str or list or tuple for OIDC_ID_TOKEN_PROCESSING_HOOK

docs/sections/settings.rst

@@ -95,9 +95,13 @@ Expressed in seconds. Default is ``60*10``.
 OIDC_IDTOKEN_PROCESSING_HOOK
 ============================
 
-OPTIONAL. ``str``. A string with the location of your function hook.
+OPTIONAL. ``str`` or ``(list, tuple)``.
+
+A string with the location of your function hook or ``list`` or ``tuple`` with hook functions.
 Here you can add extra dictionary values specific for your app into id_token.
 
+The ``list`` or ``tuple`` is useful when You want to set multiple hooks, i.e. one for permissions and second for some special field.
+
 The function receives a ``id_token`` dictionary and ``user`` instance 
 and returns it with additional fields.
 

oidc_provider/lib/utils/token.py

@@ -44,7 +44,13 @@ def create_id_token(user, aud, nonce):
     if nonce:
         dic['nonce'] = str(nonce)
 
-    dic = settings.get('OIDC_IDTOKEN_PROCESSING_HOOK', import_str=True)(dic, user=user)
+    processing_hook = settings.get('OIDC_IDTOKEN_PROCESSING_HOOK')
+
+    if isinstance(processing_hook, (list, tuple)):
+        for hook in processing_hook:
+            dic = settings.import_from_str(hook)(dic, user=user)
+    else:
+        dic = settings.import_from_str(processing_hook)(dic, user=user)
 
     return dic
 

oidc_provider/tests/app/utils.py

@@ -115,3 +115,12 @@ def fake_idtoken_processing_hook(id_token, user):
     id_token['test_idtoken_processing_hook'] = FAKE_RANDOM_STRING
     id_token['test_idtoken_processing_hook_user_email'] = user.email
     return id_token
+
+
+def fake_idtoken_processing_hook2(id_token, user):
+    """
+    Fake function for inserting some keys into token. Testing OIDC_IDTOKEN_PROCESSING_HOOK - tuple or list as param
+    """
+    id_token['test_idtoken_processing_hook2'] = FAKE_RANDOM_STRING
+    id_token['test_idtoken_processing_hook_user_email2'] = user.email
+    return id_token

oidc_provider/tests/test_token_endpoint.py

@@ -353,3 +353,95 @@ class TokenTestCase(TestCase):
 
         self.assertEqual(id_token.get('test_idtoken_processing_hook'), FAKE_RANDOM_STRING)
         self.assertEqual(id_token.get('test_idtoken_processing_hook_user_email'), self.user.email)
+
+    @override_settings(
+        OIDC_IDTOKEN_PROCESSING_HOOK=(
+                'oidc_provider.tests.app.utils.fake_idtoken_processing_hook',
+        )
+    )
+    def test_additional_idtoken_processing_hook_one_element_in_tuple(self):
+        """
+        Test custom function for setting OIDC_IDTOKEN_PROCESSING_HOOK.
+        """
+        code = self._create_code()
+
+        post_data = self._auth_code_post_data(code=code.code)
+
+        response = self._post_request(post_data)
+
+        response_dic = json.loads(response.content.decode('utf-8'))
+        id_token = JWT().unpack(response_dic['id_token'].encode('utf-8')).payload()
+
+        self.assertEqual(id_token.get('test_idtoken_processing_hook'), FAKE_RANDOM_STRING)
+        self.assertEqual(id_token.get('test_idtoken_processing_hook_user_email'), self.user.email)
+
+    @override_settings(
+        OIDC_IDTOKEN_PROCESSING_HOOK=[
+                'oidc_provider.tests.app.utils.fake_idtoken_processing_hook',
+        ]
+    )
+    def test_additional_idtoken_processing_hook_one_element_in_list(self):
+        """
+        Test custom function for setting OIDC_IDTOKEN_PROCESSING_HOOK.
+        """
+        code = self._create_code()
+
+        post_data = self._auth_code_post_data(code=code.code)
+
+        response = self._post_request(post_data)
+
+        response_dic = json.loads(response.content.decode('utf-8'))
+        id_token = JWT().unpack(response_dic['id_token'].encode('utf-8')).payload()
+
+        self.assertEqual(id_token.get('test_idtoken_processing_hook'), FAKE_RANDOM_STRING)
+        self.assertEqual(id_token.get('test_idtoken_processing_hook_user_email'), self.user.email)
+
+    @override_settings(
+        OIDC_IDTOKEN_PROCESSING_HOOK=[
+                'oidc_provider.tests.app.utils.fake_idtoken_processing_hook',
+                'oidc_provider.tests.app.utils.fake_idtoken_processing_hook2',
+        ]
+    )
+    def test_additional_idtoken_processing_hook_two_elements_in_list(self):
+        """
+        Test custom function for setting OIDC_IDTOKEN_PROCESSING_HOOK.
+        """
+        code = self._create_code()
+
+        post_data = self._auth_code_post_data(code=code.code)
+
+        response = self._post_request(post_data)
+
+        response_dic = json.loads(response.content.decode('utf-8'))
+        id_token = JWT().unpack(response_dic['id_token'].encode('utf-8')).payload()
+
+        self.assertEqual(id_token.get('test_idtoken_processing_hook'), FAKE_RANDOM_STRING)
+        self.assertEqual(id_token.get('test_idtoken_processing_hook_user_email'), self.user.email)
+
+        self.assertEqual(id_token.get('test_idtoken_processing_hook2'), FAKE_RANDOM_STRING)
+        self.assertEqual(id_token.get('test_idtoken_processing_hook_user_email2'), self.user.email)
+
+    @override_settings(
+        OIDC_IDTOKEN_PROCESSING_HOOK=(
+                'oidc_provider.tests.app.utils.fake_idtoken_processing_hook',
+                'oidc_provider.tests.app.utils.fake_idtoken_processing_hook2',
+        )
+    )
+    def test_additional_idtoken_processing_hook_two_elements_in_tuple(self):
+        """
+        Test custom function for setting OIDC_IDTOKEN_PROCESSING_HOOK.
+        """
+        code = self._create_code()
+
+        post_data = self._auth_code_post_data(code=code.code)
+
+        response = self._post_request(post_data)
+
+        response_dic = json.loads(response.content.decode('utf-8'))
+        id_token = JWT().unpack(response_dic['id_token'].encode('utf-8')).payload()
+
+        self.assertEqual(id_token.get('test_idtoken_processing_hook'), FAKE_RANDOM_STRING)
+        self.assertEqual(id_token.get('test_idtoken_processing_hook_user_email'), self.user.email)
+
+        self.assertEqual(id_token.get('test_idtoken_processing_hook2'), FAKE_RANDOM_STRING)
+        self.assertEqual(id_token.get('test_idtoken_processing_hook_user_email2'), self.user.email)