Merge pull request #245 from suutari-ai/remove-extra-scope-param-from-hook
Remove scope param from OIDC_IDTOKEN_PROCESSING_HOOK
This commit is contained in:
commit
dfcc3de01c
6 changed files with 10 additions and 15 deletions
|
@ -11,7 +11,7 @@ Unreleased
|
||||||
* Added: token instrospection endpoint support (RFC7662).
|
* Added: token instrospection endpoint support (RFC7662).
|
||||||
* Added: request in password grant authenticate call.
|
* Added: request in password grant authenticate call.
|
||||||
* Changed: dropping support for Django versions before 1.8.
|
* Changed: dropping support for Django versions before 1.8.
|
||||||
* Changed: pass scope, token and request to OIDC_IDTOKEN_PROCESSING_HOOK.
|
* Changed: pass token and request to OIDC_IDTOKEN_PROCESSING_HOOK.
|
||||||
|
|
||||||
0.6.0
|
0.6.0
|
||||||
=====
|
=====
|
||||||
|
|
|
@ -96,7 +96,6 @@ The hook function receives following arguments:
|
||||||
processing hooks are configured, then the claims of the previous hook
|
processing hooks are configured, then the claims of the previous hook
|
||||||
are also present in the passed dictionary.
|
are also present in the passed dictionary.
|
||||||
* ``user``: User object of the authenticating user,
|
* ``user``: User object of the authenticating user,
|
||||||
* ``scope``: the authorized scopes as list of strings or None,
|
|
||||||
* ``token``: the Token object created for the authentication request, and
|
* ``token``: the Token object created for the authentication request, and
|
||||||
* ``request``: Django request object of the authentication request.
|
* ``request``: Django request object of the authentication request.
|
||||||
|
|
||||||
|
@ -109,7 +108,7 @@ The hook function should return the modified ID token as dictionary.
|
||||||
|
|
||||||
Default is::
|
Default is::
|
||||||
|
|
||||||
def default_idtoken_processing_hook(id_token, user, scope, token, request, **kwargs):
|
def default_idtoken_processing_hook(id_token, user, token, request, **kwargs):
|
||||||
|
|
||||||
return id_token
|
return id_token
|
||||||
|
|
||||||
|
|
|
@ -108,7 +108,7 @@ def default_after_end_session_hook(
|
||||||
|
|
||||||
|
|
||||||
def default_idtoken_processing_hook(
|
def default_idtoken_processing_hook(
|
||||||
id_token, user, scope, token, request, **kwargs):
|
id_token, user, token, request, **kwargs):
|
||||||
"""
|
"""
|
||||||
Hook for modifying `id_token` just before serialization.
|
Hook for modifying `id_token` just before serialization.
|
||||||
|
|
||||||
|
@ -118,9 +118,6 @@ def default_idtoken_processing_hook(
|
||||||
:param user: user for whom id_token is generated
|
:param user: user for whom id_token is generated
|
||||||
:type user: User
|
:type user: User
|
||||||
|
|
||||||
:param scope: scope for the token
|
|
||||||
:type scope: list[str]|None
|
|
||||||
|
|
||||||
:param token: the Token object created for the authentication request
|
:param token: the Token object created for the authentication request
|
||||||
:type token: oidc_provider.models.Token
|
:type token: oidc_provider.models.Token
|
||||||
|
|
||||||
|
|
|
@ -64,7 +64,7 @@ def create_id_token(token, user, aud, nonce='', at_hash='', request=None, scope=
|
||||||
|
|
||||||
dic = run_processing_hook(
|
dic = run_processing_hook(
|
||||||
dic, 'OIDC_IDTOKEN_PROCESSING_HOOK',
|
dic, 'OIDC_IDTOKEN_PROCESSING_HOOK',
|
||||||
user=user, scope=scope, token=token, request=request)
|
user=user, token=token, request=request)
|
||||||
|
|
||||||
return dic
|
return dic
|
||||||
|
|
||||||
|
|
|
@ -132,11 +132,11 @@ def fake_idtoken_processing_hook2(id_token, user, **kwargs):
|
||||||
return id_token
|
return id_token
|
||||||
|
|
||||||
|
|
||||||
def fake_idtoken_processing_hook3(id_token, user, scope=None, **kwargs):
|
def fake_idtoken_processing_hook3(id_token, user, token, **kwargs):
|
||||||
"""
|
"""
|
||||||
Fake function for checking scope is passed to processing hook.
|
Fake function for checking scope is passed to processing hook.
|
||||||
"""
|
"""
|
||||||
id_token['scope_passed_to_processing_hook'] = scope
|
id_token['scope_of_token_passed_to_processing_hook'] = token.scope
|
||||||
return id_token
|
return id_token
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -731,14 +731,14 @@ class TokenTestCase(TestCase):
|
||||||
@override_settings(
|
@override_settings(
|
||||||
OIDC_IDTOKEN_PROCESSING_HOOK=(
|
OIDC_IDTOKEN_PROCESSING_HOOK=(
|
||||||
'oidc_provider.tests.app.utils.fake_idtoken_processing_hook3'))
|
'oidc_provider.tests.app.utils.fake_idtoken_processing_hook3'))
|
||||||
def test_additional_idtoken_processing_hook_scope_param(self):
|
def test_additional_idtoken_processing_hook_scope_available(self):
|
||||||
"""
|
"""
|
||||||
Test scope parameter is passed to OIDC_IDTOKEN_PROCESSING_HOOK.
|
Test scope is available in OIDC_IDTOKEN_PROCESSING_HOOK.
|
||||||
"""
|
"""
|
||||||
id_token = self._request_id_token_with_scope(
|
id_token = self._request_id_token_with_scope(
|
||||||
['openid', 'email', 'profile', 'dummy'])
|
['openid', 'email', 'profile', 'dummy'])
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
id_token.get('scope_passed_to_processing_hook'),
|
id_token.get('scope_of_token_passed_to_processing_hook'),
|
||||||
['openid', 'email', 'profile', 'dummy'])
|
['openid', 'email', 'profile', 'dummy'])
|
||||||
|
|
||||||
@override_settings(
|
@override_settings(
|
||||||
|
@ -751,12 +751,11 @@ class TokenTestCase(TestCase):
|
||||||
id_token = self._request_id_token_with_scope(['openid', 'profile'])
|
id_token = self._request_id_token_with_scope(['openid', 'profile'])
|
||||||
kwargs_passed = id_token.get('kwargs_passed_to_processing_hook')
|
kwargs_passed = id_token.get('kwargs_passed_to_processing_hook')
|
||||||
assert kwargs_passed
|
assert kwargs_passed
|
||||||
self.assertEqual(kwargs_passed.get('scope'),
|
|
||||||
repr([u'openid', u'profile']))
|
|
||||||
self.assertEqual(kwargs_passed.get('token'),
|
self.assertEqual(kwargs_passed.get('token'),
|
||||||
'<Token: Some Client - johndoe@example.com>')
|
'<Token: Some Client - johndoe@example.com>')
|
||||||
self.assertEqual(kwargs_passed.get('request'),
|
self.assertEqual(kwargs_passed.get('request'),
|
||||||
"<WSGIRequest: POST '/openid/token'>")
|
"<WSGIRequest: POST '/openid/token'>")
|
||||||
|
self.assertEqual(set(kwargs_passed.keys()), {'token', 'request'})
|
||||||
|
|
||||||
def _request_id_token_with_scope(self, scope):
|
def _request_id_token_with_scope(self, scope):
|
||||||
code = self._create_code(scope)
|
code = self._create_code(scope)
|
||||||
|
|
Loading…
Reference in a new issue