From 5d57c4919cc9bd4db56dc79127544bdf8effc304 Mon Sep 17 00:00:00 2001 From: Wojciech Bartosiak Date: Tue, 8 Mar 2016 12:57:47 +0000 Subject: [PATCH 1/2] Fix encoding of client secret --- oidc_provider/admin.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oidc_provider/admin.py b/oidc_provider/admin.py index d46fc8f..9963b35 100644 --- a/oidc_provider/admin.py +++ b/oidc_provider/admin.py @@ -33,7 +33,7 @@ class ClientForm(ModelForm): if instance and instance.pk: return instance.client_secret else: - return md5(str(uuid4())).hexdigest() + return md5(uuid4().hex.encode()).hexdigest() @admin.register(Client) From 08033bb9ad17d46eec0f603281ee2e66f6946507 Mon Sep 17 00:00:00 2001 From: Wojciech Bartosiak Date: Tue, 8 Mar 2016 13:21:55 +0000 Subject: [PATCH 2/2] Fix missing verification of response type for client --- oidc_provider/lib/endpoints/authorize.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/oidc_provider/lib/endpoints/authorize.py b/oidc_provider/lib/endpoints/authorize.py index e75dfe8..f571c81 100644 --- a/oidc_provider/lib/endpoints/authorize.py +++ b/oidc_provider/lib/endpoints/authorize.py @@ -76,6 +76,10 @@ class AuthorizeEndpoint(object): raise AuthorizeError(self.params.redirect_uri, 'invalid_request', self.grant_type) + if self.is_authentication and self.params.response_type != self.client.response_type: + raise AuthorizeError(self.params.redirect_uri, 'invalid_request', + self.grant_type) + clean_redirect_uri = urlsplit(self.params.redirect_uri) clean_redirect_uri = urlunsplit(clean_redirect_uri._replace(query='')) if not (clean_redirect_uri in self.client.redirect_uris):