Add user email into id_token. Fix missing OIDC_TOKEN_EXPIRE setting.
This commit is contained in:
parent
4dc0faed0c
commit
5836774f6b
2 changed files with 5 additions and 4 deletions
|
@ -173,8 +173,7 @@ class AuthorizeEndpoint(object):
|
||||||
|
|
||||||
query_fragment['token_type'] = 'bearer'
|
query_fragment['token_type'] = 'bearer'
|
||||||
|
|
||||||
# TODO: Create setting 'OIDC_TOKEN_EXPIRE'.
|
query_fragment['expires_in'] = settings.get('OIDC_TOKEN_EXPIRE')
|
||||||
query_fragment['expires_in'] = 60 * 10
|
|
||||||
|
|
||||||
query_fragment['state'] = self.params.state if self.params.state else ''
|
query_fragment['state'] = self.params.state if self.params.state else ''
|
||||||
|
|
||||||
|
|
|
@ -19,8 +19,7 @@ from oidc_provider import settings
|
||||||
|
|
||||||
def create_id_token(user, aud, nonce, at_hash=None, request=None):
|
def create_id_token(user, aud, nonce, at_hash=None, request=None):
|
||||||
"""
|
"""
|
||||||
Receives a user object and aud (audience).
|
Creates the id_token dictionary.
|
||||||
Then creates the id_token dictionary.
|
|
||||||
See: http://openid.net/specs/openid-connect-core-1_0.html#IDToken
|
See: http://openid.net/specs/openid-connect-core-1_0.html#IDToken
|
||||||
|
|
||||||
Return a dic.
|
Return a dic.
|
||||||
|
@ -51,6 +50,9 @@ def create_id_token(user, aud, nonce, at_hash=None, request=None):
|
||||||
if at_hash:
|
if at_hash:
|
||||||
dic['at_hash'] = at_hash
|
dic['at_hash'] = at_hash
|
||||||
|
|
||||||
|
if getattr(user, 'email', None):
|
||||||
|
dic['email'] = user.email
|
||||||
|
|
||||||
processing_hook = settings.get('OIDC_IDTOKEN_PROCESSING_HOOK')
|
processing_hook = settings.get('OIDC_IDTOKEN_PROCESSING_HOOK')
|
||||||
|
|
||||||
if isinstance(processing_hook, (list, tuple)):
|
if isinstance(processing_hook, (list, tuple)):
|
||||||
|
|
Loading…
Reference in a new issue