Add prompt parameter to authorize view.

2016-04-12 18:19:16 -03:00 · 2016-04-12 18:19:16 -03:00 · b05894bf6d
parent 32950bc655
commit b05894bf6d
2 changed files with 7 additions and 3 deletions
--- a/oidc_provider/lib/endpoints/authorize.py
+++ b/oidc_provider/lib/endpoints/authorize.py
@ -55,6 +55,7 @@ class AuthorizeEndpoint(object):
        self.params.scope = query_dict.get('scope', '').split()
        self.params.state = query_dict.get('state', '')
        self.params.nonce = query_dict.get('nonce', '')
+        self.params.prompt = query_dict.get('prompt', '')

        # PKCE parameters.
        self.params.code_challenge = query_dict.get('code_challenge')
@ -91,7 +92,7 @@ class AuthorizeEndpoint(object):
            raise RedirectUriError()

        # PKCE validation of the transformation method.
-        if self.params.code_challenge and self.params.code_challenge_method:
+        if self.params.code_challenge:
            if not (self.params.code_challenge_method in ['plain', 'S256']):
                raise AuthorizeError(self.params.redirect_uri, 'invalid_request', self.grant_type)

--- a/oidc_provider/views.py
+++ b/oidc_provider/views.py
@ -68,8 +68,11 @@ class AuthorizeView(View):

                return render(request, 'oidc_provider/authorize.html', context)
            else:
-                path = request.get_full_path()
-                return redirect_to_login(path)
+                if authorize.params.prompt == 'none':
+                    raise AuthorizeError(authorize.params.redirect_uri, 'login_required', authorize.grant_type)
+                else:
+                    path = request.get_full_path()
+                    return redirect_to_login(path)

        except (ClientIdError, RedirectUriError) as error:
            context = {