Commit graph

52 commits

Author SHA1 Message Date
Juan Ignacio Fiorentino
64e395c5b6
Revert "Fixed #285 -- Ensured standard and custom claims can be used at the same time when using the OIDC_IDTOKEN_INCLUDE_CLAIMS setting" 2018-09-29 13:27:07 -03:00
Morgan Aubert
88aa190763
Fixed #285 -- Ensured standard and custom claims can be used at the same time when using the OIDC_IDTOKEN_INCLUDE_CLAIMS setting 2018-09-28 19:36:21 -04:00
Tuomas Suutari
c95497dbd9 Remove scope param from OIDC_IDTOKEN_PROCESSING_HOOK
There is no need to pass in the scope parameter separately, since the
scope is available via the token parameter already.
2018-05-31 10:23:58 +03:00
Tuomas Suutari
b0a82aa4ab Pass token and request to OIDC_ID_TOKEN_PROCESSING_HOOK
The ID token processing hook might need the token or request too, so
make them available.
2018-05-24 09:31:05 +03:00
Tuomas Suutari
93420461b4 Merge branch 'develop' of github.com:juanifioren/django-oidc-provider
* 'develop' of github.com:juanifioren/django-oidc-provider:
  Update changelog.rst
  include request in password grant authenticate call
  Update setup.py
  Update changelog.rst
  Update changelog.rst
  Adjust import order and method order in introspection tests
  Replace resource with client in docs.
  Update settings docs to add extra introspection setting
  Update README.md
  Update README.md
  Remove the Resource model
  Skip csrf protection on introspection endpoint
  Add token introspection endpoint to satisfy https://tools.ietf.org/html/rfc7662
  Test docs with tox.
  Remove Django 1.7 for travis.
  Drop support for Django 1.7.
  Move extract_client_auth to oauth2 utils.
  Remove duplicate link in docs.
  Bump version v0.6.0.
  Fix BaseCodeTokenModel and user attr.
  Update README.md
  Edit README and contribute doc.
  Edit changelog.
  Update changelog.rst
  Add protected_resource_view test using client_credentials.
  Fix docs.
  Improve docs.
  Client credentials implementation.
  Move changelog into docs.
  Update README.md
  Update CHANGELOG.md
  Fixed infinite callback loop in check-session iframe
  Fix PEP8. New migration.
  Update example project.
  Fix PEP8.
  Fix PEP8.
  PEP8 errors and urls.
  PEP8 models.
  Fix contribute docs.
  Fix tox for checking PEP8 all files.
  Update README.md
  Update README.md
  Simplify test suit.
  Update CHANGELOG.md
  Bump version 0.5.3.
  Update installation.rst
  Update CHANGELOG.md
  Fixed wrong Object in Template
  Update project to support Django 2.0
  Now passing along the token to create_id_token function.
  Made token and token_refresh endpoint return requested claims.
  Sphinx documentation fixes (#219)
  Use request.user.is_authenticated as a bool with recent Django (#216)
  Fixed client id retrieval when aud is a list of str. (#210)
  Add owner field to Client (#211)
  Update CHANGELOG
  removed tab char
  Add pep8 compliance and checker
  Bump version
  Update CHANGELOG.md
  Preparing v0.5.2 (#201)
  Fix Django 2.0 deprecation warnings (#185)
  Fix infinite login loop if "prompt=login" (#198)
  fixed typos
  Bump version
  Fix scope handling of token endpoint (#193)
  Fixes #192
  Use stored user consent for public clients too (#189)
  Redirect URIs must match exactly. (#191)
  Bug #187 prompt handling (#188)
  Don't pin exact versions in install_requires.
2018-05-24 00:16:26 +03:00
Maxim Daniline
180aad9a36 Add token introspection endpoint to satisfy https://tools.ietf.org/html/rfc7662 2018-04-23 10:47:01 +01:00
Juan Ignacio Fiorentino
56ad376518 Merge branch 'feature/token_retun_claims' of https://github.com/dhrp/django-oidc-provider into dhrp-feature/token_retun_claims 2018-04-10 18:41:38 -03:00
dhrp
900cc9e5df Now passing along the token to create_id_token function. 2017-12-15 09:29:49 +01:00
dhrp
8c736b8b08 Made token and token_refresh endpoint return requested claims. 2017-12-14 23:33:05 +01:00
Antoine Nguyen
65c6cc6fec Fixed client id retrieval when aud is a list of str. (#210)
* Fixed client id retrievel when aud is a list of str.

* Split tests.
2017-11-09 12:05:20 +01:00
Philippe Savoie
5dcd6a10b0 Add pep8 compliance and checker 2017-08-22 11:53:52 -07:00
Tuomas Suutari
eb682f23ff Pass scope to OIDC_IDTOKEN_PROCESSING_HOOK
The ID token processing hook might want to add claims to the ID token
conditionally based on the scope parameter.  Therefore it would be very
useful to provide the scope parameter to the processing hook.
2017-07-07 22:56:35 +03:00
Tuomas Suutari
65538b0f7d utils.token: Use time.time to generate the timestamps
Use `time.time()` rather than `timezone.now()` for generating the unix
timestamps.  This avoids conversion between year-month-day-hh-mm-ss
formatted timestamp vs. unix timestamp and is therefore simpler and more
robust.

Add a test case for this too and amend test_token_endpoint, since it
used to mock timezone.now, but now it needs to mock time.time.
2016-12-07 14:22:20 +02:00
Tuomas Suutari
5e3876f0c6 Revert "Fix timestamps computing in tokens"
This reverts commit 975eb0163f.
2016-12-07 14:22:20 +02:00
Brice Gelineau
975eb0163f Fix timestamps computing in tokens
The timestamp of timezone-aware datetimes was offset by the value of their timezone.
2016-11-30 15:23:11 +01:00
Ignacio Fiorentino
59db79b65c Fix tests for end session endpoint. 2016-11-01 16:01:03 -03:00
Ignacio Fiorentino
5d07111a18 Implementing end_session_endpoint feature with post_logout_redirect_uri. 2016-10-31 17:07:06 -03:00
Ignacio Fiorentino
6ed2c200a7 Update pyjwkest to version 1.3.0. 2016-10-03 12:54:54 -03:00
Ignacio Fiorentino
8a63c83514 Refactoring create_id_token function. 2016-09-09 13:10:12 -03:00
Ignacio Fiorentino
5836774f6b Add user email into id_token. Fix missing OIDC_TOKEN_EXPIRE setting. 2016-09-09 11:43:28 -03:00
Graham Ullrich
ba4faee6ef Fix global imports
Global imports ("from X import *") are discouraged in Python.
2016-08-11 16:05:13 -06:00
Brian Rosner
afc3a60ee7
Added at_hash when access token is present
This is required by response type "id_token token", but can be
used by other flows if they choose.
2016-08-05 14:00:00 -06:00
Si Feng
be5656bcf4 Make SITE_URL optional. 2016-05-25 14:58:58 -07:00
Ignacio Fiorentino
9f9df355a3 Merge branch 'v0.3.x' of https://github.com/juanifioren/django-oidc-provider into feature-jwtalg 2016-04-25 14:55:30 -03:00
Ignacio Fiorentino
e495d6c41d Remplace AES encryption with database. For saving PKCE parameters. 2016-04-07 16:18:47 -03:00
Ignacio
b1b8247cb0 Add hidden inputs for PKCE. Fix bug with AES. 2016-04-07 11:45:35 -03:00
Ignacio Fiorentino
6e8af74f76 First intent to implement PKCE. 2016-04-06 18:03:30 -03:00
Ignacio Fiorentino
dff76cd1ea Add HS256 support for JWS. 2016-03-22 16:17:56 -03:00
Wojciech Bartosiak
7cb5b4d54e str or list or tuple for OIDC_ID_TOKEN_PROCESSING_HOOK 2016-03-01 17:54:57 +00:00
Ilya
49e19e7493 ID_TOKEN_PROCESSING_HOOK gets user argument 2016-02-25 09:46:10 +00:00
juanifioren
25a59c8344 Refactoring supporting OAuth2 flow. 2016-02-16 17:33:12 -03:00
juanifioren
782befd6ec Rename setting. 2016-02-12 14:51:43 -03:00
Wojciech Bartosiak
7a357001b6 Added OIDC_ID_TOKEN_PROCESSING_HOOK functionality 2016-02-12 16:02:35 +00:00
juanifioren
998ea5fcd1 Implementation of RSA Keys using Models. Also providing DOC. 2016-01-25 17:52:24 -03:00
juanifioren
ccd9836edb Make OIDC_IDTOKEN_SUB_GENERATOR to be lazy imported by the location of the function. 2016-01-12 15:17:22 -03:00
Maarten van Schaik
893a877b76 Upgrade pyjwkest to version > 1.0.3
There have been some issues in Python 3 where elements of the id_token
were left when encoding the token. Cause was incorrect encoding logic in
pyjwkest. Version 1.0.3 has improved encoding handling.
2015-09-30 17:31:49 +02:00
Rob Sung
19313e8145 Fxed: ID token does not contain kid #42 2015-08-11 23:50:05 -04:00
juanifioren
a640b33dd6 Convert "aud" to str in create_id_token function. 2015-07-27 15:50:02 -03:00
Ignacio
bedd114929 Use pyjwkest in encode_id_token function. 2015-07-27 11:33:28 -03:00
juanifioren
a08dbdb7d2 Merge branch 'master' of https://github.com/juanifioren/django-oidc-provider into v0.1.0-dev
Conflicts:
	example_project/.gitignore
2015-07-17 11:32:14 -03:00
juanifioren
6dde3a59a8 Add nonce to Code model. Modify create_code function. 2015-07-15 16:23:36 -03:00
juanifioren
0de868941a Modify create_id_token function for supporting nonce. 2015-07-15 16:18:34 -03:00
Sjoerd Langkemper
00f30dabbf Convert times to int
Make iat_time, exp_time, auth_time an integer, not a float. The spec
does not explicitly forbit float times, but some clients don't accept
this (mod_auth_openidc), and `timetuple()` has second precision anyway
so we don't loose any information.
2015-07-15 12:06:02 +02:00
juanifioren
5371fbfba9 Merge branch 'master' of https://github.com/juanifioren/django-oidc-provider into v0.1.0-dev
Conflicts:
	oidc_provider/lib/endpoints/authorize.py
2015-07-13 17:47:19 -03:00
juanifioren
3498940142 Encode id_toke with using RSA now. 2015-07-13 17:37:13 -03:00
Maarten van Schaik
a4fcf956c2 Add nonce in id_token when included in auth request
http://openid.net/specs/openid-connect-core-1_0.html#IDToken

If present in the Authentication Request, Authorization Servers MUST
include a nonce Claim in the ID Token with the Claim Value being the
nonce value sent in the Authentication Request.

This patch adds the nonce to the id_token.
2015-07-10 14:44:26 +02:00
juanifioren
27110b65e4 Use decode with utf-8 encoding. 2015-07-01 17:20:16 -03:00
juanifioren
4b3039ceae Refactoring for create_id_token function. 2015-04-29 18:55:48 -03:00
juanifioren
7e690f4e68 Move Grant Code creation logic into a functon. 2015-03-12 12:40:36 -03:00
juanifioren
3190599967 Add custom SUB generator for ID TOKEN. 2015-03-02 17:37:54 -03:00