Commit graph

805 commits

Author SHA1 Message Date
Tuomas Suutari
eb682f23ff Pass scope to OIDC_IDTOKEN_PROCESSING_HOOK
The ID token processing hook might want to add claims to the ID token
conditionally based on the scope parameter.  Therefore it would be very
useful to provide the scope parameter to the processing hook.
2017-07-07 22:56:35 +03:00
Tuomas Suutari
6199a9a17e Fix scope handling of token endpoint
The token endpoint handled the scope parameter incorrectly for all of
the three handled grant types:

 1. For "authorization_code" grant type the scope parameter in the token
    request should not be respected but the scope should be taken from
    the authorization code.  It was not totally ignored, but rather the
    scope parameter of the token request was used for the generated ID
    token.  This had two consequences:

      * Spec conforming implementations of authorization code flow
        didn't get correct ID tokens, since they usually don't pass
        scope parameter with the token request.

      * It's possible to get a broader scope for the ID token than what
        is authorized by the user in the original authorization code
        request.

 2. For "refresh_token" grant type the scope parameter in the token
    request should only allow narrowing down the scope.  It wasn't
    narrowed, but rather the original auth code scope was used for the
    access token and the passed in scope parameter was used for the ID
    token (again allowing unauthorized scopes in the ID token).

 3. For "password" grant type the scope parameter in the token request
    should be respected.  The problem with this was that it wasn't
    properly splitted when passed to ID token creation.

Fixes #186
2017-07-07 22:17:09 +03:00
Ignacio Fiorentino
1397439b09 Bump version v0.5.1. 2017-05-18 23:49:06 -03:00
Wojciech Bartosiak
fd7bbab96d Bump version 0.5.1 2017-05-09 00:40:24 +02:00
Wojciech Bartosiak
4d00144ca0 Adding python 3.6 and Django 1.11
Adding python 3.6 and Django 1.11
2017-05-09 00:38:42 +02:00
Wojciech Bartosiak
2efd38cb64 Merge pull request #183 from wojtek-fliposports/feature-django-and-python-upgrade
Feature django 1.11 and python 3.6 upgrade
2017-05-08 18:20:26 +02:00
Wojciech Bartosiak
3cc211a2c9 Merge pull request #182 from juanifioren/revert-180-feature-django-and-python-upgrade
reverted wrong commit
2017-05-08 18:18:42 +02:00
Wojciech Bartosiak
8c55cf0cb6 Revert "added TOX for Django 1.11 and Python 3.6 (#180)"
This reverts commit 2bb4229cfe.
2017-05-08 17:59:03 +02:00
Wojciech Bartosiak
2bb4229cfe added TOX for Django 1.11 and Python 3.6 (#180)
* added TOX for Django 1.11 and PYthon 3.6

* added python 3.6 and django 1.11
2017-05-08 17:54:50 +02:00
Wojciech Bartosiak
2e36d2a161 added python 3.6 and django 1.11 2017-05-08 16:25:44 +02:00
Wojciech Bartosiak
baad8246c7 added TOX for Django 1.11 and PYthon 3.6 2017-05-05 05:43:39 +02:00
Wojciech Bartosiak
a829726be8 Merge develop to v0.5.x (#179)
* Log create_uri_response exceptions to logger.exception

* Support grant type password - basics

* Add tests for Resource Owner Password Credentials Flow

* Password Grant -Response according to specification

* Better tests for errors, disable grant type password by default

* Add documentation for grant type password

* User authentication failure to return 403

* Add id_token to response

* skipping consent only works for confidential clients

* fix URI fragment

example not working URL `http://localhost:8100/#/auth/callback/`

* OIDC_POST_END_SESSION_HOOK + tests

* Explicit function naming

* Remove print statements

* No need for semicolons, this is Python

* Update CHANGELOG.md

* fixed logger message

* Improved `exp` value calculation

* rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK

* added docs for OIDC_AFTER_END_SESSION_HOOK

*  Replaces `LOGIN_URL` with `OIDC_LOGIN_URL`
so users can use a different login path for their oidc requests.

* Adds a setting variable for custom template paths

* Updates documentation

* Fixed bad try/except/finally block

* Adds test for OIDC_TEMPLATES settings

* Determine value for op_browser_state from session_key or default

* Do not use cookie for browser_state. It may not yet be there

* Add docs on new setting

OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY

* Fix compatibility for older versions of Django

* solved merging typo for missing @property
2017-05-05 05:19:57 +02:00
Wojciech Bartosiak
38ee8f15fd solved merging typo for missing @property 2017-05-05 05:10:38 +02:00
Wojciech Bartosiak
101130e47a Merge branch 'v0.5.x' into develop 2017-05-05 04:57:21 +02:00
Wojciech Bartosiak
0559648b4a Merge pull request #173 from gertjanol/bugfix-keyerror-on-cookie
Use value from setting to determine browser state
2017-04-18 15:43:50 +02:00
Gertjan Oude Lohuis
26b2efe361 Fix compatibility for older versions of Django 2017-04-18 14:24:43 +02:00
Gertjan Oude Lohuis
35532634fa Add docs on new setting
OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY
2017-04-18 14:24:43 +02:00
Gertjan Oude Lohuis
542479a227 Do not use cookie for browser_state. It may not yet be there 2017-04-18 14:24:43 +02:00
Gertjan Oude Lohuis
62a0a48678 Determine value for op_browser_state from session_key or default 2017-04-18 14:24:37 +02:00
Wojciech Bartosiak
e7947e2738 Merge pull request #163 from ka7eh/feature-skip-consent-per-client
Adds per-client consent customization
2017-04-12 10:25:53 +02:00
Wojciech Bartosiak
748a8bdfb8 Merge pull request #167 from ka7eh/feature-templates-in-settings
Adds OIDC_TEMPLATES to settings
2017-04-12 10:20:36 +02:00
kaveh
e090db2d6c Adds test for OIDC_TEMPLATES settings 2017-04-11 15:20:37 -07:00
kaveh
b164388e15 Adds per-client consent customization 2017-04-11 13:16:06 -07:00
Wojciech Bartosiak
8e8d41bf43 Merge pull request #166 from ka7eh/feature-separate-login-url
Replaces `LOGIN_URL` with `OIDC_LOGIN_URL`
2017-04-09 15:02:36 +02:00
kaveh
959c7a0929 Fixed bad try/except/finally block 2017-04-07 16:59:40 -07:00
kaveh
cca8c81c67 Updates documentation 2017-04-07 16:54:31 -07:00
Wojciech Bartosiak
5beac9893a Merge pull request #169 from juanifioren/revert-168-v0.4.x
Revert "Fix documentation typo for OIDC_EXTRA_SCOPE_CLAIMS"
2017-04-06 18:51:27 +01:00
Wojciech Bartosiak
2bfb17fac8 Revert "Fix documentation typo for OIDC_EXTRA_SCOPE_CLAIMS" 2017-04-06 19:51:07 +02:00
Wojciech Bartosiak
8a61e366a4 Merge pull request #168 from honewatson/v0.4.x
Fix documentation typo for OIDC_EXTRA_SCOPE_CLAIMS
2017-04-06 18:50:49 +01:00
honewatson
b46c92a3e8 Fix documentation typo for OIDC_EXTRA_SCOPE_CLAIMS
Replace 'OIDC_USERINFO' with 'OIDC_EXTRA_SCOPE_CLAIMS' for extra scope claims settings.py
2017-04-02 14:34:50 +10:00
kaveh
41003e1e83 Adds a setting variable for custom template paths 2017-03-31 14:25:42 -07:00
kaveh
bddbb68614 Replaces LOGIN_URL with OIDC_LOGIN_URL
so users can use a different login path for their oidc requests.
2017-03-31 13:41:26 -07:00
Wojciech Bartosiak
d5111ed881 Merge pull request #162 from wojtek-fliposports/fix_after_login_hook_doc
rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK
2017-03-31 13:30:55 +01:00
Wojciech Bartosiak
ca98c33a7d added docs for OIDC_AFTER_END_SESSION_HOOK 2017-03-31 13:00:33 +01:00
Wojciech Bartosiak
9ddbdbf294 rename OIDC_POST_END_SESSION_HOOK to OIDC_AFTER_END_SESSION_HOOK 2017-03-31 13:00:24 +01:00
Wojciech Bartosiak
0d578de59c Merge pull request #161 from wojtek-fliposports/test_create_id_token_fix
Improved `exp` value calculation
2017-03-31 07:13:24 +01:00
Wojciech Bartosiak
721342fcb2 Improved exp value calculation 2017-03-30 23:18:21 +01:00
Wojciech Bartosiak
e9de35b919 Merge pull request #160 from wojtek-fliposports/fixing_logger_exception
Fixing logger exception
2017-03-30 22:03:30 +01:00
Wojciech Bartosiak
30bb06d478 fixed logger message 2017-03-30 21:45:14 +01:00
Wojciech Bartosiak
d392a14223 Merge pull request #12 from juanifioren/develop
Develop
2017-03-30 21:36:34 +01:00
Wojciech Bartosiak
a9e90498c3 Merge pull request #159 from wojtek-fliposports/develop
Update CHANGELOG.md
2017-03-28 10:14:35 +01:00
Wojciech Bartosiak
2eca82a5b7 Update CHANGELOG.md 2017-03-28 10:02:29 +01:00
Wojciech Bartosiak
5a4292677b Merge pull request #147 from uhavin/feature-granttype-password
Feature granttype password
2017-03-28 10:02:06 +01:00
Wojciech Bartosiak
af57fd0056 Merge pull request #11 from juanifioren/develop
Develop
2017-03-28 09:50:14 +01:00
Niels van Huijstee
82dee87ebe No need for semicolons, this is Python 2017-03-28 10:38:43 +02:00
Niels van Huijstee
a640358182 Remove print statements 2017-03-28 10:37:31 +02:00
Niels van Huijstee
ed3f9988aa Explicit function naming 2017-03-28 10:37:02 +02:00
Wojciech Bartosiak
9fd2494465 Merge pull request #152 from wojtek-fliposports/feature-end-session-hook
OIDC_POST_END_SESSION_HOOK + tests
2017-03-27 17:40:41 +01:00
Wojciech Bartosiak
9e70b9597e Merge pull request #134 from ByteInternet/switch_debug_to_error_when_server_encounters_error
Log create_uri_response exceptions to logger.exception
2017-03-27 17:37:39 +01:00
Juan Ignacio Fiorentino
1727073447 Merge pull request #158 from ngrjs/patch-1
Update accesstokens.rst.
2017-03-27 09:58:54 -03:00