Add OIDC_SKIP_CONSENT_ALWAYS setting.

CHANGELOG.md

@@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file.
 
 ### [Unreleased]
 
+##### Added
+- Setting OIDC_SKIP_CONSENT_ALWAYS.
+
 ##### Changed
 - Removing OIDC_RSA_KEY_FOLDER setting. Moving RSA Keys to the database.
 

DOC.md

@@ -32,6 +32,7 @@ Before getting started there are some important things that you should know:
     - [OIDC_EXTRA_SCOPE_CLAIMS](#oidc_extra_scope_claims)
     - [OIDC_IDTOKEN_EXPIRE](#oidc_idtoken_expire)
     - [OIDC_IDTOKEN_SUB_GENERATOR](#oidc_idtoken_sub_generator)
+    - [OIDC_SKIP_CONSENT_ALWAYS](#oidc_skip_consent_always)
     - [OIDC_SKIP_CONSENT_ENABLE](#oidc_skip_consent_enable)
     - [OIDC_SKIP_CONSENT_EXPIRE](#oidc_skip_consent_expire)
     - [OIDC_TOKEN_EXPIRE](#oidc_token_expire)
@@ -398,6 +399,11 @@ def default_sub_generator(user):
     return str(user.id)
 ```
 
+##### OIDC_SKIP_CONSENT_ALWAYS
+OPTIONAL. If enabled, the Server will NEVER ask the user for consent.
+
+`bool`. Default is `False`.
+
 ##### OIDC_SKIP_CONSENT_ENABLE
 OPTIONAL. If enabled, the Server will save the user consent given to a specific client, so that user won't be prompted for the same authorization multiple times.
 

oidc_provider/settings.py

@@ -58,6 +58,13 @@ class DefaultSettings(object):
         """
         return 'oidc_provider.lib.utils.common.default_sub_generator'
 
+    @property
+    def OIDC_SKIP_CONSENT_ALWAYS(self):
+        """
+        OPTIONAL. If enabled, the Server will NEVER ask the user for consent.
+        """
+        return False
+
     @property
     def OIDC_SKIP_CONSENT_ENABLE(self):
         """

oidc_provider/tests/test_authorize_endpoint.py

@@ -224,13 +224,18 @@ class AuthorizationCodeFlowTestCase(TestCase):
         # Simulate that the user is logged.
         request.user = self.user
 
+        with self.settings(OIDC_SKIP_CONSENT_ALWAYS=True):
+            response = AuthorizeView.as_view()(request)
+
+            self.assertEqual('code' in response['Location'], True,
+                msg='Code is missing in the returned url.')
+
         response = AuthorizeView.as_view()(request)
 
         is_code_ok = is_code_valid(url=response['Location'],
                                    user=self.user,
                                    client=self.client)
-        self.assertEqual(is_code_ok, True,
-            msg='Code returned is invalid.')
+        self.assertEqual(is_code_ok, True, msg='Code returned is invalid.')
 
         del post_data['allow']
         query_str = urlencode(post_data).replace('+', '%20')
@@ -247,10 +252,12 @@ class AuthorizationCodeFlowTestCase(TestCase):
         is_code_ok = is_code_valid(url=response['Location'],
                                    user=self.user,
                                    client=self.client)
-        self.assertEqual(is_code_ok, True,
-            msg='Code returned is invalid or missing.')
+        self.assertEqual(is_code_ok, True, msg='Code returned is invalid or missing.')
 
     def test_response_uri_is_properly_constructed(self):
+        """
+        TODO
+        """
         post_data = {
             'client_id': self.client.client_id,
             'redirect_uri': self.client.default_redirect_uri + "?redirect_state=xyz",

oidc_provider/views.py

@@ -38,11 +38,13 @@ class AuthorizeView(View):
                 if hook_resp:
                     return hook_resp
 
+                if settings.get('OIDC_SKIP_CONSENT_ALWAYS'):
+                    return redirect(authorize.create_response_uri())
+
                 if settings.get('OIDC_SKIP_CONSENT_ENABLE'):
                     # Check if user previously give consent.
                     if authorize.client_has_user_consent():
-                        uri = authorize.create_response_uri()
-                        return redirect(uri)
+                        return redirect(authorize.create_response_uri())
 
                 # Generate hidden inputs for the form.
                 context = {