Pass token and request to OIDC_ID_TOKEN_PROCESSING_HOOK

The ID token processing hook might need the token or request too, so
make them available.
This commit is contained in:
Tuomas Suutari 2018-05-24 00:24:52 +03:00
parent 93420461b4
commit b0a82aa4ab
4 changed files with 51 additions and 12 deletions

View file

@ -107,9 +107,10 @@ def default_after_end_session_hook(
return None
def default_idtoken_processing_hook(id_token, user, scope=None):
def default_idtoken_processing_hook(
id_token, user, scope, token, request, **kwargs):
"""
Hook to perform some additional actions ti `id_token` dictionary just before serialization.
Hook for modifying `id_token` just before serialization.
:param id_token: dictionary contains values that going to be serialized into `id_token`
:type id_token: dict
@ -120,8 +121,14 @@ def default_idtoken_processing_hook(id_token, user, scope=None):
:param scope: scope for the token
:type scope: list[str]|None
:param token: the Token object created for the authentication request
:type token: oidc_provider.models.Token
:param request: the request initiating this ID token processing
:type request: django.http.HttpRequest
:return: custom modified dictionary of values for `id_token`
:rtype dict
:rtype: dict
"""
return id_token

View file

@ -64,7 +64,7 @@ def create_id_token(token, user, aud, nonce='', at_hash='', request=None, scope=
dic = run_processing_hook(
dic, 'OIDC_IDTOKEN_PROCESSING_HOOK',
user=user, scope=scope)
user=user, scope=scope, token=token, request=request)
return dic

View file

@ -113,7 +113,7 @@ def fake_sub_generator(user):
return user.email
def fake_idtoken_processing_hook(id_token, user, scope=None):
def fake_idtoken_processing_hook(id_token, user, **kwargs):
"""
Fake function for inserting some keys into token. Testing OIDC_IDTOKEN_PROCESSING_HOOK.
"""
@ -122,7 +122,7 @@ def fake_idtoken_processing_hook(id_token, user, scope=None):
return id_token
def fake_idtoken_processing_hook2(id_token, user, scope=None):
def fake_idtoken_processing_hook2(id_token, user, **kwargs):
"""
Fake function for inserting some keys into token.
Testing OIDC_IDTOKEN_PROCESSING_HOOK - tuple or list as param
@ -132,7 +132,7 @@ def fake_idtoken_processing_hook2(id_token, user, scope=None):
return id_token
def fake_idtoken_processing_hook3(id_token, user, scope=None):
def fake_idtoken_processing_hook3(id_token, user, scope=None, **kwargs):
"""
Fake function for checking scope is passed to processing hook.
"""
@ -140,6 +140,17 @@ def fake_idtoken_processing_hook3(id_token, user, scope=None):
return id_token
def fake_idtoken_processing_hook4(id_token, user, **kwargs):
"""
Fake function for checking kwargs passed to processing hook.
"""
id_token['kwargs_passed_to_processing_hook'] = {
key: repr(value)
for (key, value) in kwargs.items()
}
return id_token
def fake_introspection_processing_hook(response_dict, client, id_token):
response_dict['test_introspection_processing_hook'] = FAKE_RANDOM_STRING
return response_dict

View file

@ -735,7 +735,31 @@ class TokenTestCase(TestCase):
"""
Test scope parameter is passed to OIDC_IDTOKEN_PROCESSING_HOOK.
"""
code = self._create_code(['openid', 'email', 'profile', 'dummy'])
id_token = self._request_id_token_with_scope(
['openid', 'email', 'profile', 'dummy'])
self.assertEqual(
id_token.get('scope_passed_to_processing_hook'),
['openid', 'email', 'profile', 'dummy'])
@override_settings(
OIDC_IDTOKEN_PROCESSING_HOOK=(
'oidc_provider.tests.app.utils.fake_idtoken_processing_hook4'))
def test_additional_idtoken_processing_hook_kwargs(self):
"""
Test correct kwargs are passed to OIDC_IDTOKEN_PROCESSING_HOOK.
"""
id_token = self._request_id_token_with_scope(['openid', 'profile'])
kwargs_passed = id_token.get('kwargs_passed_to_processing_hook')
assert kwargs_passed
self.assertEqual(kwargs_passed.get('scope'),
repr([u'openid', u'profile']))
self.assertEqual(kwargs_passed.get('token'),
'<Token: Some Client - johndoe@example.com>')
self.assertEqual(kwargs_passed.get('request'),
"<WSGIRequest: POST '/openid/token'>")
def _request_id_token_with_scope(self, scope):
code = self._create_code(scope)
post_data = self._auth_code_post_data(code=code.code)
@ -743,10 +767,7 @@ class TokenTestCase(TestCase):
response_dic = json.loads(response.content.decode('utf-8'))
id_token = JWT().unpack(response_dic['id_token'].encode('utf-8')).payload()
self.assertEqual(
id_token.get('scope_passed_to_processing_hook'),
['openid', 'email', 'profile', 'dummy'])
return id_token
def test_pkce_parameters(self):
"""