Add user email into id_token. Fix missing OIDC_TOKEN_EXPIRE setting.

2016-09-09 11:43:28 -03:00 · 2016-09-09 11:43:28 -03:00 · 5836774f6b
parent 4dc0faed0c
commit 5836774f6b
2 changed files with 5 additions and 4 deletions
--- a/oidc_provider/lib/endpoints/authorize.py
+++ b/oidc_provider/lib/endpoints/authorize.py
@ -173,8 +173,7 @@ class AuthorizeEndpoint(object):

                query_fragment['token_type'] = 'bearer'

-                # TODO: Create setting 'OIDC_TOKEN_EXPIRE'.
-                query_fragment['expires_in'] = 60 * 10
+                query_fragment['expires_in'] = settings.get('OIDC_TOKEN_EXPIRE')

                query_fragment['state'] = self.params.state if self.params.state else ''

--- a/oidc_provider/lib/utils/token.py
+++ b/oidc_provider/lib/utils/token.py
@ -19,8 +19,7 @@ from oidc_provider import settings

 def create_id_token(user, aud, nonce, at_hash=None, request=None):
    """
-    Receives a user object and aud (audience).
-    Then creates the id_token dictionary.
+    Creates the id_token dictionary.
    See: http://openid.net/specs/openid-connect-core-1_0.html#IDToken

    Return a dic.
@ -51,6 +50,9 @@ def create_id_token(user, aud, nonce, at_hash=None, request=None):
    if at_hash:
        dic['at_hash'] = at_hash

+    if getattr(user, 'email', None):
+        dic['email'] = user.email
+
    processing_hook = settings.get('OIDC_IDTOKEN_PROCESSING_HOOK')

    if isinstance(processing_hook, (list, tuple)):