diff --git a/oidc_provider/lib/endpoints/authorize.py b/oidc_provider/lib/endpoints/authorize.py index 5c3ad70..cafb394 100644 --- a/oidc_provider/lib/endpoints/authorize.py +++ b/oidc_provider/lib/endpoints/authorize.py @@ -96,7 +96,8 @@ class AuthorizeEndpoint(object): code = create_code( user=self.request.user, client=self.client, - scope=self.params.scope) + scope=self.params.scope, + nonce=self.params.nonce) code.save() diff --git a/oidc_provider/lib/utils/token.py b/oidc_provider/lib/utils/token.py index 38a732d..0eac64a 100644 --- a/oidc_provider/lib/utils/token.py +++ b/oidc_provider/lib/utils/token.py @@ -76,7 +76,7 @@ def create_token(user, client, id_token_dic, scope): return token -def create_code(user, client, scope): +def create_code(user, client, scope, nonce): """ Create and populate a Code object. @@ -89,5 +89,6 @@ def create_code(user, client, scope): code.expires_at = timezone.now() + timedelta( seconds=settings.get('OIDC_CODE_EXPIRE')) code.scope = scope + code.nonce = nonce return code diff --git a/oidc_provider/migrations/0003_code_nonce.py b/oidc_provider/migrations/0003_code_nonce.py new file mode 100644 index 0000000..0d49615 --- /dev/null +++ b/oidc_provider/migrations/0003_code_nonce.py @@ -0,0 +1,19 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import models, migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('oidc_provider', '0002_userconsent'), + ] + + operations = [ + migrations.AddField( + model_name='code', + name='nonce', + field=models.CharField(default=b'', max_length=255, blank=True), + ), + ] diff --git a/oidc_provider/models.py b/oidc_provider/models.py index 8ec7e95..709f334 100644 --- a/oidc_provider/models.py +++ b/oidc_provider/models.py @@ -71,6 +71,7 @@ class BaseCodeTokenModel(models.Model): class Code(BaseCodeTokenModel): code = models.CharField(max_length=255, unique=True) + nonce = models.CharField(max_length=255, blank=True, default='') class Token(BaseCodeTokenModel):