Commit graph

949 commits

Author SHA1 Message Date
Christian Bouvier 37e6df8306 Fix #283: bug in strip_prompt_login
AuthorizeView's static method strip_prompt_login fails to remove prompt login when other prompt values appear in the request.
2018-10-03 14:51:51 -03:00
Juan Ignacio Fiorentino 6997e19687
Merge pull request #260 from dcollinsn/django-2.1
Django 2.1
2018-09-14 16:34:15 -03:00
Juan Ignacio Fiorentino 458eb2e3ea
Merge pull request #279 from ByteInternet/make_authorization_endpoint_and_client_more_easily_adjustable
Make it easier to change AuthorizeEndpoint and Client
2018-09-14 10:10:12 -03:00
Juan Ignacio Fiorentino db0acf3107
Merge pull request #277 from isms/fix-typo
Add missing space
2018-09-14 10:06:41 -03:00
Bono de Visser 69b793a363 Make it easier to change AuthorizeEndpoint and Client
To make it easier to change the AuthorizeEndpoint and Client we set them as class variables. Then people inheriting from the view are able to easily change them. In my personal case this helps with skipping consent more explicitly as defined in issue https://github.com/juanifioren/django-oidc-provider/issues/278
2018-09-14 11:21:57 +02:00
Isaac Slavitt e36a2c96f8 Add missing space 2018-09-13 15:58:42 -04:00
Juan Ignacio Fiorentino 0effc32be2
Merge pull request #272 from q3aiml/response-type-natural-key
add natural key support to ResponseType
2018-08-20 18:13:28 -03:00
Andy Clayton 4e7116ca9e add natural key support to ResponseType
Have the option to use the more readable response type value rather than
the ResponseType id integer in fixtures and dumpdata output.

Prior to this change dumpdata represents response types like so:

    "response_types": [2]

And after this change when using `dumpdata --natural-foreign`:

    "response_types": [["code"]]
2018-08-20 10:49:00 -05:00
Juan Ignacio Fiorentino 436568a39b
Merge pull request #271 from q3aiml/client-multiple-response-types
support multiple response types per client
2018-08-17 14:34:33 -03:00
Andy Clayton 988b728fb2 update docs for multiple response types per client 2018-08-17 09:54:30 -05:00
Andy Clayton 64a8b935e6 document response_type_descriptions needs to be a list 2018-08-16 15:47:47 -05:00
Andy Clayton 036c4fc9b3 document non-obvious string check 2018-08-16 15:47:14 -05:00
Andy Clayton 36018d19ae support multiple response types per client
The Dynamic Client Registration spec specifies multiple response_types
and grant_types per client
(https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata).
Since grant_types can be inferred from response_types we should be able
to support both without needing to store grant_types.

This also helps with oidc-client-js which expects a client that supports
both "id_token" and "id_token token".
2018-08-16 11:38:46 -05:00
Juan Ignacio Fiorentino b5e055205c Bump version v0.6.2. 2018-08-03 11:50:56 -03:00
Juan Ignacio Fiorentino bf8a7b6853
Merge pull request #266 from q3aiml/accept-lowercase-bearer
Accept lowercase "bearer" in Authorization header
2018-08-02 16:02:45 -03:00
Andy Clayton f1ed3328f8 Accept lowercase "bearer" in Authorization header
We ran into a client that blindly takes the value of token_type, which
is lowercase "bearer", and passes that back in the Authorization header.
In an earlier PR #99 there seemed to be some support for this change to
simply accept "bearer" in addition to "Bearer".
2018-08-02 13:42:21 -05:00
Dan Collins 85ca083532 Remove Python 3.4, since it is intermittently failing in travis 2018-08-01 14:13:11 -04:00
Dan Collins 972071e370 Add support for Django 2.1, drop support for Django < 1.11
Django 1.11 deprecated the django.contrib.auth.views.logout
function-based view, which django-oidc-provider relied on. This
patchset instead subclasses the new LogoutView.

LogoutView was introduced in Django 1.11. logout() was deprecated in
1.11 and removed in 2.1. Accordingly, this patch adds Django 2.1 to
CI and removes 1.8, 1.9, and 1.10.

Resolves #258
2018-08-01 14:13:11 -04:00
Juan Ignacio Fiorentino 1c31acd525 Pin pytest version. 2018-07-31 14:56:41 -03:00
Juan Ignacio Fiorentino d2695f76cf
Update changelog.rst 2018-07-31 14:08:08 -03:00
Juan Ignacio Fiorentino 88f91b9305
Merge pull request #265 from stdweird/no_zip_safe
setup.py: code is not zip_safe
2018-07-30 10:57:19 -03:00
stdweird 20d759ef98 setup.py: code is not zip_safe 2018-07-30 15:17:04 +02:00
Juan Ignacio Fiorentino bf7f380033 Fix scopeclaims class. 2018-07-26 23:12:45 -03:00
Juan Ignacio Fiorentino 9a081cb05a
Update changelog.rst 2018-07-19 11:23:19 -03:00
Juan Ignacio Fiorentino 59581f50d9
Merge pull request #256 from q3aiml/client-credentials-introspection
support introspection on client credentials tokens
2018-07-19 11:18:35 -03:00
Juan Ignacio Fiorentino 5b23a08f82 Fix travis. 2018-07-12 15:28:14 -03:00
Juan Ignacio Fiorentino cfcd504477 Add python versions travis. 2018-07-12 15:05:43 -03:00
Juan Ignacio Fiorentino 2e83393b65 Make tests run all once (now with docs). 2018-07-12 14:45:54 -03:00
Juan Ignacio Fiorentino e7eaa52e50 Bump version v0.6.1. 2018-07-10 11:16:02 -03:00
Andy Clayton 9d5c2b39fa support introspection on client credentials tokens
The response can simply omit fields that require id_token as the only
required field is "active" according to RFC 7662. I think it would be
nice for introspection of client credentials tokens to be supported by
default without needing to override
OIDC_INTROSPECTION_VALIDATE_AUDIENCE_SCOPE, but this is a start.
2018-07-06 11:41:09 -05:00
Juan Ignacio Fiorentino b087116818
Update changelog.rst 2018-07-05 18:39:43 -03:00
Juan Ignacio Fiorentino d825061508 Fix: Token Model crashes in Django Admin when a token has been given to a Client using Client Credentials. 2018-07-05 18:37:01 -03:00
Juan Ignacio Fiorentino 6e442a5f35
Update changelog.rst 2018-07-04 16:27:57 -03:00
Juan Ignacio Fiorentino bd49ada392
Merge pull request #254 from q3aiml/fix-token-introspection-response
Fix token introspection "aud" and "client_id" response
2018-07-04 16:27:12 -03:00
Andy Clayton b1e994aa7e Fix token introspection "aud" and "client_id" response
Based on the OAuth 2.0 Token Introspection spec the "aud" field should
be based on the token. Previously "aud" was populated with the id of the
client making the introspection request which seems wrong. This changes
the endpoint to return the value from the token.

The "client_id" field is then changed to return the client id for the
client that originally requested the token rather than returning the
"aud" value from the token.

From the spec https://tools.ietf.org/html/rfc7662:

   client_id
      OPTIONAL.  Client identifier for the OAuth 2.0 client that
      requested this token.

   aud
      OPTIONAL.  Service-specific string identifier or list of string
      identifiers representing the intended audience for this token, as
      defined in JWT [RFC7519].
2018-07-04 09:53:30 -05:00
Juan Ignacio Fiorentino 50733f8135
Update changelog.rst 2018-07-04 11:38:30 -03:00
Juan Ignacio Fiorentino 784456f4b1
Merge pull request #255 from q3aiml/fix-false-valued-settings
fix settings to support falsy valued overrides
2018-07-04 11:37:14 -03:00
Andy Clayton 6900e637ab add OIDC_INTROSPECTION_VALIDATE_AUDIENCE_SCOPE test
Missing test exposed as part of 0750429 bug fix.
2018-07-03 15:15:12 -05:00
Andy Clayton 0750429992 fix settings to support falsy valued overrides
Up until recently there were settings with truthy defaults but with no
need to be set to a false value. That changed with
OIDC_INTROSPECTION_VALIDATE_AUDIENCE_SCOPE. Now there is a setting that
has both a true default and a meaningful false value, and without this
fix that setting cannot be changed making it not much of a setting at
all.
2018-07-03 13:17:10 -05:00
Juan Ignacio Fiorentino 72f123c0b5
Update changelog.rst 2018-07-02 14:23:05 -03:00
Juan Ignacio Fiorentino 055a007cda
Merge pull request #251 from q3aiml/userinfo-cors-preflight
example fix for userinfo CORS preflight request
2018-07-02 14:20:21 -03:00
Andy Clayton 0adb95d25f example fix for userinfo CORS preflight request
Example for
https://github.com/juanifioren/django-oidc-provider/issues/249. If this
approach seems acceptable I can add/update tests.
2018-06-19 15:59:28 -05:00
Juan Ignacio Fiorentino f073c2ef51
Merge pull request #246 from meteozond/patch-1
Fix a little docstring typo
2018-06-04 10:55:11 -03:00
Juan Ignacio Fiorentino 2ed0d21f12
Merge branch 'develop' into patch-1 2018-06-04 10:54:55 -03:00
Alexander Klimenko 76c169e73e
fix little docstring typo 2018-06-04 10:56:31 +03:00
Juan Ignacio Fiorentino dfcc3de01c
Merge pull request #245 from suutari-ai/remove-extra-scope-param-from-hook
Remove scope param from OIDC_IDTOKEN_PROCESSING_HOOK
2018-05-31 18:01:36 -03:00
Tuomas Suutari c95497dbd9 Remove scope param from OIDC_IDTOKEN_PROCESSING_HOOK
There is no need to pass in the scope parameter separately, since the
scope is available via the token parameter already.
2018-05-31 10:23:58 +03:00
Juan Ignacio Fiorentino 122b5c19fd
Update installation.rst 2018-05-28 12:50:03 -03:00
Juan Ignacio Fiorentino acc3cf588b
Update settings.rst 2018-05-28 12:38:53 -03:00
Juan Ignacio Fiorentino ac509f7a82
Update changelog.rst 2018-05-24 12:29:35 -03:00