Commit graph

35 commits

Author SHA1 Message Date
Jan Brauer
f78e2be3c5 Fix infinite login loop if "prompt=login" (#198)
* Add test to expose issue #197

* Strip 'login' from prompt before redirecting

This fixes #197. Otherwise the user would have to login once,
then is immediately logged out and prompted to login again.

* Only remove 'login' if present

* Don't append an empty prompt parameter

* Inline variable
2017-07-19 10:52:10 +02:00
Tuomas Suutari
5165312d01 Use stored user consent for public clients too (#189)
When using Implicit Flow, it should be OK to use the stored user consent
even if the client is public.  The redirect uri checks should make sure
that the stored consent of another client cannot be misused to get a
consent to a site that is not related to the client.

It is also important to support this, since public clients using
Implicit Flow do not have a refresh token to update their access tokens,
so only way to keep their login session open is by issuing authorization
requests from an iframe with the "prompt=none" parameter (which does not
work without the previously stored consent).  See the following links
for more info and examples on how to renew the access token with SPAs:

https://auth0.com/docs/api-auth/tutorials/silent-authentication#refresh-expired-tokens

https://damienbod.com/2017/06/02/

https://github.com/IdentityServer/IdentityServer3/issues/719#issuecomment-230145034
2017-07-07 13:18:36 +02:00
Jan Brauer
1215c27d7e Redirect URIs must match exactly. (#191)
* Test redirect_uri construction

This was a test marked as TODO.

* Remove duplicate test

* Add tests to exactly match redirect URIs

* Redirect URIs must match exactly.

To quote from the specification at
http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest:

Redirection URI to which the response will be sent. This URI MUST
exactly match one of the Redirection URI values for the Client
pre-registered at the OpenID Provider, with the matching performed as
described in Section 6.2.1 of [RFC3986] (Simple String Comparison).
2017-07-07 09:07:21 +02:00
Wojciech Bartosiak
f07327a713 Bug #187 prompt handling (#188)
prompt parameter changed to list of strings not a simple string
2017-06-06 11:12:37 +02:00
Wojciech Bartosiak
a829726be8 Merge develop to v0.5.x (#179)
* Log create_uri_response exceptions to logger.exception

* Support grant type password - basics

* Add tests for Resource Owner Password Credentials Flow

* Password Grant -Response according to specification

* Better tests for errors, disable grant type password by default

* Add documentation for grant type password

* User authentication failure to return 403

* Add id_token to response

* skipping consent only works for confidential clients

* fix URI fragment

example not working URL `http://localhost:8100/#/auth/callback/`

* OIDC_POST_END_SESSION_HOOK + tests

* Explicit function naming

* Remove print statements

* No need for semicolons, this is Python

* Update CHANGELOG.md

* fixed logger message

* Improved `exp` value calculation

* rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK

* added docs for OIDC_AFTER_END_SESSION_HOOK

*  Replaces `LOGIN_URL` with `OIDC_LOGIN_URL`
so users can use a different login path for their oidc requests.

* Adds a setting variable for custom template paths

* Updates documentation

* Fixed bad try/except/finally block

* Adds test for OIDC_TEMPLATES settings

* Determine value for op_browser_state from session_key or default

* Do not use cookie for browser_state. It may not yet be there

* Add docs on new setting

OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY

* Fix compatibility for older versions of Django

* solved merging typo for missing @property
2017-05-05 05:19:57 +02:00
kaveh
b164388e15 Adds per-client consent customization 2017-04-11 13:16:06 -07:00
Ignacio Fiorentino
8a63c83514 Refactoring create_id_token function. 2016-09-09 13:10:12 -03:00
Ignacio Fiorentino
439774aeeb Add test for Hybrid flow. Plus refactoring. 2016-09-08 17:15:25 -03:00
Graham Ullrich
ba4faee6ef Fix global imports
Global imports ("from X import *") are discouraged in Python.
2016-08-11 16:05:13 -06:00
Graham Ullrich
e822252b6e Use original test files 2016-08-08 12:20:47 -06:00
Graham Ullrich
ffddb69f80 Add tests for at_hash
Ensure at_hash is present in id_token when warranted.
2016-08-08 11:24:07 -06:00
Ignacio Fiorentino
8320394a67 Refactoring variables. 2016-04-14 17:45:30 -03:00
Ignacio Fiorentino
bc6a083571 Refactoring tests. 2016-04-14 16:22:38 -03:00
Ignacio Fiorentino
3f5992100a Not auto-approve requests for non-confidential clients. 2016-04-08 18:09:24 -03:00
Ignacio
b1b8247cb0 Add hidden inputs for PKCE. Fix bug with AES. 2016-04-07 11:45:35 -03:00
juanifioren
6646bdb92a Add OIDC_SKIP_CONSENT_ALWAYS setting. 2016-02-01 14:34:39 -03:00
juanifioren
998ea5fcd1 Implementation of RSA Keys using Models. Also providing DOC. 2016-01-25 17:52:24 -03:00
juanifioren
44a32a55ad Add tests for Implicit Flow. 2016-01-19 16:08:13 -03:00
juanifioren
46b0c2f244 Add test to authorize endpoint. 2015-07-28 15:54:52 -03:00
juanifioren
b9806ed102 Remove unnecessary settings rewrite in tests. 2015-07-22 16:25:17 -03:00
juanifioren
051c29a262 Refactoring tests. 2015-07-14 13:27:46 -03:00
Maarten van Schaik
7632054aad Add support for redirect_uris with query params
Some clients might add extra parameters to the redirect_uri, for
instance as extra verification if proper state parameter handling is not
supported.

This patch adds proper handling of redirect_uris with query parameters.
2015-07-10 12:22:25 +02:00
juanifioren
27110b65e4 Use decode with utf-8 encoding. 2015-07-01 17:20:16 -03:00
juanifioren
447d026a41 Add urllib and change iteritems() with items(). 2015-07-01 16:43:35 -03:00
juanifioren
e2a0f8ec60 Add urllib compatibility. 2015-07-01 12:53:41 -03:00
juanifioren
74212d6961 Clean test. 2015-07-01 12:26:00 -03:00
juanifioren
197818566d Rename setting. 2015-06-24 12:40:00 -03:00
juanifioren
4021441c76 Add test for user consent skip feature. 2015-06-23 16:32:12 -03:00
Juan Ignacio Fiorentino
2529fef5ba Fix test_authorize_endpoint messages. 2015-04-30 12:42:00 -03:00
juanifioren
07e80d5d5c Fix in tests when setting a hook. 2015-03-30 15:37:48 -03:00
juanifioren
f85a4c1d7f No need of that naming in authorize tests. 2015-03-19 14:19:27 -03:00
juanifioren
46f57ae7f2 Unnecessary assignment in test_authorize_endpoint. 2015-03-12 12:42:52 -03:00
juanifioren
dda38fd451 Fix in authorize endpoint tests. 2015-03-11 14:36:52 -03:00
juanifioren
c9c5982c35 Add provider info test. Add some msg to tests. 2015-03-06 12:56:35 -03:00
juanifioren
07c92e8182 Complete some tests. Also change a few things on them. 2015-02-27 17:40:17 -03:00
Renamed from oidc_provider/tests/test_authorization_code_flow.py (Browse further)