Commit graph

57 commits

Author SHA1 Message Date
Bono de Visser
69b793a363 Make it easier to change AuthorizeEndpoint and Client
To make it easier to change the AuthorizeEndpoint and Client we set them as class variables. Then people inheriting from the view are able to easily change them. In my personal case this helps with skipping consent more explicitly as defined in issue https://github.com/juanifioren/django-oidc-provider/issues/278
2018-09-14 11:21:57 +02:00
Andy Clayton
36018d19ae support multiple response types per client
The Dynamic Client Registration spec specifies multiple response_types
and grant_types per client
(https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata).
Since grant_types can be inferred from response_types we should be able
to support both without needing to store grant_types.

This also helps with oidc-client-js which expects a client that supports
both "id_token" and "id_token token".
2018-08-16 11:38:46 -05:00
Juan Ignacio Fiorentino
56ad376518 Merge branch 'feature/token_retun_claims' of https://github.com/dhrp/django-oidc-provider into dhrp-feature/token_retun_claims 2018-04-10 18:41:38 -03:00
Juan Ignacio Fiorentino
582587f337 Fix PEP8. New migration. 2018-03-27 17:15:06 -03:00
dhrp
900cc9e5df Now passing along the token to create_id_token function. 2017-12-15 09:29:49 +01:00
Philippe Savoie
5dcd6a10b0 Add pep8 compliance and checker 2017-08-22 11:53:52 -07:00
Jan Brauer
1215c27d7e Redirect URIs must match exactly. (#191)
* Test redirect_uri construction

This was a test marked as TODO.

* Remove duplicate test

* Add tests to exactly match redirect URIs

* Redirect URIs must match exactly.

To quote from the specification at
http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest:

Redirection URI to which the response will be sent. This URI MUST
exactly match one of the Redirection URI values for the Client
pre-registered at the OpenID Provider, with the matching performed as
described in Section 6.2.1 of [RFC3986] (Simple String Comparison).
2017-07-07 09:07:21 +02:00
Wojciech Bartosiak
f07327a713 Bug #187 prompt handling (#188)
prompt parameter changed to list of strings not a simple string
2017-06-06 11:12:37 +02:00
Wojciech Bartosiak
a829726be8 Merge develop to v0.5.x (#179)
* Log create_uri_response exceptions to logger.exception

* Support grant type password - basics

* Add tests for Resource Owner Password Credentials Flow

* Password Grant -Response according to specification

* Better tests for errors, disable grant type password by default

* Add documentation for grant type password

* User authentication failure to return 403

* Add id_token to response

* skipping consent only works for confidential clients

* fix URI fragment

example not working URL `http://localhost:8100/#/auth/callback/`

* OIDC_POST_END_SESSION_HOOK + tests

* Explicit function naming

* Remove print statements

* No need for semicolons, this is Python

* Update CHANGELOG.md

* fixed logger message

* Improved `exp` value calculation

* rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK

* added docs for OIDC_AFTER_END_SESSION_HOOK

*  Replaces `LOGIN_URL` with `OIDC_LOGIN_URL`
so users can use a different login path for their oidc requests.

* Adds a setting variable for custom template paths

* Updates documentation

* Fixed bad try/except/finally block

* Adds test for OIDC_TEMPLATES settings

* Determine value for op_browser_state from session_key or default

* Do not use cookie for browser_state. It may not yet be there

* Add docs on new setting

OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY

* Fix compatibility for older versions of Django

* solved merging typo for missing @property
2017-05-05 05:19:57 +02:00
Ignacio Fiorentino
53166fb9ea Fix TypeError Unicode when using hashlib. 2016-11-04 15:56:51 -03:00
Ignacio Fiorentino
ecba16ed36 Fix bug with id_token without openid scope. 2016-10-31 16:37:51 -03:00
Ignacio Fiorentino
50e5287b48 Initial Session Management version. 2016-10-28 15:25:52 -03:00
Wojciech Bartosiak
59312bf811 redirect URI clean up moved to utils module 2016-10-04 19:32:54 +02:00
Ignacio Fiorentino
c14d2f055a Remove Params() object from endpoints classes. 2016-09-09 14:49:41 -03:00
Ignacio Fiorentino
8a63c83514 Refactoring create_id_token function. 2016-09-09 13:10:12 -03:00
Ignacio Fiorentino
5836774f6b Add user email into id_token. Fix missing OIDC_TOKEN_EXPIRE setting. 2016-09-09 11:43:28 -03:00
Ignacio Fiorentino
f8dbfa5c04 Add Hybrid flow login in view and models. 2016-09-08 16:21:48 -03:00
Graham Ullrich
ba4faee6ef Fix global imports
Global imports ("from X import *") are discouraged in Python.
2016-08-11 16:05:13 -06:00
Brian Rosner
afc3a60ee7
Added at_hash when access token is present
This is required by response type "id_token token", but can be
used by other flows if they choose.
2016-08-05 14:00:00 -06:00
Ignacio Fiorentino
dc9ec1863e Change setting OIDC_USERINFO. 2016-07-07 12:50:27 -03:00
Ignacio Fiorentino
4cc7474c19 Add verbose name and description for scopes. 2016-06-16 17:18:39 -03:00
Ignacio Fiorentino
5255719700 Add date_given to UserConsent model. Add verbose names in models. 2016-06-13 12:15:10 -03:00
Si Feng
be5656bcf4 Make SITE_URL optional. 2016-05-25 14:58:58 -07:00
Ignacio Fiorentino
497f2f3a68 Bump version v0.3.3. 2016-05-03 12:17:22 -03:00
Ignacio Fiorentino
9f9df355a3 Merge branch 'v0.3.x' of https://github.com/juanifioren/django-oidc-provider into feature-jwtalg 2016-04-25 14:55:30 -03:00
Ignacio Fiorentino
61f0c209af Refactoring prompt=none logic. 2016-04-13 17:19:37 -03:00
Ignacio Fiorentino
b05894bf6d Add prompt parameter to authorize view. 2016-04-12 18:19:16 -03:00
Ignacio Fiorentino
6e8af74f76 First intent to implement PKCE. 2016-04-06 18:03:30 -03:00
Ignacio Fiorentino
dff76cd1ea Add HS256 support for JWS. 2016-03-22 16:17:56 -03:00
Nick Mohoric
f8dce31fa2 Changed logging from error to debug 2016-03-17 14:31:41 -04:00
Wojciech Bartosiak
08033bb9ad Fix missing verification of response type for client 2016-03-08 13:21:55 +00:00
juanifioren
25a59c8344 Refactoring supporting OAuth2 flow. 2016-02-16 17:33:12 -03:00
juanifioren
c6534db693 Add nonce validation for Implicit Flow. 2016-01-19 16:05:34 -03:00
juanifioren
253527aa52 Refactoring in authorize endpoint. 2015-07-28 15:55:30 -03:00
Maarten van Schaik
f8366b18f7 Explicitly import the right settings 2015-07-21 15:59:23 +02:00
juanifioren
a08dbdb7d2 Merge branch 'master' of https://github.com/juanifioren/django-oidc-provider into v0.1.0-dev
Conflicts:
	example_project/.gitignore
2015-07-17 11:32:14 -03:00
juanifioren
6dde3a59a8 Add nonce to Code model. Modify create_code function. 2015-07-15 16:23:36 -03:00
juanifioren
0de868941a Modify create_id_token function for supporting nonce. 2015-07-15 16:18:34 -03:00
juanifioren
c995da640c Remove _extract_implicit_params function. 2015-07-15 15:17:47 -03:00
juanifioren
6fc6126a62 Add nonce to _extract_params function. 2015-07-15 15:16:51 -03:00
juanifioren
f52db34d00 Reorder imports. 2015-07-14 12:44:25 -03:00
juanifioren
5371fbfba9 Merge branch 'master' of https://github.com/juanifioren/django-oidc-provider into v0.1.0-dev
Conflicts:
	oidc_provider/lib/endpoints/authorize.py
2015-07-13 17:47:19 -03:00
juanifioren
fe153f51a6 Correct encode_id_token function. 2015-07-13 17:38:03 -03:00
Maarten van Schaik
7632054aad Add support for redirect_uris with query params
Some clients might add extra parameters to the redirect_uri, for
instance as extra verification if proper state parameter handling is not
supported.

This patch adds proper handling of redirect_uris with query parameters.
2015-07-10 12:22:25 +02:00
juanifioren
197818566d Rename setting. 2015-06-24 12:40:00 -03:00
juanifioren
503324ae66 Add user consent logic to authorize endpoint. 2015-06-22 18:42:42 -03:00
juanifioren
68b4847219 Refactoring error logging. 2015-06-19 17:46:00 -03:00
juanifioren
48fcb1da93 Move validate_params function to views (on POST authorize). 2015-06-15 17:34:36 -03:00
juanifioren
124c7366fa Move allow logic to authorize view. 2015-06-15 16:04:44 -03:00
niccolasmendoza@gmail.com
521708f718 adding logger for tests 2015-06-08 16:36:49 -03:00