kumi/django-oidc-provider
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
936 commits 1 branch 0 tags 2.4 MiB
Commit graph

334 commits

Author SHA1 Message Date
Jan Brauer 1215c27d7e Redirect URIs must match exactly. (#191) 
* Test redirect_uri construction

This was a test marked as TODO.

* Remove duplicate test

* Add tests to exactly match redirect URIs

* Redirect URIs must match exactly.

To quote from the specification at
http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest:

Redirection URI to which the response will be sent. This URI MUST
exactly match one of the Redirection URI values for the Client
pre-registered at the OpenID Provider, with the matching performed as
described in Section 6.2.1 of [RFC3986] (Simple String Comparison).
 2017-07-07 09:07:21 +02:00
Wojciech Bartosiak f07327a713 Bug #187 prompt handling (#188) 
prompt parameter changed to list of strings not a simple string
 2017-06-06 11:12:37 +02:00
Wojciech Bartosiak a829726be8 Merge develop to v0.5.x (#179) 
* Log create_uri_response exceptions to logger.exception

* Support grant type password - basics

* Add tests for Resource Owner Password Credentials Flow

* Password Grant -Response according to specification

* Better tests for errors, disable grant type password by default

* Add documentation for grant type password

* User authentication failure to return 403

* Add id_token to response

* skipping consent only works for confidential clients

* fix URI fragment

example not working URL `http://localhost:8100/#/auth/callback/`

* OIDC_POST_END_SESSION_HOOK + tests

* Explicit function naming

* Remove print statements

* No need for semicolons, this is Python

* Update CHANGELOG.md

* fixed logger message

* Improved `exp` value calculation

* rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK

* added docs for OIDC_AFTER_END_SESSION_HOOK

*  Replaces `LOGIN_URL` with `OIDC_LOGIN_URL`
so users can use a different login path for their oidc requests.

* Adds a setting variable for custom template paths

* Updates documentation

* Fixed bad try/except/finally block

* Adds test for OIDC_TEMPLATES settings

* Determine value for op_browser_state from session_key or default

* Do not use cookie for browser_state. It may not yet be there

* Add docs on new setting

OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY

* Fix compatibility for older versions of Django

* solved merging typo for missing @property
 2017-05-05 05:19:57 +02:00
kaveh b164388e15 Adds per-client consent customization 2017-04-11 13:16:06 -07:00
Ignacio Fiorentino 40009944af Merge branch 'develop' of https://github.com/juanifioren/django-oidc-provider into develop 2016-12-12 16:46:30 -03:00
Ignacio Fiorentino 66a3497a1c Fix refresh_token cannot be primary key if null. 2016-12-12 16:46:21 -03:00
Juan Ignacio Fiorentino c5d0a99b55 Merge pull request #145 from suutari-ai/use-time-time 
Use time.time to generate the timestamps.
 2016-12-12 14:32:45 -03:00
Tuomas Suutari 65538b0f7d utils.token: Use time.time to generate the timestamps 
Use `time.time()` rather than `timezone.now()` for generating the unix
timestamps.  This avoids conversion between year-month-day-hh-mm-ss
formatted timestamp vs. unix timestamp and is therefore simpler and more
robust.

Add a test case for this too and amend test_token_endpoint, since it
used to mock timezone.now, but now it needs to mock time.time.
 2016-12-07 14:22:20 +02:00
Tuomas Suutari 5e3876f0c6 Revert "Fix timestamps computing in tokens" 
This reverts commit 975eb0163f.
 2016-12-07 14:22:20 +02:00
Ignacio Fiorentino 5242f0841e Add initial signals logic. 2016-12-01 16:20:34 -03:00
Brice Gelineau 975eb0163f Fix timestamps computing in tokens 
The timestamp of timezone-aware datetimes was offset by the value of their timezone.
 2016-11-30 15:23:11 +01:00
Brice Gelineau 8666990f69 Fix translations handling 
Fix a missing _lazy.
Fix locale inclusion in the sdist package.
Fix French locale compiling.
 2016-11-24 13:09:19 +01:00
hpool acc5b408d1 Fix a bug that the value of STANDARD_CLAIMS is updated 2016-11-09 19:31:37 +09:00
hpool 155b4598b0 Add test for STANDARD_CLAIMS values 2016-11-09 19:20:27 +09:00
Ignacio Fiorentino 53166fb9ea Fix TypeError Unicode when using hashlib. 2016-11-04 15:56:51 -03:00
Ignacio Fiorentino 8a4103edca Fix bug in Python 3 using Session Management middleware. 2016-11-04 15:40:35 -03:00
Ignacio Fiorentino 59db79b65c Fix tests for end session endpoint. 2016-11-01 16:01:03 -03:00
Ignacio Fiorentino e458542be2 Fix urls and names. 2016-11-01 12:15:48 -03:00
Ignacio Fiorentino f8e0f2dc2c Re-generate migrations with Python 3. 2016-11-01 12:00:13 -03:00
Ignacio Fiorentino 5d07111a18 Implementing end_session_endpoint feature with post_logout_redirect_uri. 2016-10-31 17:07:06 -03:00
Ignacio Fiorentino ecba16ed36 Fix bug with id_token without openid scope. 2016-10-31 16:37:51 -03:00
Ignacio Fiorentino 9bdec5da7c Add post_logout_redirect_uris for Client model. 2016-10-31 16:36:58 -03:00
Ignacio Fiorentino 50e5287b48 Initial Session Management version. 2016-10-28 15:25:52 -03:00
Ignacio Fiorentino 4d2bdb9a97 Generate bigger secret with sha224. 2016-10-26 17:04:12 -03:00
Ignacio Fiorentino 3711d6c5ab Fallback user claims (email, first_name, etc). 2016-10-26 16:46:14 -03:00
David Montano 99d7194ab1 Make Client available when using OIDC_EXTRA_SCOPE_CLAIMS 
Now it's passed the Token to the ScopeClaims constructor so that it can make Client avaialble to implementors
 2016-10-12 14:23:57 -05:00
Ignacio Fiorentino 2cedde5e3f Remove spaces. 2016-10-11 13:18:06 -03:00
Ignacio Fiorentino 38e37e7c47 Merge branch 'v0.4.x' of https://github.com/wojtek-fliposports/django-oidc-provider into wojtek-fliposports-v0.4.x 2016-10-11 11:52:31 -03:00
Wojciech Bartosiak 2bf2ffa275 added migrations for client secret 2016-10-05 17:58:39 +02:00
Wojciech Bartosiak d174d4e629 fix for generating client secret 2016-10-05 17:37:49 +02:00
Ignacio Fiorentino 74b5390daa Merge branch 'redirect_uri_query' of https://github.com/jerrykan/django-oidc-provider into jerrykan-redirect_uri_query 2016-10-05 12:33:05 -03:00
Wojciech Bartosiak 59312bf811 redirect URI clean up moved to utils module 2016-10-04 19:32:54 +02:00
Ignacio Fiorentino 6ed2c200a7 Update pyjwkest to version 1.3.0. 2016-10-03 12:54:54 -03:00
yasserisa 1c3bd7579b FIX id_token, field iss set to type str 2016-09-21 10:20:03 -03:00
Ignacio Fiorentino 4971449684 Create migration again. 2016-09-12 11:09:21 -03:00
Ignacio Fiorentino 1973ce1108 Add more attr to Client object. 2016-09-09 15:57:25 -03:00
Ignacio Fiorentino c14d2f055a Remove Params() object from endpoints classes. 2016-09-09 14:49:41 -03:00
Ignacio Fiorentino 8a63c83514 Refactoring create_id_token function. 2016-09-09 13:10:12 -03:00
Ignacio Fiorentino 5836774f6b Add user email into id_token. Fix missing OIDC_TOKEN_EXPIRE setting. 2016-09-09 11:43:28 -03:00
Ignacio Fiorentino 439774aeeb Add test for Hybrid flow. Plus refactoring. 2016-09-08 17:15:25 -03:00
Ignacio Fiorentino f8dbfa5c04 Add Hybrid flow login in view and models. 2016-09-08 16:21:48 -03:00
Ignacio Fiorentino d7b06ee3b4 Fix bug when creating first time client public. 2016-09-07 12:30:20 -03:00
Ignacio Fiorentino 68d982369e Add CORS fix to userinfo view. 2016-09-06 15:37:23 -03:00
Ignacio Fiorentino a583648be2 Add Access-Control-Allow-Origin to ProviderInfoView. 2016-09-06 13:21:29 -03:00
Wojciech Bartosiak 9e6928c6a9 Polish translation 2016-09-06 13:15:40 +02:00
Florent Jouatte 2872d2e10b #113: tiny improvement 2016-08-17 12:24:00 +02:00
Florent Jouatte 2c1d582475 #113: omit claim when empty 2016-08-17 12:13:33 +02:00
Ignacio Fiorentino d35f16eeae Merge branch 'fix-import-all' of https://github.com/grahamu/django-oidc-provider into grahamu-fix-import-all 2016-08-12 12:02:48 -03:00
Graham Ullrich ba4faee6ef Fix global imports 
Global imports ("from X import *") are discouraged in Python.
 2016-08-11 16:05:13 -06:00
Ignacio Fiorentino 2214ec0d70 Add missing migration. 2016-08-11 16:56:02 -03:00
Ignacio Fiorentino 988cad073e Add new test for migrations. 2016-08-11 16:43:30 -03:00
Graham Ullrich b8d1d63c28 Improve tox.ini envlist layout, simplified commands. 
Remove tests/app/settings.py in favor of settings in setup.py.
Change MANIFEST.in to include README.md (which exists) instead of README.rst (which does not exist).
Update .travis.yml to use tox instead of `python django_admin.py`, include Django v1.10 in the mix.
 2016-08-11 11:13:23 -06:00
Ignacio Fiorentino 6151a6cfb9 Merge branch 'fix-id-token-at-hash' of https://github.com/brosner/django-oidc-provider into brosner-fix-id-token-at-hash 2016-08-10 18:13:33 -03:00
Graham Ullrich e822252b6e Use original test files 2016-08-08 12:20:47 -06:00
Graham Ullrich e04d42fedf flake8 fixes 2016-08-08 11:54:40 -06:00
Graham Ullrich ffddb69f80 Add tests for at_hash 
Ensure at_hash is present in id_token when warranted.
 2016-08-08 11:24:07 -06:00
Arkadiy Korotaev 8cbf5c3304 Cleanup urls.py - remove unused and wildcard import 2016-08-08 09:58:36 +04:00
Brian Rosner afc3a60ee7
Added at_hash when access token is present 
This is required by response type "id_token token", but can be
used by other flows if they choose.
 2016-08-05 14:00:00 -06:00
Ignacio Fiorentino 2573a60092 Fix test app urls and templates loaders in settings. 2016-08-04 13:35:27 -03:00
Graham Ullrich ddb62a383b Remove unused import 
Update mock requirement.
 2016-08-03 23:44:17 -06:00
Florent Jouatte f4c27ed28d tiny translation 2016-07-29 09:07:25 +02:00
Florent Jouatte c29514ca64 add french translation (not over) 2016-07-28 10:55:06 +02:00
Ignacio Fiorentino b70007e4a9 Add ES and FR initial translations. 2016-07-26 17:19:33 -03:00
Ignacio Fiorentino dc9ec1863e Change setting OIDC_USERINFO. 2016-07-07 12:50:27 -03:00
Ignacio Fiorentino 4cc7474c19 Add verbose name and description for scopes. 2016-06-16 17:18:39 -03:00
Ignacio Fiorentino 739b6ef381 Provide doc for user consent model. 2016-06-13 13:26:33 -03:00
Ignacio Fiorentino 5255719700 Add date_given to UserConsent model. Add verbose names in models. 2016-06-13 12:15:10 -03:00
Ignacio Fiorentino 41f23afa31 Add missing migration. 2016-06-10 10:57:31 -03:00
Ignacio Fiorentino 70c7d128c1 Refactoring views.py. 2016-06-01 12:09:40 -03:00
Ignacio Fiorentino 21e8e89d35 Edit default setting. 2016-05-30 14:26:25 -03:00
Ignacio Fiorentino eea590e006 Modify scope claims class. 2016-05-30 13:28:07 -03:00
Si Feng 86a921aba7 Fix typo 2016-05-25 15:21:27 -07:00
Si Feng be5656bcf4 Make SITE_URL optional. 2016-05-25 14:58:58 -07:00
Ignacio Fiorentino 497f2f3a68 Bump version v0.3.3. 2016-05-03 12:17:22 -03:00
Ignacio Fiorentino a0c7b3c0c4 Create migrations. Improve docs. 2016-04-25 17:33:52 -03:00
Ignacio Fiorentino 9f9df355a3 Merge branch 'v0.3.x' of https://github.com/juanifioren/django-oidc-provider into feature-jwtalg 2016-04-25 14:55:30 -03:00
Ignacio Fiorentino b8f442184c Remove migration. 2016-04-25 14:51:00 -03:00
Ignacio Fiorentino 8320394a67 Refactoring variables. 2016-04-14 17:45:30 -03:00
Ignacio Fiorentino bc6a083571 Refactoring tests. 2016-04-14 16:22:38 -03:00
Ignacio Fiorentino 41dcb192bc Add support for the other values of the prompt param. 2016-04-13 18:38:38 -03:00
Ignacio Fiorentino 61f0c209af Refactoring prompt=none logic. 2016-04-13 17:19:37 -03:00
John Kristensen 2f54e53766 Ensure client redirect URIs with query strings work 
In some cases a client will provide a redirect URI with a query string.
In these cases the client redirect URI should still still match a
registered redirect URI and not result in a failure.
 2016-04-13 22:29:21 +10:00
Ignacio Fiorentino b05894bf6d Add prompt parameter to authorize view. 2016-04-12 18:19:16 -03:00
Ignacio Fiorentino 3f5992100a Not auto-approve requests for non-confidential clients. 2016-04-08 18:09:24 -03:00
Ignacio Fiorentino e97c32acd1 Fix encoding problem when using Py34. 2016-04-08 13:22:05 -03:00
Ignacio Fiorentino 559f90c5a6 Remove pdb. 2016-04-07 16:36:42 -03:00
Ignacio Fiorentino e495d6c41d Remplace AES encryption with database. For saving PKCE parameters. 2016-04-07 16:18:47 -03:00
Ignacio b1b8247cb0 Add hidden inputs for PKCE. Fix bug with AES. 2016-04-07 11:45:35 -03:00
Ignacio Fiorentino 6e8af74f76 First intent to implement PKCE. 2016-04-06 18:03:30 -03:00
Juan Ignacio Fiorentino 2c4ab6695e Removing print. 2016-04-05 19:08:49 -03:00
Ignacio Fiorentino a3247db273 Improve handle of client_secret with client_types. 2016-04-05 18:31:08 -03:00
Ignacio Fiorentino 1a74bcbc5c Add client type to client creation form. 2016-04-04 17:19:49 -03:00
Juan Ignacio Fiorentino f44b5a1114 Update provider info supporting HS256 id_token sign alg. 2016-03-22 20:48:30 -03:00
Ignacio Fiorentino dff76cd1ea Add HS256 support for JWS. 2016-03-22 16:17:56 -03:00
Nick Mohoric f8dce31fa2 Changed logging from error to debug 2016-03-17 14:31:41 -04:00
Wojciech Bartosiak 08033bb9ad Fix missing verification of response type for client 2016-03-08 13:21:55 +00:00
Wojciech Bartosiak 5d57c4919c Fix encoding of client secret 2016-03-08 12:57:47 +00:00
Wojciech Bartosiak 7cb5b4d54e str or list or tuple for OIDC_ID_TOKEN_PROCESSING_HOOK 2016-03-01 17:54:57 +00:00
Ignacio a4d5f89536 Merge branch 'v0.2.x' of https://github.com/juanifioren/django-oidc-provider into v0.3.x 
Conflicts:
	oidc_provider/lib/utils/common.py
	oidc_provider/lib/utils/token.py
 2016-02-25 10:10:07 -03:00
Ilya 49e19e7493 ID_TOKEN_PROCESSING_HOOK gets user argument 2016-02-25 09:46:10 +00:00