No description
5165312d01
When using Implicit Flow, it should be OK to use the stored user consent even if the client is public. The redirect uri checks should make sure that the stored consent of another client cannot be misused to get a consent to a site that is not related to the client. It is also important to support this, since public clients using Implicit Flow do not have a refresh token to update their access tokens, so only way to keep their login session open is by issuing authorization requests from an iframe with the "prompt=none" parameter (which does not work without the previously stored consent). See the following links for more info and examples on how to renew the access token with SPAs: https://auth0.com/docs/api-auth/tutorials/silent-authentication#refresh-expired-tokens https://damienbod.com/2017/06/02/ https://github.com/IdentityServer/IdentityServer3/issues/719#issuecomment-230145034 |
||
---|---|---|
docs | ||
example_project | ||
oidc_provider | ||
.gitignore | ||
.travis.yml | ||
CHANGELOG.md | ||
LICENSE | ||
MANIFEST.in | ||
README.md | ||
runtests.py | ||
setup.py | ||
tox.ini |
Django OIDC Provider
About OpenID
OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol, which allows computing clients to verify the identity of an end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end-user in an interoperable and REST-like manner. Like Google for example.
About the package
django-oidc-provider
can help you providing out of the box all the endpoints, data and logic needed to add OpenID Connect capabilities to your Django projects.
Support for Python 3 and 2. Also latest versions of django.
Contributing
Join us! we love contributions, so please feel free to fix bugs, improve things, provide documentation. You SHOULD follow this steps:
- Fork the project.
- Make your feature addition or bug fix.
- Add tests for it inside
oidc_provider/tests
. Then run all and ensure everything is OK (read docs for how to test in all envs). - Send pull request to the
develop
branch.