kumi/django-oidc-provider
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add Hybrid flow login in view and models.

Browse source
This commit is contained in:
Ignacio Fiorentino 2016-09-08 16:21:48 -03:00
parent 55c53b4bc7
commit f8dbfa5c04
4 changed files with 64 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
oidc_provider/lib/endpoints/authorize.py
View file

@ -44,6 +44,8 @@ class AuthorizeEndpoint(object):
self.grant_type = 'authorization_code' self.grant_type = 'authorization_code'
elif self.params.response_type in ['id_token', 'id_token token', 'token']: elif self.params.response_type in ['id_token', 'id_token token', 'token']:
self.grant_type = 'implicit' self.grant_type = 'implicit'
elif self.params.response_type in ['code token', 'code id_token', 'code id_token token']:
self.grant_type = 'hybrid'
else: else:
self.grant_type = None self.grant_type = None
@ -53,7 +55,7 @@ class AuthorizeEndpoint(object):
def _extract_params(self): def _extract_params(self):
""" """
Get all the params used by the Authorization Code Flow Get all the params used by the Authorization Code Flow
(and also for the Implicit). (and also for the Implicit and Hybrid).
See: http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest See: http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
""" """
@ -118,7 +120,7 @@ class AuthorizeEndpoint(object):
query_fragment = parse_qs(uri.fragment) query_fragment = parse_qs(uri.fragment)
try: try:
if self.grant_type == 'authorization_code': if self.grant_type in ['authorization_code', 'hybrid']:
code = create_code( code = create_code(
user=self.request.user, user=self.request.user,
client=self.client, client=self.client,
@ -127,37 +129,37 @@ class AuthorizeEndpoint(object):
is_authentication=self.is_authentication, is_authentication=self.is_authentication,
code_challenge=self.params.code_challenge, code_challenge=self.params.code_challenge,
code_challenge_method=self.params.code_challenge_method) code_challenge_method=self.params.code_challenge_method)
code.save() code.save()
if self.grant_type == 'authorization_code':
query_params['code'] = code.code query_params['code'] = code.code
query_params['state'] = self.params.state if self.params.state else '' query_params['state'] = self.params.state if self.params.state else ''
elif self.grant_type in ['implicit', 'hybrid']:
elif self.grant_type == 'implicit':
token = create_token( token = create_token(
user=self.request.user, user=self.request.user,
client=self.client, client=self.client,
scope=self.params.scope) scope=self.params.scope)
# Check if response_type is an OpenID request with value 'id_token token' # Check if response_type must include access_token in the response.
# or it's an OAuth2 Implicit Flow request. if self.params.response_type in ['id_token token', 'token', 'code token', 'code id_token token']:
if self.params.response_type in ['id_token token', 'token']:
query_fragment['access_token'] = token.access_token query_fragment['access_token'] = token.access_token
# We don't need id_token if it's an OAuth2 request. # We don't need id_token if it's an OAuth2 request.
if self.is_authentication: if self.is_authentication:
kwargs = { kwargs = {
"user": self.request.user, 'user': self.request.user,
"aud": self.client.client_id, 'aud': self.client.client_id,
"nonce": self.params.nonce, 'nonce': self.params.nonce,
"request": self.request 'request': self.request,
} }
# Include at_hash when access_token is being returned. # Include at_hash when access_token is being returned.
if 'access_token' in query_fragment: if 'access_token' in query_fragment:
kwargs['at_hash'] = token.at_hash kwargs['at_hash'] = token.at_hash
id_token_dic = create_id_token(**kwargs) id_token_dic = create_id_token(**kwargs)
query_fragment['id_token'] = encode_id_token(id_token_dic, self.client)
token.id_token = id_token_dic # Check if response_type must include id_token in the response.
if self.params.response_type in ['id_token', 'id_token token', 'code id_token', 'code id_token token']:
query_fragment['id_token'] = encode_id_token(id_token_dic, self.client)
else: else:
id_token_dic = {} id_token_dic = {}
@ -165,7 +167,12 @@ class AuthorizeEndpoint(object):
token.id_token = id_token_dic token.id_token = id_token_dic
token.save() token.save()
# Code parameter must be present if it's Hybrid Flow.
if self.grant_type == 'hybrid':
query_fragment['code'] = code.code
query_fragment['token_type'] = 'bearer' query_fragment['token_type'] = 'bearer'
# TODO: Create setting 'OIDC_TOKEN_EXPIRE'. # TODO: Create setting 'OIDC_TOKEN_EXPIRE'.
query_fragment['expires_in'] = 60 * 10 query_fragment['expires_in'] = 60 * 10

20
oidc_provider/migrations/0018_auto_20160908_1627.py Normal file
View file

@ -0,0 +1,20 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.9 on 2016-09-08 16:27
from __future__ import unicode_literals
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('oidc_provider', '0017_auto_20160811_1954'),
]
operations = [
migrations.AlterField(
model_name='client',
name='response_type',
field=models.CharField(choices=[(b'code', b'code (Authorization Code Flow)'), (b'id_token', b'id_token (Implicit Flow)'), (b'id_token token', b'id_token token (Implicit Flow)'), (b'code token', b'code token (Hybrid Flow)'), (b'code id_token', b'code id_token (Hybrid Flow)'), (b'code id_token token', b'code id_token token (Hybrid Flow)')], max_length=30, verbose_name='Response Type'),
),
]

20
oidc_provider/migrations/0019_auto_20160908_1519.py Normal file
View file

@ -0,0 +1,20 @@
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.db import models, migrations
class Migration(migrations.Migration):
dependencies = [
('oidc_provider', '0018_auto_20160908_1627'),
]
operations = [
migrations.AlterField(
model_name='client',
name='response_type',
field=models.CharField(choices=[('code', 'code (Authorization Code Flow)'), ('id_token', 'id_token (Implicit Flow)'), ('id_token token', 'id_token token (Implicit Flow)'), ('code token', 'code token (Hybrid Flow)'), ('code id_token', 'code id_token (Hybrid Flow)'), ('code id_token token', 'code id_token token (Hybrid Flow)')], verbose_name='Response Type', max_length=30),
preserve_default=True,
),
]

3
oidc_provider/models.py
View file

@ -19,6 +19,9 @@ RESPONSE_TYPE_CHOICES = [
('code', 'code (Authorization Code Flow)'), ('code', 'code (Authorization Code Flow)'),
('id_token', 'id_token (Implicit Flow)'), ('id_token', 'id_token (Implicit Flow)'),
('id_token token', 'id_token token (Implicit Flow)'), ('id_token token', 'id_token token (Implicit Flow)'),
('code token', 'code token (Hybrid Flow)'),
('code id_token', 'code id_token (Hybrid Flow)'),
('code id_token token', 'code id_token token (Hybrid Flow)'),
] ]
JWT_ALGS = [ JWT_ALGS = [