Commit graph

919 commits

Author SHA1 Message Date
Juan Ignacio Fiorentino
b087116818
Update changelog.rst 2018-07-05 18:39:43 -03:00
Juan Ignacio Fiorentino
d825061508 Fix: Token Model crashes in Django Admin when a token has been given to a Client using Client Credentials. 2018-07-05 18:37:01 -03:00
Juan Ignacio Fiorentino
6e442a5f35
Update changelog.rst 2018-07-04 16:27:57 -03:00
Juan Ignacio Fiorentino
bd49ada392
Merge pull request #254 from q3aiml/fix-token-introspection-response
Fix token introspection "aud" and "client_id" response
2018-07-04 16:27:12 -03:00
Andy Clayton
b1e994aa7e Fix token introspection "aud" and "client_id" response
Based on the OAuth 2.0 Token Introspection spec the "aud" field should
be based on the token. Previously "aud" was populated with the id of the
client making the introspection request which seems wrong. This changes
the endpoint to return the value from the token.

The "client_id" field is then changed to return the client id for the
client that originally requested the token rather than returning the
"aud" value from the token.

From the spec https://tools.ietf.org/html/rfc7662:

   client_id
      OPTIONAL.  Client identifier for the OAuth 2.0 client that
      requested this token.

   aud
      OPTIONAL.  Service-specific string identifier or list of string
      identifiers representing the intended audience for this token, as
      defined in JWT [RFC7519].
2018-07-04 09:53:30 -05:00
Juan Ignacio Fiorentino
50733f8135
Update changelog.rst 2018-07-04 11:38:30 -03:00
Juan Ignacio Fiorentino
784456f4b1
Merge pull request #255 from q3aiml/fix-false-valued-settings
fix settings to support falsy valued overrides
2018-07-04 11:37:14 -03:00
Andy Clayton
6900e637ab add OIDC_INTROSPECTION_VALIDATE_AUDIENCE_SCOPE test
Missing test exposed as part of 0750429 bug fix.
2018-07-03 15:15:12 -05:00
Andy Clayton
0750429992 fix settings to support falsy valued overrides
Up until recently there were settings with truthy defaults but with no
need to be set to a false value. That changed with
OIDC_INTROSPECTION_VALIDATE_AUDIENCE_SCOPE. Now there is a setting that
has both a true default and a meaningful false value, and without this
fix that setting cannot be changed making it not much of a setting at
all.
2018-07-03 13:17:10 -05:00
Juan Ignacio Fiorentino
72f123c0b5
Update changelog.rst 2018-07-02 14:23:05 -03:00
Juan Ignacio Fiorentino
055a007cda
Merge pull request #251 from q3aiml/userinfo-cors-preflight
example fix for userinfo CORS preflight request
2018-07-02 14:20:21 -03:00
Andy Clayton
0adb95d25f example fix for userinfo CORS preflight request
Example for
https://github.com/juanifioren/django-oidc-provider/issues/249. If this
approach seems acceptable I can add/update tests.
2018-06-19 15:59:28 -05:00
Juan Ignacio Fiorentino
f073c2ef51
Merge pull request #246 from meteozond/patch-1
Fix a little docstring typo
2018-06-04 10:55:11 -03:00
Juan Ignacio Fiorentino
2ed0d21f12
Merge branch 'develop' into patch-1 2018-06-04 10:54:55 -03:00
Alexander Klimenko
76c169e73e
fix little docstring typo 2018-06-04 10:56:31 +03:00
Juan Ignacio Fiorentino
dfcc3de01c
Merge pull request #245 from suutari-ai/remove-extra-scope-param-from-hook
Remove scope param from OIDC_IDTOKEN_PROCESSING_HOOK
2018-05-31 18:01:36 -03:00
Tuomas Suutari
c95497dbd9 Remove scope param from OIDC_IDTOKEN_PROCESSING_HOOK
There is no need to pass in the scope parameter separately, since the
scope is available via the token parameter already.
2018-05-31 10:23:58 +03:00
Juan Ignacio Fiorentino
122b5c19fd
Update installation.rst 2018-05-28 12:50:03 -03:00
Juan Ignacio Fiorentino
acc3cf588b
Update settings.rst 2018-05-28 12:38:53 -03:00
Juan Ignacio Fiorentino
ac509f7a82
Update changelog.rst 2018-05-24 12:29:35 -03:00
Juan Ignacio Fiorentino
c1c84d4961
Merge pull request #194 from suutari-ai/scope-for-idtoken-processor
Pass scope, token and request to OIDC_IDTOKEN_PROCESSING_HOOK.
2018-05-24 12:20:49 -03:00
Tuomas Suutari
7eb31574ee Document the new ID token processing hook parameters 2018-05-24 09:31:07 +03:00
Tuomas Suutari
b0a82aa4ab Pass token and request to OIDC_ID_TOKEN_PROCESSING_HOOK
The ID token processing hook might need the token or request too, so
make them available.
2018-05-24 09:31:05 +03:00
Tuomas Suutari
93420461b4 Merge branch 'develop' of github.com:juanifioren/django-oidc-provider
* 'develop' of github.com:juanifioren/django-oidc-provider:
  Update changelog.rst
  include request in password grant authenticate call
  Update setup.py
  Update changelog.rst
  Update changelog.rst
  Adjust import order and method order in introspection tests
  Replace resource with client in docs.
  Update settings docs to add extra introspection setting
  Update README.md
  Update README.md
  Remove the Resource model
  Skip csrf protection on introspection endpoint
  Add token introspection endpoint to satisfy https://tools.ietf.org/html/rfc7662
  Test docs with tox.
  Remove Django 1.7 for travis.
  Drop support for Django 1.7.
  Move extract_client_auth to oauth2 utils.
  Remove duplicate link in docs.
  Bump version v0.6.0.
  Fix BaseCodeTokenModel and user attr.
  Update README.md
  Edit README and contribute doc.
  Edit changelog.
  Update changelog.rst
  Add protected_resource_view test using client_credentials.
  Fix docs.
  Improve docs.
  Client credentials implementation.
  Move changelog into docs.
  Update README.md
  Update CHANGELOG.md
  Fixed infinite callback loop in check-session iframe
  Fix PEP8. New migration.
  Update example project.
  Fix PEP8.
  Fix PEP8.
  PEP8 errors and urls.
  PEP8 models.
  Fix contribute docs.
  Fix tox for checking PEP8 all files.
  Update README.md
  Update README.md
  Simplify test suit.
  Update CHANGELOG.md
  Bump version 0.5.3.
  Update installation.rst
  Update CHANGELOG.md
  Fixed wrong Object in Template
  Update project to support Django 2.0
  Now passing along the token to create_id_token function.
  Made token and token_refresh endpoint return requested claims.
  Sphinx documentation fixes (#219)
  Use request.user.is_authenticated as a bool with recent Django (#216)
  Fixed client id retrieval when aud is a list of str. (#210)
  Add owner field to Client (#211)
  Update CHANGELOG
  removed tab char
  Add pep8 compliance and checker
  Bump version
  Update CHANGELOG.md
  Preparing v0.5.2 (#201)
  Fix Django 2.0 deprecation warnings (#185)
  Fix infinite login loop if "prompt=login" (#198)
  fixed typos
  Bump version
  Fix scope handling of token endpoint (#193)
  Fixes #192
  Use stored user consent for public clients too (#189)
  Redirect URIs must match exactly. (#191)
  Bug #187 prompt handling (#188)
  Don't pin exact versions in install_requires.
2018-05-24 00:16:26 +03:00
Juan Ignacio Fiorentino
58bd8ec62c
Update changelog.rst 2018-05-15 10:45:05 -03:00
Juan Ignacio Fiorentino
26f06293c5
Merge pull request #221 from q3aiml/auth-call-with-request
include request in password grant authenticate call
2018-05-15 10:43:54 -03:00
Andy Clayton
713d15297c include request in password grant authenticate call
An an example this can be used to help implement measures against brute
force attacks and to alert on or mitigate other untrusted authentication
attempts.
2018-05-12 09:18:56 -05:00
Juan Ignacio Fiorentino
f132e041d5
Update setup.py 2018-04-27 14:47:07 -03:00
Juan Ignacio Fiorentino
948745d6ff
Update changelog.rst 2018-04-27 10:34:48 -03:00
Juan Ignacio Fiorentino
9a24257305
Update changelog.rst 2018-04-27 10:33:39 -03:00
Juan Ignacio Fiorentino
1ba8c5c6de
Merge pull request #231 from mdaniline/develop
Add token introspection endpoint
2018-04-26 20:39:47 -03:00
Maxim Daniline
eed58197bd Adjust import order and method order in introspection tests 2018-04-26 10:12:52 +01:00
Juan Ignacio Fiorentino
5a65ac17f9
Replace resource with client in docs. 2018-04-24 11:10:27 -03:00
Maxim Daniline
20a355d9f5 Update settings docs to add extra introspection setting 2018-04-24 10:09:49 +01:00
Juan Ignacio Fiorentino
7c7101d782
Update README.md 2018-04-23 16:00:33 -03:00
Juan Ignacio Fiorentino
4f704ab527
Update README.md 2018-04-23 16:00:00 -03:00
Maxim Daniline
8eeaf5cf33 Remove the Resource model 2018-04-23 14:59:56 +01:00
Maxim Daniline
00f3efa158 Skip csrf protection on introspection endpoint 2018-04-23 10:47:01 +01:00
Maxim Daniline
180aad9a36 Add token introspection endpoint to satisfy https://tools.ietf.org/html/rfc7662 2018-04-23 10:47:01 +01:00
Juan Ignacio Fiorentino
eca5b06760 Test docs with tox. 2018-04-20 18:23:41 -03:00
Juan Ignacio Fiorentino
2fa970fc5a Remove Django 1.7 for travis. 2018-04-20 12:34:14 -03:00
Juan Ignacio Fiorentino
78fbd53452 Drop support for Django 1.7. 2018-04-20 12:29:48 -03:00
Juan Ignacio Fiorentino
21a64b262c Move extract_client_auth to oauth2 utils. 2018-04-20 12:00:38 -03:00
Juan Ignacio Fiorentino
61d88014c9 Remove duplicate link in docs. 2018-04-20 11:19:59 -03:00
Juan Ignacio Fiorentino
c06bf43f22 Bump version v0.6.0. 2018-04-13 16:48:06 -03:00
Juan Ignacio Fiorentino
63bf3232bd Merge branch 'develop' of https://github.com/juanifioren/django-oidc-provider into develop 2018-04-13 16:37:09 -03:00
Juan Ignacio Fiorentino
776f040624 Fix BaseCodeTokenModel and user attr. 2018-04-13 16:36:51 -03:00
Juan Ignacio Fiorentino
6a74e913dc
Update README.md 2018-04-10 22:25:07 -03:00
Juan Ignacio Fiorentino
9534ff49bb Edit README and contribute doc. 2018-04-10 22:04:24 -03:00
Juan Ignacio Fiorentino
9b7be87dad Edit changelog. 2018-04-10 21:53:29 -03:00