kumi/django-oidc-provider
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
963 commits 1 branch 0 tags 2.4 MiB
Commit graph

164 commits

Author SHA1 Message Date
Ignacio Fiorentino 50e5287b48 Initial Session Management version. 2016-10-28 15:25:52 -03:00
Ignacio Fiorentino 3711d6c5ab Fallback user claims (email, first_name, etc). 2016-10-26 16:46:14 -03:00
David Montano 99d7194ab1 Make Client available when using OIDC_EXTRA_SCOPE_CLAIMS 
Now it's passed the Token to the ScopeClaims constructor so that it can make Client avaialble to implementors
 2016-10-12 14:23:57 -05:00
Ignacio Fiorentino 2cedde5e3f Remove spaces. 2016-10-11 13:18:06 -03:00
Ignacio Fiorentino 38e37e7c47 Merge branch 'v0.4.x' of https://github.com/wojtek-fliposports/django-oidc-provider into wojtek-fliposports-v0.4.x 2016-10-11 11:52:31 -03:00
Ignacio Fiorentino 74b5390daa Merge branch 'redirect_uri_query' of https://github.com/jerrykan/django-oidc-provider into jerrykan-redirect_uri_query 2016-10-05 12:33:05 -03:00
Wojciech Bartosiak 59312bf811 redirect URI clean up moved to utils module 2016-10-04 19:32:54 +02:00
Ignacio Fiorentino 6ed2c200a7 Update pyjwkest to version 1.3.0. 2016-10-03 12:54:54 -03:00
yasserisa 1c3bd7579b FIX id_token, field iss set to type str 2016-09-21 10:20:03 -03:00
Ignacio Fiorentino c14d2f055a Remove Params() object from endpoints classes. 2016-09-09 14:49:41 -03:00
Ignacio Fiorentino 8a63c83514 Refactoring create_id_token function. 2016-09-09 13:10:12 -03:00
Ignacio Fiorentino 5836774f6b Add user email into id_token. Fix missing OIDC_TOKEN_EXPIRE setting. 2016-09-09 11:43:28 -03:00
Ignacio Fiorentino f8dbfa5c04 Add Hybrid flow login in view and models. 2016-09-08 16:21:48 -03:00
Florent Jouatte 2872d2e10b #113: tiny improvement 2016-08-17 12:24:00 +02:00
Florent Jouatte 2c1d582475 #113: omit claim when empty 2016-08-17 12:13:33 +02:00
Graham Ullrich ba4faee6ef Fix global imports 
Global imports ("from X import *") are discouraged in Python.
 2016-08-11 16:05:13 -06:00
Graham Ullrich ffddb69f80 Add tests for at_hash 
Ensure at_hash is present in id_token when warranted.
 2016-08-08 11:24:07 -06:00
Brian Rosner afc3a60ee7
Added at_hash when access token is present 
This is required by response type "id_token token", but can be
used by other flows if they choose.
 2016-08-05 14:00:00 -06:00
Ignacio Fiorentino dc9ec1863e Change setting OIDC_USERINFO. 2016-07-07 12:50:27 -03:00
Ignacio Fiorentino 4cc7474c19 Add verbose name and description for scopes. 2016-06-16 17:18:39 -03:00
Ignacio Fiorentino 5255719700 Add date_given to UserConsent model. Add verbose names in models. 2016-06-13 12:15:10 -03:00
Ignacio Fiorentino eea590e006 Modify scope claims class. 2016-05-30 13:28:07 -03:00
Si Feng be5656bcf4 Make SITE_URL optional. 2016-05-25 14:58:58 -07:00
Ignacio Fiorentino 497f2f3a68 Bump version v0.3.3. 2016-05-03 12:17:22 -03:00
Ignacio Fiorentino 9f9df355a3 Merge branch 'v0.3.x' of https://github.com/juanifioren/django-oidc-provider into feature-jwtalg 2016-04-25 14:55:30 -03:00
Ignacio Fiorentino 61f0c209af Refactoring prompt=none logic. 2016-04-13 17:19:37 -03:00
John Kristensen 2f54e53766 Ensure client redirect URIs with query strings work 
In some cases a client will provide a redirect URI with a query string.
In these cases the client redirect URI should still still match a
registered redirect URI and not result in a failure.
 2016-04-13 22:29:21 +10:00
Ignacio Fiorentino b05894bf6d Add prompt parameter to authorize view. 2016-04-12 18:19:16 -03:00
Ignacio Fiorentino e97c32acd1 Fix encoding problem when using Py34. 2016-04-08 13:22:05 -03:00
Ignacio Fiorentino e495d6c41d Remplace AES encryption with database. For saving PKCE parameters. 2016-04-07 16:18:47 -03:00
Ignacio b1b8247cb0 Add hidden inputs for PKCE. Fix bug with AES. 2016-04-07 11:45:35 -03:00
Ignacio Fiorentino 6e8af74f76 First intent to implement PKCE. 2016-04-06 18:03:30 -03:00
Ignacio Fiorentino dff76cd1ea Add HS256 support for JWS. 2016-03-22 16:17:56 -03:00
Nick Mohoric f8dce31fa2 Changed logging from error to debug 2016-03-17 14:31:41 -04:00
Wojciech Bartosiak 08033bb9ad Fix missing verification of response type for client 2016-03-08 13:21:55 +00:00
Wojciech Bartosiak 7cb5b4d54e str or list or tuple for OIDC_ID_TOKEN_PROCESSING_HOOK 2016-03-01 17:54:57 +00:00
Ignacio a4d5f89536 Merge branch 'v0.2.x' of https://github.com/juanifioren/django-oidc-provider into v0.3.x 
Conflicts:
	oidc_provider/lib/utils/common.py
	oidc_provider/lib/utils/token.py
 2016-02-25 10:10:07 -03:00
Ilya 49e19e7493 ID_TOKEN_PROCESSING_HOOK gets user argument 2016-02-25 09:46:10 +00:00
Wojciech Bartosiak a28db60d9e added 'user' into default_idtoken_processing_hook 2016-02-17 22:24:02 +00:00
Wojciech Bartosiak eb7686abba added 'user' into default_idtoken_processing_hook 2016-02-17 22:23:10 +00:00
juanifioren 25a59c8344 Refactoring supporting OAuth2 flow. 2016-02-16 17:33:12 -03:00
juanifioren 8eb0877d89 Refactoring userinfo endpoint. Create decorator "oauth2.protected_resource_view". 2016-02-15 17:13:19 -03:00
juanifioren 782befd6ec Rename setting. 2016-02-12 14:51:43 -03:00
Wojciech Bartosiak 7a357001b6 Added OIDC_ID_TOKEN_PROCESSING_HOOK functionality 2016-02-12 16:02:35 +00:00
juanifioren 998ea5fcd1 Implementation of RSA Keys using Models. Also providing DOC. 2016-01-25 17:52:24 -03:00
juanifioren 73ece1bf64 Make OIDC_AFTER_USERLOGIN_HOOK to be lazy imported by string. 2016-01-19 17:37:32 -03:00
juanifioren c6534db693 Add nonce validation for Implicit Flow. 2016-01-19 16:05:34 -03:00
Pablo SEMINARIO 9204c478ed Fix #72 get_issuer() returns a wrong value 2016-01-16 11:35:26 +01:00
juanifioren ccd9836edb Make OIDC_IDTOKEN_SUB_GENERATOR to be lazy imported by the location of the function. 2016-01-12 15:17:22 -03:00
juanifioren 8b0d869f7b Replace django redirect with custom HttpResponse object. 2015-11-12 17:12:18 -03:00
juanifioren 9a685a7afa Merge from ByteInternet:refresh-tokens 2015-09-30 12:59:08 -03:00
Maarten van Schaik 893a877b76 Upgrade pyjwkest to version > 1.0.3 
There have been some issues in Python 3 where elements of the id_token
were left when encoding the token. Cause was incorrect encoding logic in
pyjwkest. Version 1.0.3 has improved encoding handling.
 2015-09-30 17:31:49 +02:00
Maarten van Schaik f4dfa7303f Forget old token when a refresh token is used 2015-09-30 16:46:33 +02:00
Maarten van Schaik 8d672cc1ba Add support for refresh_token to token endpoint 2015-09-30 14:55:48 +02:00
juanifioren 5311888520 Merge branch 'v0.1.x' of https://github.com/juanifioren/django-oidc-provider into v0.2.x 
Conflicts:
	README.rst
 2015-08-12 15:21:57 -03:00
Rob Sung 19313e8145 Fxed: ID token does not contain kid #42 2015-08-11 23:50:05 -04:00
juanifioren 5020ccde80 Add custom user info model feature. 2015-08-11 15:58:52 -03:00
juanifioren 8040dd7670 Remove unnecessary property in error class. 2015-08-03 15:09:12 -03:00
juanifioren 7658257d18 Refactoring in discovery. 2015-07-31 14:19:53 -03:00
juanifioren 6c4dad8c5c Imports in alphabetical order. 2015-07-30 15:49:12 -03:00
juanifioren 870c605211 Add HTTP Basic client auth in token endpoint. 2015-07-30 15:47:50 -03:00
juanifioren 87b0deb357 Merge branch 'v0.1.x' of https://github.com/juanifioren/django-oidc-provider 2015-07-28 15:56:00 -03:00
juanifioren 253527aa52 Refactoring in authorize endpoint. 2015-07-28 15:55:30 -03:00
juanifioren 92b75ba1d9 Sending access_token as query string parameter in UserInfo. 2015-07-27 18:28:12 -03:00
juanifioren cd2b47dac1 Merge branch 'master' of https://github.com/juanifioren/django-oidc-provider 2015-07-27 16:07:21 -03:00
juanifioren a640b33dd6 Convert "aud" to str in create_id_token function. 2015-07-27 15:50:02 -03:00
Ignacio bedd114929 Use pyjwkest in encode_id_token function. 2015-07-27 11:33:28 -03:00
Maarten van Schaik 76efb6fc68 Add logout view to enable minimal session mgmt 
This implements a very small part of the OIDC session management as
described in
http://openid.net/specs/openid-connect-session-1_0-17.html#rfc.section.5.

It does not implement the full session management (using iframes) and
does not implement the registration and verification of logout redirect
uri's.
 2015-07-24 11:36:45 +02:00
Maarten van Schaik 85eb13b1f9 Don't filter all falsy claims 
Sometimes you do want the value False, or 0, or any datetime value at
midnight. (http://lwn.net/Articles/590299/)
 2015-07-23 15:03:01 +02:00
Maarten van Schaik f8366b18f7 Explicitly import the right settings 2015-07-21 15:59:23 +02:00
juanifioren 2de1394202 Add id_token_signing_alg_values_supported to discovery endpoint. 2015-07-17 11:52:58 -03:00
juanifioren a08dbdb7d2 Merge branch 'master' of https://github.com/juanifioren/django-oidc-provider into v0.1.0-dev 
Conflicts:
	example_project/.gitignore
 2015-07-17 11:32:14 -03:00
juanifioren a690a57a03 Fix nonce parameter inside token endpoint. 2015-07-16 14:25:58 -03:00
juanifioren 6dde3a59a8 Add nonce to Code model. Modify create_code function. 2015-07-15 16:23:36 -03:00
juanifioren 0de868941a Modify create_id_token function for supporting nonce. 2015-07-15 16:18:34 -03:00
juanifioren c995da640c Remove _extract_implicit_params function. 2015-07-15 15:17:47 -03:00
juanifioren 6fc6126a62 Add nonce to _extract_params function. 2015-07-15 15:16:51 -03:00
Sjoerd Langkemper 00f30dabbf Convert times to int 
Make iat_time, exp_time, auth_time an integer, not a float. The spec
does not explicitly forbit float times, but some clients don't accept
this (mod_auth_openidc), and `timetuple()` has second precision anyway
so we don't loose any information.
 2015-07-15 12:06:02 +02:00
juanifioren 1736d7b7ae Add IOError custom message when rsa key file is missing. 2015-07-14 15:01:01 -03:00
juanifioren fa7d64c04b Add OIDC_RSA_KEY_FOLDER to settings. 2015-07-14 13:01:29 -03:00
juanifioren f52db34d00 Reorder imports. 2015-07-14 12:44:25 -03:00
juanifioren 5371fbfba9 Merge branch 'master' of https://github.com/juanifioren/django-oidc-provider into v0.1.0-dev 
Conflicts:
	oidc_provider/lib/endpoints/authorize.py
 2015-07-13 17:47:19 -03:00
juanifioren 82c0e7874e Add jwks endpoint to discovery. 2015-07-13 17:38:38 -03:00
juanifioren fe153f51a6 Correct encode_id_token function. 2015-07-13 17:38:03 -03:00
juanifioren 3498940142 Encode id_toke with using RSA now. 2015-07-13 17:37:13 -03:00
juanifioren f7e8fa460c Create get_rsa_key function to obtain the key from filesystem. 2015-07-13 17:36:15 -03:00
Juan Ignacio Fiorentino 1faeb6d5ab Merge pull request #31 from ByteInternet/nonce-in-id-token 
Add nonce in id_token when included in auth request
 2015-07-10 10:29:55 -03:00
Maarten van Schaik a4fcf956c2 Add nonce in id_token when included in auth request 
http://openid.net/specs/openid-connect-core-1_0.html#IDToken

If present in the Authentication Request, Authorization Servers MUST
include a nonce Claim in the ID Token with the Claim Value being the
nonce value sent in the Authentication Request.

This patch adds the nonce to the id_token.
 2015-07-10 14:44:26 +02:00
Maarten van Schaik 7632054aad Add support for redirect_uris with query params 
Some clients might add extra parameters to the redirect_uri, for
instance as extra verification if proper state parameter handling is not
supported.

This patch adds proper handling of redirect_uris with query parameters.
 2015-07-10 12:22:25 +02:00
juanifioren 27110b65e4 Use decode with utf-8 encoding. 2015-07-01 17:20:16 -03:00
juanifioren 447d026a41 Add urllib and change iteritems() with items(). 2015-07-01 16:43:35 -03:00
juanifioren 197818566d Rename setting. 2015-06-24 12:40:00 -03:00
juanifioren 503324ae66 Add user consent logic to authorize endpoint. 2015-06-22 18:42:42 -03:00
juanifioren 68b4847219 Refactoring error logging. 2015-06-19 17:46:00 -03:00
juanifioren bcb144dcdb Now OIDC_EXTRA_SCOPE_CLAIMS must be a string (lazy imported). 2015-06-19 15:19:46 -03:00
juanifioren 48fcb1da93 Move validate_params function to views (on POST authorize). 2015-06-15 17:34:36 -03:00
juanifioren 124c7366fa Move allow logic to authorize view. 2015-06-15 16:04:44 -03:00
niccolasmendoza@gmail.com 521708f718 adding logger for tests 2015-06-08 16:36:49 -03:00
niccolasmendoza@gmail.com cfbfbfc74a removing unnecesary imports 2015-06-08 12:32:55 -03:00
juanifioren 800bb55f43 Fix string indentation. 2015-05-14 12:44:08 -03:00