Pass token and request to OIDC_ID_TOKEN_PROCESSING_HOOK
The ID token processing hook might need the token or request too, so make them available.
This commit is contained in:
parent
93420461b4
commit
b0a82aa4ab
|
@ -107,9 +107,10 @@ def default_after_end_session_hook(
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
||||||
def default_idtoken_processing_hook(id_token, user, scope=None):
|
def default_idtoken_processing_hook(
|
||||||
|
id_token, user, scope, token, request, **kwargs):
|
||||||
"""
|
"""
|
||||||
Hook to perform some additional actions ti `id_token` dictionary just before serialization.
|
Hook for modifying `id_token` just before serialization.
|
||||||
|
|
||||||
:param id_token: dictionary contains values that going to be serialized into `id_token`
|
:param id_token: dictionary contains values that going to be serialized into `id_token`
|
||||||
:type id_token: dict
|
:type id_token: dict
|
||||||
|
@ -120,8 +121,14 @@ def default_idtoken_processing_hook(id_token, user, scope=None):
|
||||||
:param scope: scope for the token
|
:param scope: scope for the token
|
||||||
:type scope: list[str]|None
|
:type scope: list[str]|None
|
||||||
|
|
||||||
|
:param token: the Token object created for the authentication request
|
||||||
|
:type token: oidc_provider.models.Token
|
||||||
|
|
||||||
|
:param request: the request initiating this ID token processing
|
||||||
|
:type request: django.http.HttpRequest
|
||||||
|
|
||||||
:return: custom modified dictionary of values for `id_token`
|
:return: custom modified dictionary of values for `id_token`
|
||||||
:rtype dict
|
:rtype: dict
|
||||||
"""
|
"""
|
||||||
return id_token
|
return id_token
|
||||||
|
|
||||||
|
|
|
@ -64,7 +64,7 @@ def create_id_token(token, user, aud, nonce='', at_hash='', request=None, scope=
|
||||||
|
|
||||||
dic = run_processing_hook(
|
dic = run_processing_hook(
|
||||||
dic, 'OIDC_IDTOKEN_PROCESSING_HOOK',
|
dic, 'OIDC_IDTOKEN_PROCESSING_HOOK',
|
||||||
user=user, scope=scope)
|
user=user, scope=scope, token=token, request=request)
|
||||||
|
|
||||||
return dic
|
return dic
|
||||||
|
|
||||||
|
|
|
@ -113,7 +113,7 @@ def fake_sub_generator(user):
|
||||||
return user.email
|
return user.email
|
||||||
|
|
||||||
|
|
||||||
def fake_idtoken_processing_hook(id_token, user, scope=None):
|
def fake_idtoken_processing_hook(id_token, user, **kwargs):
|
||||||
"""
|
"""
|
||||||
Fake function for inserting some keys into token. Testing OIDC_IDTOKEN_PROCESSING_HOOK.
|
Fake function for inserting some keys into token. Testing OIDC_IDTOKEN_PROCESSING_HOOK.
|
||||||
"""
|
"""
|
||||||
|
@ -122,7 +122,7 @@ def fake_idtoken_processing_hook(id_token, user, scope=None):
|
||||||
return id_token
|
return id_token
|
||||||
|
|
||||||
|
|
||||||
def fake_idtoken_processing_hook2(id_token, user, scope=None):
|
def fake_idtoken_processing_hook2(id_token, user, **kwargs):
|
||||||
"""
|
"""
|
||||||
Fake function for inserting some keys into token.
|
Fake function for inserting some keys into token.
|
||||||
Testing OIDC_IDTOKEN_PROCESSING_HOOK - tuple or list as param
|
Testing OIDC_IDTOKEN_PROCESSING_HOOK - tuple or list as param
|
||||||
|
@ -132,7 +132,7 @@ def fake_idtoken_processing_hook2(id_token, user, scope=None):
|
||||||
return id_token
|
return id_token
|
||||||
|
|
||||||
|
|
||||||
def fake_idtoken_processing_hook3(id_token, user, scope=None):
|
def fake_idtoken_processing_hook3(id_token, user, scope=None, **kwargs):
|
||||||
"""
|
"""
|
||||||
Fake function for checking scope is passed to processing hook.
|
Fake function for checking scope is passed to processing hook.
|
||||||
"""
|
"""
|
||||||
|
@ -140,6 +140,17 @@ def fake_idtoken_processing_hook3(id_token, user, scope=None):
|
||||||
return id_token
|
return id_token
|
||||||
|
|
||||||
|
|
||||||
|
def fake_idtoken_processing_hook4(id_token, user, **kwargs):
|
||||||
|
"""
|
||||||
|
Fake function for checking kwargs passed to processing hook.
|
||||||
|
"""
|
||||||
|
id_token['kwargs_passed_to_processing_hook'] = {
|
||||||
|
key: repr(value)
|
||||||
|
for (key, value) in kwargs.items()
|
||||||
|
}
|
||||||
|
return id_token
|
||||||
|
|
||||||
|
|
||||||
def fake_introspection_processing_hook(response_dict, client, id_token):
|
def fake_introspection_processing_hook(response_dict, client, id_token):
|
||||||
response_dict['test_introspection_processing_hook'] = FAKE_RANDOM_STRING
|
response_dict['test_introspection_processing_hook'] = FAKE_RANDOM_STRING
|
||||||
return response_dict
|
return response_dict
|
||||||
|
|
|
@ -735,7 +735,31 @@ class TokenTestCase(TestCase):
|
||||||
"""
|
"""
|
||||||
Test scope parameter is passed to OIDC_IDTOKEN_PROCESSING_HOOK.
|
Test scope parameter is passed to OIDC_IDTOKEN_PROCESSING_HOOK.
|
||||||
"""
|
"""
|
||||||
code = self._create_code(['openid', 'email', 'profile', 'dummy'])
|
id_token = self._request_id_token_with_scope(
|
||||||
|
['openid', 'email', 'profile', 'dummy'])
|
||||||
|
self.assertEqual(
|
||||||
|
id_token.get('scope_passed_to_processing_hook'),
|
||||||
|
['openid', 'email', 'profile', 'dummy'])
|
||||||
|
|
||||||
|
@override_settings(
|
||||||
|
OIDC_IDTOKEN_PROCESSING_HOOK=(
|
||||||
|
'oidc_provider.tests.app.utils.fake_idtoken_processing_hook4'))
|
||||||
|
def test_additional_idtoken_processing_hook_kwargs(self):
|
||||||
|
"""
|
||||||
|
Test correct kwargs are passed to OIDC_IDTOKEN_PROCESSING_HOOK.
|
||||||
|
"""
|
||||||
|
id_token = self._request_id_token_with_scope(['openid', 'profile'])
|
||||||
|
kwargs_passed = id_token.get('kwargs_passed_to_processing_hook')
|
||||||
|
assert kwargs_passed
|
||||||
|
self.assertEqual(kwargs_passed.get('scope'),
|
||||||
|
repr([u'openid', u'profile']))
|
||||||
|
self.assertEqual(kwargs_passed.get('token'),
|
||||||
|
'<Token: Some Client - johndoe@example.com>')
|
||||||
|
self.assertEqual(kwargs_passed.get('request'),
|
||||||
|
"<WSGIRequest: POST '/openid/token'>")
|
||||||
|
|
||||||
|
def _request_id_token_with_scope(self, scope):
|
||||||
|
code = self._create_code(scope)
|
||||||
|
|
||||||
post_data = self._auth_code_post_data(code=code.code)
|
post_data = self._auth_code_post_data(code=code.code)
|
||||||
|
|
||||||
|
@ -743,10 +767,7 @@ class TokenTestCase(TestCase):
|
||||||
|
|
||||||
response_dic = json.loads(response.content.decode('utf-8'))
|
response_dic = json.loads(response.content.decode('utf-8'))
|
||||||
id_token = JWT().unpack(response_dic['id_token'].encode('utf-8')).payload()
|
id_token = JWT().unpack(response_dic['id_token'].encode('utf-8')).payload()
|
||||||
|
return id_token
|
||||||
self.assertEqual(
|
|
||||||
id_token.get('scope_passed_to_processing_hook'),
|
|
||||||
['openid', 'email', 'profile', 'dummy'])
|
|
||||||
|
|
||||||
def test_pkce_parameters(self):
|
def test_pkce_parameters(self):
|
||||||
"""
|
"""
|
||||||
|
|
Loading…
Reference in a new issue