kumi/django-oidc-provider
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Remove scope param from OIDC_IDTOKEN_PROCESSING_HOOK

Browse source 
There is no need to pass in the scope parameter separately, since the
scope is available via the token parameter already.
This commit is contained in:
Tuomas Suutari 2018-05-31 10:23:58 +03:00
parent 122b5c19fd
commit c95497dbd9
6 changed files with 10 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/sections/changelog.rst
View file

@ -11,7 +11,7 @@ Unreleased
* Added: token instrospection endpoint support (RFC7662). * Added: token instrospection endpoint support (RFC7662).
* Added: request in password grant authenticate call. * Added: request in password grant authenticate call.
* Changed: dropping support for Django versions before 1.8. * Changed: dropping support for Django versions before 1.8.
* Changed: pass scope, token and request to OIDC_IDTOKEN_PROCESSING_HOOK. * Changed: pass token and request to OIDC_IDTOKEN_PROCESSING_HOOK.
0.6.0 0.6.0
===== =====

3
docs/sections/settings.rst
View file

@ -96,7 +96,6 @@ The hook function receives following arguments:
processing hooks are configured, then the claims of the previous hook processing hooks are configured, then the claims of the previous hook
are also present in the passed dictionary. are also present in the passed dictionary.
* ``user``: User object of the authenticating user, * ``user``: User object of the authenticating user,
* ``scope``: the authorized scopes as list of strings or None,
* ``token``: the Token object created for the authentication request, and * ``token``: the Token object created for the authentication request, and
* ``request``: Django request object of the authentication request. * ``request``: Django request object of the authentication request.
@ -109,7 +108,7 @@ The hook function should return the modified ID token as dictionary.
Default is:: Default is::
def default_idtoken_processing_hook(id_token, user, scope, token, request, **kwargs): def default_idtoken_processing_hook(id_token, user, token, request, **kwargs):
return id_token return id_token

5
oidc_provider/lib/utils/common.py
View file

@ -108,7 +108,7 @@ def default_after_end_session_hook(
def default_idtoken_processing_hook( def default_idtoken_processing_hook(
id_token, user, scope, token, request, **kwargs): id_token, user, token, request, **kwargs):
""" """
Hook for modifying `id_token` just before serialization. Hook for modifying `id_token` just before serialization.
@ -118,9 +118,6 @@ def default_idtoken_processing_hook(
:param user: user for whom id_token is generated :param user: user for whom id_token is generated
:type user: User :type user: User
:param scope: scope for the token
:type scope: list[str]|None
:param token: the Token object created for the authentication request :param token: the Token object created for the authentication request
:type token: oidc_provider.models.Token :type token: oidc_provider.models.Token

2
oidc_provider/lib/utils/token.py
View file

@ -64,7 +64,7 @@ def create_id_token(token, user, aud, nonce='', at_hash='', request=None, scope=
dic = run_processing_hook( dic = run_processing_hook(
dic, 'OIDC_IDTOKEN_PROCESSING_HOOK', dic, 'OIDC_IDTOKEN_PROCESSING_HOOK',
user=user, scope=scope, token=token, request=request) user=user, token=token, request=request)
return dic return dic

4
oidc_provider/tests/app/utils.py
View file

@ -132,11 +132,11 @@ def fake_idtoken_processing_hook2(id_token, user, **kwargs):
return id_token return id_token
def fake_idtoken_processing_hook3(id_token, user, scope=None, **kwargs): def fake_idtoken_processing_hook3(id_token, user, token, **kwargs):
""" """
Fake function for checking scope is passed to processing hook. Fake function for checking scope is passed to processing hook.
""" """
id_token['scope_passed_to_processing_hook'] = scope id_token['scope_of_token_passed_to_processing_hook'] = token.scope
return id_token return id_token

9
oidc_provider/tests/cases/test_token_endpoint.py
View file

@ -731,14 +731,14 @@ class TokenTestCase(TestCase):
@override_settings( @override_settings(
OIDC_IDTOKEN_PROCESSING_HOOK=( OIDC_IDTOKEN_PROCESSING_HOOK=(
'oidc_provider.tests.app.utils.fake_idtoken_processing_hook3')) 'oidc_provider.tests.app.utils.fake_idtoken_processing_hook3'))
def test_additional_idtoken_processing_hook_scope_param(self): def test_additional_idtoken_processing_hook_scope_available(self):
""" """
Test scope parameter is passed to OIDC_IDTOKEN_PROCESSING_HOOK. Test scope is available in OIDC_IDTOKEN_PROCESSING_HOOK.
""" """
id_token = self._request_id_token_with_scope( id_token = self._request_id_token_with_scope(
['openid', 'email', 'profile', 'dummy']) ['openid', 'email', 'profile', 'dummy'])
self.assertEqual( self.assertEqual(
id_token.get('scope_passed_to_processing_hook'), id_token.get('scope_of_token_passed_to_processing_hook'),
['openid', 'email', 'profile', 'dummy']) ['openid', 'email', 'profile', 'dummy'])
@override_settings( @override_settings(
@ -751,12 +751,11 @@ class TokenTestCase(TestCase):
id_token = self._request_id_token_with_scope(['openid', 'profile']) id_token = self._request_id_token_with_scope(['openid', 'profile'])
kwargs_passed = id_token.get('kwargs_passed_to_processing_hook') kwargs_passed = id_token.get('kwargs_passed_to_processing_hook')
assert kwargs_passed assert kwargs_passed
self.assertEqual(kwargs_passed.get('scope'),
repr([u'openid', u'profile']))
self.assertEqual(kwargs_passed.get('token'), self.assertEqual(kwargs_passed.get('token'),
'<Token: Some Client - johndoe@example.com>') '<Token: Some Client - johndoe@example.com>')
self.assertEqual(kwargs_passed.get('request'), self.assertEqual(kwargs_passed.get('request'),
"<WSGIRequest: POST '/openid/token'>") "<WSGIRequest: POST '/openid/token'>")
self.assertEqual(set(kwargs_passed.keys()), {'token', 'request'})
def _request_id_token_with_scope(self, scope): def _request_id_token_with_scope(self, scope):
code = self._create_code(scope) code = self._create_code(scope)