Add initial doc for session management.
This commit is contained in:
parent
b442dbf979
commit
d9149b162d
|
@ -5,6 +5,8 @@ This tiny (but powerful!) package can help you providing out of the box all the
|
|||
|
||||
Also implements the following specifications:
|
||||
|
||||
* `OpenID Connect Discovery 1.0 <https://openid.net/specs/openid-connect-discovery-1_0.html>`_
|
||||
* `OpenID Connect Session Management 1.0 <https://openid.net/specs/openid-connect-session-1_0.html>`_
|
||||
* `OAuth 2.0 for Native Apps <https://tools.ietf.org/html/draft-ietf-oauth-native-apps-01>`_
|
||||
* `Proof Key for Code Exchange by OAuth Public Clients <https://tools.ietf.org/html/rfc7636>`_
|
||||
|
||||
|
@ -30,6 +32,7 @@ Contents:
|
|||
sections/userconsent
|
||||
sections/oauth2
|
||||
sections/accesstokens
|
||||
sections/sessionmanagement
|
||||
sections/settings
|
||||
sections/examples
|
||||
sections/contribute
|
||||
|
|
67
docs/sections/sessionmanagement.rst
Normal file
67
docs/sections/sessionmanagement.rst
Normal file
|
@ -0,0 +1,67 @@
|
|||
.. _sessionmanagement:
|
||||
|
||||
Session Management
|
||||
##################
|
||||
|
||||
The `OpenID Connect Session Management 1.0 <https://openid.net/specs/openid-connect-session-1_0.html>`_ specification complements the core specification by defining how to monitor the End-User's login status at the OpenID Provider on an ongoing basis so that the Relying Party can log out an End-User who has logged out of the OpenID Provider.
|
||||
|
||||
|
||||
Setup
|
||||
=====
|
||||
|
||||
Somewhere in your Django ``settings.py``::
|
||||
|
||||
MIDDLEWARE_CLASSES = [
|
||||
...
|
||||
'oidc_provider.middleware.SessionManagementMiddleware',
|
||||
]
|
||||
|
||||
OIDC_SESSION_MANAGEMENT_ENABLE = True
|
||||
|
||||
Example RP iframe
|
||||
=================
|
||||
|
||||
::
|
||||
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="ISO-8859-1">
|
||||
<title>RP Iframe</title>
|
||||
</head>
|
||||
<body onload="javascript:startChecking()">
|
||||
<iframe id="op-iframe" src="http://localhost:8000/check-session-iframe/" frameborder="0" width="0" height="0"></iframe>
|
||||
</body>
|
||||
<script>
|
||||
var targetOP = "http://localhost:8000";
|
||||
|
||||
window.addEventListener("message", receiveMessage, false);
|
||||
|
||||
function startChecking() {
|
||||
checkStatus();
|
||||
setInterval('checkStatus()', 1000*60); // every 60 seconds
|
||||
}
|
||||
|
||||
function checkStatus() {
|
||||
var clientId = '';
|
||||
var sessionState = '';
|
||||
var data = clientId + ' ' + sessionState;
|
||||
document.getElementById('op-iframe').contentWindow.postMessage(data, targetOP);
|
||||
}
|
||||
|
||||
function receiveMessage(event) {
|
||||
if (event.origin !== targetOP) {
|
||||
// Origin did not come from the OP.
|
||||
return;
|
||||
}
|
||||
if (event.data === 'unchanged') {
|
||||
// User is still logged in to the OP.
|
||||
} else if (event.data === 'changed') {
|
||||
// Perform re-authentication with prompt=none to obtain the current session state at the OP.
|
||||
} else {
|
||||
// Error.
|
||||
console.log('Something goes wrong!');
|
||||
}
|
||||
}
|
||||
</script>
|
||||
</html>
|
|
@ -52,7 +52,6 @@ Used to add extra scopes specific for your app. OpenID Connect RP's will use sco
|
|||
|
||||
Read more about how to implement it in :ref:`scopesclaims` section.
|
||||
|
||||
|
||||
OIDC_IDTOKEN_EXPIRE
|
||||
===================
|
||||
|
||||
|
@ -92,6 +91,13 @@ Default is::
|
|||
|
||||
return str(user.id)
|
||||
|
||||
OIDC_SESSION_MANAGEMENT_ENABLE
|
||||
==============================
|
||||
|
||||
OPTIONAL. ``bool``. Enables OpenID Connect Session Management 1.0 in your provider. Read :ref:`scopesclaims` section.
|
||||
|
||||
Default is ``False``.
|
||||
|
||||
OIDC_SKIP_CONSENT_ALWAYS
|
||||
========================
|
||||
|
||||
|
@ -123,7 +129,7 @@ Expressed in seconds. Default is ``60*60``.
|
|||
OIDC_USERINFO
|
||||
=============
|
||||
|
||||
OPTIONAL. ``str``. A string with the location of your function. Read **Standard Claims** section.
|
||||
OPTIONAL. ``str``. A string with the location of your function. Read :ref:`scopesclaims` section.
|
||||
|
||||
The function receives a ``claims`` dictionary with all the standard claims and ``user`` instance. Must returns the ``claims`` dict again.
|
||||
|
||||
|
|
Loading…
Reference in a new issue