](#login_url) - [OIDC_CODE_EXPIRE](#oidc_code_expire) - - [OIDC_EXTRA_SCOPE_CLAIMS](#) - - [OIDC_IDTOKEN_EXPIRE](#) - - [OIDC_TOKEN_EXPIRE](#) + - [OIDC_EXTRA_SCOPE_CLAIMS](#oidc_extra_scope_claims) + - [OIDC_IDTOKEN_EXPIRE](#oidc_idtoken_expire) + - [OIDC_TOKEN_EXPIRE](#oidc_token_expire) - [Users And Clients](#users-and-clients) - [Templates](#templates) - [Server Endpoints](#server-endpoints) From 8c98c87fc92edc643e2f248841733417f5bd6e0e Mon Sep 17 00:00:00 2001 From: Juan Ignacio Fiorentino Date: Fri, 27 Feb 2015 18:23:06 -0300 Subject: [PATCH 3/4] Update Docs. --- doc.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/doc.md b/doc.md index 21ed103..32c61d4 100644 --- a/doc.md +++ b/doc.md @@ -69,16 +69,16 @@ urlpatterns = patterns('', Add required variables to your project settings. -### SITE_URL +##### SITE_URL *REQUIRED.* The OP server url. For example `http://localhost:8000`. -### LOGIN_URL -*REQUIRED.* Used to log the user in. [Read more in Django docs](https://docs.djangoproject.com/en/1.7/ref/settings/#login-url). Default value is `/accounts/login/`. +##### LOGIN_URL +*REQUIRED.* Used to log the user in. [Read more in Django docs](https://docs.djangoproject.com/en/1.7/ref/settings/#login-url). Default is `/accounts/login/`. -### OIDC_CODE_EXPIRE -*OPTIONAL.* Expressed in seconds. Default value is `60*10`. +##### OIDC_CODE_EXPIRE +*OPTIONAL.* Expressed in seconds. Default is `60*10`. -### OIDC_EXTRA_SCOPE_CLAIMS +##### OIDC_EXTRA_SCOPE_CLAIMS *OPTIONAL.* Used to add extra scopes specific for your app. This class MUST inherit ``AbstractScopeClaims``. OpenID Connect Clients will use scope values to specify what access privileges are being requested for Access Tokens. @@ -121,11 +121,11 @@ See how we create our own scopes using the convention: If a field is empty or ``None`` will be cleaned from the response. -### OIDC_IDTOKEN_EXPIRE -*OPTIONAL.* Expressed in seconds. Default value is `60*10`. +##### OIDC_IDTOKEN_EXPIRE +*OPTIONAL.* Expressed in seconds. Default is `60*10`. -### OIDC_TOKEN_EXPIRE -*OPTIONAL.* Expressed in seconds. Default value is `60*60`. +##### OIDC_TOKEN_EXPIRE +*OPTIONAL.* Token object expiration after been created. Expressed in seconds. Default is `60*60`. ## Users And Clients From 377a4d37e9477dd61ea451a7157ad4d8e9e1a1af Mon Sep 17 00:00:00 2001 From: Juan Ignacio Fiorentino Date: Sun, 1 Mar 2015 20:21:37 -0300 Subject: [PATCH 4/4] Update Docs. --- doc.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/doc.md b/doc.md index 32c61d4..dbb9731 100644 --- a/doc.md +++ b/doc.md @@ -7,7 +7,7 @@ Django OIDC Provider can help you providing out of the box all the endpoints, da Before getting started there are some important things that you should know: * Although OpenID was built on top of OAuth2, this isn't an OAuth2 server. Maybe in a future it will be. * Despite that implementation MUST support TLS. You can make request without using SSL. There is no control on that. -* This cover authorization_code flow and implicit flow, NO support for hybrid flow at this moment. +* This cover `Authorization Code` flow and `Implicit` flow, NO support for `Hybrid` flow at this moment. * Only support for requesting Claims using Scope Values. # Table Of Contents @@ -70,16 +70,16 @@ urlpatterns = patterns('', Add required variables to your project settings. ##### SITE_URL -*REQUIRED.* The OP server url. For example `http://localhost:8000`. +REQUIRED. The OP server url. For example `http://localhost:8000`. ##### LOGIN_URL -*REQUIRED.* Used to log the user in. [Read more in Django docs](https://docs.djangoproject.com/en/1.7/ref/settings/#login-url). Default is `/accounts/login/`. +REQUIRED. Used to log the user in. [Read more in Django docs](https://docs.djangoproject.com/en/1.7/ref/settings/#login-url). Default is `/accounts/login/`. ##### OIDC_CODE_EXPIRE -*OPTIONAL.* Expressed in seconds. Default is `60*10`. +OPTIONAL. Expressed in seconds. Default is `60*10`. ##### OIDC_EXTRA_SCOPE_CLAIMS -*OPTIONAL.* Used to add extra scopes specific for your app. This class MUST inherit ``AbstractScopeClaims``. +OPTIONAL. Used to add extra scopes specific for your app. This class MUST inherit ``AbstractScopeClaims``. OpenID Connect Clients will use scope values to specify what access privileges are being requested for Access Tokens. @@ -122,10 +122,10 @@ See how we create our own scopes using the convention: If a field is empty or ``None`` will be cleaned from the response. ##### OIDC_IDTOKEN_EXPIRE -*OPTIONAL.* Expressed in seconds. Default is `60*10`. +OPTIONAL. Expressed in seconds. Default is `60*10`. ##### OIDC_TOKEN_EXPIRE -*OPTIONAL.* Token object expiration after been created. Expressed in seconds. Default is `60*60`. +OPTIONAL. Token object expiration after been created. Expressed in seconds. Default is `60*60`. ## Users And Clients