From b05894bf6d6f7f418b2e5363ca5203e9d911aea9 Mon Sep 17 00:00:00 2001 From: Ignacio Fiorentino Date: Tue, 12 Apr 2016 18:19:16 -0300 Subject: [PATCH] Add prompt parameter to authorize view. --- oidc_provider/lib/endpoints/authorize.py | 3 ++- oidc_provider/views.py | 7 +++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/oidc_provider/lib/endpoints/authorize.py b/oidc_provider/lib/endpoints/authorize.py index 3bb6409..83624ad 100644 --- a/oidc_provider/lib/endpoints/authorize.py +++ b/oidc_provider/lib/endpoints/authorize.py @@ -55,6 +55,7 @@ class AuthorizeEndpoint(object): self.params.scope = query_dict.get('scope', '').split() self.params.state = query_dict.get('state', '') self.params.nonce = query_dict.get('nonce', '') + self.params.prompt = query_dict.get('prompt', '') # PKCE parameters. self.params.code_challenge = query_dict.get('code_challenge') @@ -91,7 +92,7 @@ class AuthorizeEndpoint(object): raise RedirectUriError() # PKCE validation of the transformation method. - if self.params.code_challenge and self.params.code_challenge_method: + if self.params.code_challenge: if not (self.params.code_challenge_method in ['plain', 'S256']): raise AuthorizeError(self.params.redirect_uri, 'invalid_request', self.grant_type) diff --git a/oidc_provider/views.py b/oidc_provider/views.py index 2af287d..bd5a6f8 100644 --- a/oidc_provider/views.py +++ b/oidc_provider/views.py @@ -68,8 +68,11 @@ class AuthorizeView(View): return render(request, 'oidc_provider/authorize.html', context) else: - path = request.get_full_path() - return redirect_to_login(path) + if authorize.params.prompt == 'none': + raise AuthorizeError(authorize.params.redirect_uri, 'login_required', authorize.grant_type) + else: + path = request.get_full_path() + return redirect_to_login(path) except (ClientIdError, RedirectUriError) as error: context = {