Add id_token to response

2016-12-21 15:58:37 +01:00 · 2016-12-21 15:58:37 +01:00 · 7b9f08c46c
parent 1a31bc6554
commit 7b9f08c46c
2 changed files with 13 additions and 10 deletions
--- a/oidc_provider/lib/endpoints/token.py
+++ b/oidc_provider/lib/endpoints/token.py
@ -168,7 +168,7 @@ class TokenEndpoint(object):
            self.client,
            self.params['scope'].split(' '))

-        token.id_token = create_id_token(
+        id_token_dic = create_id_token(
            user=self.user,
            aud=self.client.client_id,
            nonce='self.code.nonce',
@ -177,12 +177,15 @@ class TokenEndpoint(object):
            scope=self.params['scope'],
        )

+        token.id_token = id_token_dic
        token.save()
+
        return {
            'access_token': token.access_token,
            'refresh_token': token.refresh_token,
            'expires_in': settings.get('OIDC_TOKEN_EXPIRE'),
-            'token_type': 'bearer'
+            'token_type': 'bearer',
+            'id_token': encode_id_token(id_token_dic, token.client),
        }

    def create_code_response_dic(self):
--- a/oidc_provider/tests/test_token_endpoint.py
+++ b/oidc_provider/tests/test_token_endpoint.py
@ -213,7 +213,6 @@ class TokenTestCase(TestCase):
        response_dict = json.loads(response.content.decode('utf-8'))
        print(response_dict)

-        self.assertEqual(400, response.status_code)
        self.assertEqual(403, response.status_code)
        self.assertEqual('access_denied', response_dict['error'])

@ -246,14 +245,15 @@ class TokenTestCase(TestCase):
        )

        response_dict = json.loads(response.content.decode('utf-8'))
-        expected_response_dic = {
-            "access_token": 'fake_token',
-            "refresh_token": 'fake_token',
-            "expires_in": 120,
-            "token_type": "bearer",
-        }
+        id_token = JWS().verify_compact(response_dict['id_token'].encode('utf-8'), self._get_keys())
+        print(id_token)

-        self.assertDictEqual(expected_response_dic, response_dict)
+        self.assertEqual(response_dict['access_token'], 'fake_token')
+        self.assertEqual(response_dict['refresh_token'], 'fake_token')
+        self.assertEqual(response_dict['expires_in'], 120)
+        self.assertEqual(response_dict['token_type'], 'bearer')
+        self.assertEqual(id_token['sub'], str(self.user.id))
+        self.assertEqual(id_token['aud'], self.client.client_id);

    @override_settings(OIDC_TOKEN_EXPIRE=720)
    def test_authorization_code(self):