From 597b5c8ebda11298875caf442bbc4f0f27efc988 Mon Sep 17 00:00:00 2001 From: juanifioren Date: Tue, 11 Aug 2015 17:12:15 -0300 Subject: [PATCH] Add OIDC_USERINFO setting to DOC. --- DOC.md | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/DOC.md b/DOC.md index fd19b08..54554c9 100644 --- a/DOC.md +++ b/DOC.md @@ -29,8 +29,10 @@ Before getting started there are some important things that you should know: - [OIDC_SKIP_CONSENT_ENABLE](#oidc_skip_consent_enable) - [OIDC_SKIP_CONSENT_EXPIRE](#oidc_skip_consent_expire) - [OIDC_TOKEN_EXPIRE](#oidc_token_expire) + - [OIDC_USERINFO](#oidc_userinfo) - [Users And Clients](#users-and-clients) - [Templates](#templates) +- [Standard Claims](#standard-claims) - [Server Endpoints](#server-endpoints) - [Running Tests](#running-tests) @@ -212,6 +214,9 @@ OPTIONAL. Token object expiration after been created. `int`. Expressed in seconds. Default is `60*60`. +##### OIDC_USERINFO +OPTIONAL. A string with the location of your class. Read [standard claims](#standard-claims) section. + ## Users And Clients User and client creation it's up to you. This is because is out of the scope in the core implementation of OIDC. @@ -269,6 +274,67 @@ You can copy the sample html here and edit them with your own styles.

{{ description }}

``` +## Standard Claims + +This subset of OpenID Connect defines a set of standard Claims. They are returned in the UserInfo Response. + +The package comes with a setting called `OIDC_USERINFO`, basically it refers to a class that MUST have a class-method named `get_by_user`, this will be called with a Django `User` instance and returns an object with all the claims of the user as attributes. + +List of all the attributes grouped by scopes: + +| profile | email | phone | address | +| ------------------ | -------------- | --------------------- | ---------------------- | +| name | email | phone_number | address_formatted | +| given_name | email_verified | phone_number_verified | address_street_address | +| family_name | | | address_locality | +| middle_name | | | address_region | +| nickname | | | address_postal_code | +| preferred_username | | | address_country | +| profile | | | | +| picture | | | | +| website | | | | +| gender | | | | +| birthdate | | | | +| zoneinfo | | | | +| locale | | | | +| updated_at | | | | + +Example using a django model: + +```python +from django.conf import settings +from django.db import models + + +class UserInfo(models.Model): + + GENDER_CHOICES = [ + ('F', 'Female'), + ('M', 'Male'), + ] + + user = models.OneToOneField(settings.AUTH_USER_MODEL, primary_key=True) + + given_name = models.CharField(max_length=255, blank=True, null=True) + family_name = models.CharField(max_length=255, blank=True, null=True) + gender = models.CharField(max_length=100, choices=GENDER_CHOICES, null=True) + birthdate = models.DateField(null=True) + updated_at = models.DateTimeField(auto_now=True, null=True) + + email_verified = models.NullBooleanField(default=False) + + phone_number = models.CharField(max_length=255, blank=True, null=True) + phone_number_verified = models.NullBooleanField(default=False) + + address_locality = models.CharField(max_length=255, blank=True, null=True) + address_country = models.CharField(max_length=255, blank=True, null=True) + + @classmethod + def get_by_user(cls, user): + return cls.objects.get(user=user) + +``` + ## Server Endpoints **/authorize endpoint**