merging with remote branch..

README.rst

@@ -46,9 +46,29 @@ Add the provider urls.
         # ...
     )
 
-Finally, add a login view and ensure that has the same url defined in `LOGIN_URL` setting.
+********
+Settings
+********
+
+Add required variables to your project settings.
+
+.. code:: python
+
+    # REQUIRED.
+
+    # Your server provider url.
+    SITE_URL = 'http://localhost:8000'
+
+    # Used to log the user in.
+    # See: https://docs.djangoproject.com/en/1.7/ref/settings/#login-url
+    LOGIN_URL = '/accounts/login/'
+
+    # OPTIONAL.
+
+    DOP_CODE_EXPIRE = 60*10 # 10 min.
+    DOP_IDTOKEN_EXPIRE = 60*10, # 10 min.
+    DOP_TOKEN_EXPIRE = 60*60 # 1 hour.
 
-See: https://docs.djangoproject.com/en/1.7/ref/settings/#login-url
 
 ********************
 Create User & Client
@@ -61,7 +81,7 @@ Then let's create a Client. Start django shell: ``python manage.py shell``.
 .. code:: python
 
     >>> from openid_provider.models import Client
-    >>> c = Client(name='Some Client', client_id='123', client_secret='456', client_type='confidential', response_type='code', redirect_uris=['http://example.com/'])
+    >>> c = Client(name='Some Client', client_id='123', client_secret='456', response_type='code', redirect_uris=['http://example.com/'])
     >>> c.save()
 
 *******************

openid_provider/lib/endpoints/authorize.py

@@ -4,6 +4,8 @@ from datetime import timedelta
 
 from django.utils import timezone
 
+from openid_provider import settings
+
 from ..errors import *
 from ..utils.params import *
 from ..utils.token import *
@@ -99,7 +101,8 @@ class AuthorizeEndpoint(object):
                 code.user = self.request.user
                 code.client = self.client
                 code.code = uuid.uuid4().hex
-                code.expires_at = timezone.now() + timedelta(seconds=60*10)  # TODO: Add this into settings.
+                code.expires_at = timezone.now() + timedelta(
+                    seconds=settings.get('DOP_CODE_EXPIRE'))
                 code.scope = self.params.scope
                 code.save()
 
@@ -109,7 +112,7 @@ class AuthorizeEndpoint(object):
 
                 id_token_dic = create_id_token_dic(
                     self.request.user,
-                    'http://localhost:8000',  # TODO: Add this into settings.
+                    settings.get('SITE_URL'),
                     self.client.client_id)
 
                 token = create_token(
@@ -121,14 +124,15 @@ class AuthorizeEndpoint(object):
                 # Store the token.
                 token.save()
 
-                id_token = encode_id_token(id_token_dic, self.client.client_secret)
+                id_token = encode_id_token(
+                    id_token_dic, self.client.client_secret)
 
                 # TODO: Check if response_type is 'id_token token' then
                 # add access_token to the fragment.
                 uri = self.params.redirect_uri + '#token_type={0}&id_token={1}&expires_in={2}'.format(
                     'bearer',
                     id_token,
-                    60*10
+                    60 * 10
                 )
         except:
             raise AuthorizeError(
@@ -137,6 +141,8 @@ class AuthorizeEndpoint(object):
                 self.grant_type)
 
         # Add state if present.
-        uri = uri + ('&state={0}'.format(self.params.state) if self.params.state else '')
+        uri = uri + \
+            ('&state={0}'.format(self.params.state)
+             if self.params.state else '')
 
         return uri

openid_provider/lib/endpoints/token.py

@@ -5,6 +5,8 @@ try:  # JsonResponse is only available in Django > 1.7
 except ImportError:
     from ..utils.http import JsonResponse
     
+from openid_provider import settings
+
 from ..utils.http import JsonResponse
 from ..errors import *
 from ..utils.params import *
@@ -27,7 +29,8 @@ class TokenEndpoint(object):
 
         self.params.client_id = query_dict.get('client_id', '')
         self.params.client_secret = query_dict.get('client_secret', '')
-        self.params.redirect_uri = urllib.unquote(query_dict.get('redirect_uri', ''))
+        self.params.redirect_uri = urllib.unquote(
+            query_dict.get('redirect_uri', ''))
         self.params.grant_type = query_dict.get('grant_type', '')
         self.params.code = query_dict.get('code', '')
         self.params.state = query_dict.get('state', '')
@@ -48,7 +51,8 @@ class TokenEndpoint(object):
 
             self.code = Code.objects.get(code=self.params.code)
 
-            if not (self.code.client == self.client) and not self.code.has_expired():
+            if not (self.code.client == self.client) and \
+               not self.code.has_expired():
                 raise TokenError('invalid_grant')
 
         except Client.DoesNotExist:
@@ -61,16 +65,14 @@ class TokenEndpoint(object):
 
         id_token_dic = create_id_token_dic(
             self.code.user,
-            'http://localhost:8000',  # TODO: Add this into settings.
+            settings.get('SITE_URL'),
-            self.client.client_id
+            self.client.client_id)
-        )
 
         token = create_token(
             user=self.code.user,
             client=self.code.client,
             id_token_dic=id_token_dic,
-            scope=self.code.scope
+            scope=self.code.scope)
-        )
 
         # Store the token.
         token.save()
@@ -83,7 +85,7 @@ class TokenEndpoint(object):
         dic = {
             'access_token': token.access_token,
             'token_type': 'bearer',
-            'expires_in': 60*60,  # TODO: Add this into settings.
+            'expires_in': settings.get('DOP_TOKEN_EXPIRE'),
             'id_token': id_token,
         }
 

openid_provider/lib/utils/token.py

@@ -4,6 +4,7 @@ import uuid
 
 from datetime import timedelta
 
+from openid_provider import settings
 from django.utils import timezone
 from openid_provider.models import *
 
@@ -16,7 +17,7 @@ def create_id_token_dic(user, iss, aud):
 
     Return a dic.
     """
-    expires_in = 60*10
+    expires_in = settings.get('DOP_IDTOKEN_EXPIRE')
 
     now = timezone.now()
 
@@ -62,7 +63,8 @@ def create_token(user, client, id_token_dic, scope):
     token.id_token = id_token_dic
 
     token.refresh_token = uuid.uuid4().hex
-    token.expires_at = timezone.now() + timedelta(seconds=60*60)  # TODO: Add this into settings.
+    token.expires_at = timezone.now() + timedelta(
+        seconds=settings.get('DOP_TOKEN_EXPIRE'))
     token.scope = scope
 
     return token

openid_provider/settings.py

@@ -0,0 +1,27 @@
+from django.conf import settings
+
+
+# Here goes all the package default settings.
+default_settings = {
+    'DOP_CODE_EXPIRE': 60 * 10,  # 10 min.
+    'DOP_IDTOKEN_EXPIRE': 60 * 10,  # 10 min.
+    'DOP_TOKEN_EXPIRE': 60 * 60,  # 1 hour.
+    'LOGIN_URL': None,
+    'SITE_URL': None,
+}
+
+
+def get(name):
+    """
+    Helper function to use inside the package.
+    :param name:
+    :return:
+    """
+    try:
+        value = default_settings[name]
+        value = getattr(settings, name)
+    except AttributeError:
+        if value == None:
+            raise Exception('You must set ' + name + ' in your settings.')
+
+    return value

openid_provider/views.py

@@ -15,6 +15,8 @@ from .lib.endpoints.authorize import *
 from .lib.endpoints.token import *
 from .lib.endpoints.userinfo import *
 
+from openid_provider import settings
+
 
 class AuthorizeView(View):
 
@@ -39,7 +41,7 @@ class AuthorizeView(View):
             else:
                 path = request.get_full_path()
                 return redirect_to_login(
-                    path, settings.LOGIN_URL, REDIRECT_FIELD_NAME)
+                    path, settings.get('LOGIN_URL'), REDIRECT_FIELD_NAME)
 
         except (ClientIdError, RedirectUriError) as error:
             context = {