Add OIDC_USERINFO setting to DOC.
This commit is contained in:
parent
18b492d1db
commit
597b5c8ebd
66
DOC.md
66
DOC.md
|
@ -29,8 +29,10 @@ Before getting started there are some important things that you should know:
|
||||||
- [OIDC_SKIP_CONSENT_ENABLE](#oidc_skip_consent_enable)
|
- [OIDC_SKIP_CONSENT_ENABLE](#oidc_skip_consent_enable)
|
||||||
- [OIDC_SKIP_CONSENT_EXPIRE](#oidc_skip_consent_expire)
|
- [OIDC_SKIP_CONSENT_EXPIRE](#oidc_skip_consent_expire)
|
||||||
- [OIDC_TOKEN_EXPIRE](#oidc_token_expire)
|
- [OIDC_TOKEN_EXPIRE](#oidc_token_expire)
|
||||||
|
- [OIDC_USERINFO](#oidc_userinfo)
|
||||||
- [Users And Clients](#users-and-clients)
|
- [Users And Clients](#users-and-clients)
|
||||||
- [Templates](#templates)
|
- [Templates](#templates)
|
||||||
|
- [Standard Claims](#standard-claims)
|
||||||
- [Server Endpoints](#server-endpoints)
|
- [Server Endpoints](#server-endpoints)
|
||||||
- [Running Tests](#running-tests)
|
- [Running Tests](#running-tests)
|
||||||
|
|
||||||
|
@ -212,6 +214,9 @@ OPTIONAL. Token object expiration after been created.
|
||||||
|
|
||||||
`int`. Expressed in seconds. Default is `60*60`.
|
`int`. Expressed in seconds. Default is `60*60`.
|
||||||
|
|
||||||
|
##### OIDC_USERINFO
|
||||||
|
OPTIONAL. A string with the location of your class. Read [standard claims](#standard-claims) section.
|
||||||
|
|
||||||
## Users And Clients
|
## Users And Clients
|
||||||
|
|
||||||
User and client creation it's up to you. This is because is out of the scope in the core implementation of OIDC.
|
User and client creation it's up to you. This is because is out of the scope in the core implementation of OIDC.
|
||||||
|
@ -269,6 +274,67 @@ You can copy the sample html here and edit them with your own styles.
|
||||||
<p>{{ description }}</p>
|
<p>{{ description }}</p>
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Standard Claims
|
||||||
|
|
||||||
|
This subset of OpenID Connect defines a set of standard Claims. They are returned in the UserInfo Response.
|
||||||
|
|
||||||
|
The package comes with a setting called `OIDC_USERINFO`, basically it refers to a class that MUST have a class-method named `get_by_user`, this will be called with a Django `User` instance and returns an object with all the claims of the user as attributes.
|
||||||
|
|
||||||
|
List of all the attributes grouped by scopes:
|
||||||
|
|
||||||
|
| profile | email | phone | address |
|
||||||
|
| ------------------ | -------------- | --------------------- | ---------------------- |
|
||||||
|
| name | email | phone_number | address_formatted |
|
||||||
|
| given_name | email_verified | phone_number_verified | address_street_address |
|
||||||
|
| family_name | | | address_locality |
|
||||||
|
| middle_name | | | address_region |
|
||||||
|
| nickname | | | address_postal_code |
|
||||||
|
| preferred_username | | | address_country |
|
||||||
|
| profile | | | |
|
||||||
|
| picture | | | |
|
||||||
|
| website | | | |
|
||||||
|
| gender | | | |
|
||||||
|
| birthdate | | | |
|
||||||
|
| zoneinfo | | | |
|
||||||
|
| locale | | | |
|
||||||
|
| updated_at | | | |
|
||||||
|
|
||||||
|
Example using a django model:
|
||||||
|
|
||||||
|
```python
|
||||||
|
from django.conf import settings
|
||||||
|
from django.db import models
|
||||||
|
|
||||||
|
|
||||||
|
class UserInfo(models.Model):
|
||||||
|
|
||||||
|
GENDER_CHOICES = [
|
||||||
|
('F', 'Female'),
|
||||||
|
('M', 'Male'),
|
||||||
|
]
|
||||||
|
|
||||||
|
user = models.OneToOneField(settings.AUTH_USER_MODEL, primary_key=True)
|
||||||
|
|
||||||
|
given_name = models.CharField(max_length=255, blank=True, null=True)
|
||||||
|
family_name = models.CharField(max_length=255, blank=True, null=True)
|
||||||
|
gender = models.CharField(max_length=100, choices=GENDER_CHOICES, null=True)
|
||||||
|
birthdate = models.DateField(null=True)
|
||||||
|
updated_at = models.DateTimeField(auto_now=True, null=True)
|
||||||
|
|
||||||
|
email_verified = models.NullBooleanField(default=False)
|
||||||
|
|
||||||
|
phone_number = models.CharField(max_length=255, blank=True, null=True)
|
||||||
|
phone_number_verified = models.NullBooleanField(default=False)
|
||||||
|
|
||||||
|
address_locality = models.CharField(max_length=255, blank=True, null=True)
|
||||||
|
address_country = models.CharField(max_length=255, blank=True, null=True)
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def get_by_user(cls, user):
|
||||||
|
return cls.objects.get(user=user)
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
## Server Endpoints
|
## Server Endpoints
|
||||||
|
|
||||||
**/authorize endpoint**
|
**/authorize endpoint**
|
||||||
|
|
Loading…
Reference in a new issue