django-oidc-provider/oidc_provider
Andy Clayton b1e994aa7e Fix token introspection "aud" and "client_id" response
Based on the OAuth 2.0 Token Introspection spec the "aud" field should
be based on the token. Previously "aud" was populated with the id of the
client making the introspection request which seems wrong. This changes
the endpoint to return the value from the token.

The "client_id" field is then changed to return the client id for the
client that originally requested the token rather than returning the
"aud" value from the token.

From the spec https://tools.ietf.org/html/rfc7662:

   client_id
      OPTIONAL.  Client identifier for the OAuth 2.0 client that
      requested this token.

   aud
      OPTIONAL.  Service-specific string identifier or list of string
      identifiers representing the intended audience for this token, as
      defined in JWT [RFC7519].
2018-07-04 09:53:30 -05:00
..
lib Fix token introspection "aud" and "client_id" response 2018-07-04 09:53:30 -05:00
locale Fix translations handling 2016-11-24 13:09:19 +01:00
management Add pep8 compliance and checker 2017-08-22 11:53:52 -07:00
migrations Remove the Resource model 2018-04-23 14:59:56 +01:00
static/oidc_provider/js Initial Session Management version. 2016-10-28 15:25:52 -03:00
templates/oidc_provider Fixed infinite callback loop in check-session iframe 2018-03-28 10:34:01 -04:00
tests Fix token introspection "aud" and "client_id" response 2018-07-04 09:53:30 -05:00
__init__.py Improve admin models. 2015-12-04 13:55:04 -03:00
admin.py Remove the Resource model 2018-04-23 14:59:56 +01:00
apps.py Add new app configuration file. 2015-12-04 13:55:34 -03:00
compat.py Update project to support Django 2.0 2018-02-01 14:00:57 -03:00
middleware.py Merge develop to v0.5.x (#179) 2017-05-05 05:19:57 +02:00
models.py Remove the Resource model 2018-04-23 14:59:56 +01:00
settings.py fix settings to support falsy valued overrides 2018-07-03 13:17:10 -05:00
signals.py Add initial signals logic. 2016-12-01 16:20:34 -03:00
urls.py Add token introspection endpoint to satisfy https://tools.ietf.org/html/rfc7662 2018-04-23 10:47:01 +01:00
views.py example fix for userinfo CORS preflight request 2018-06-19 15:59:28 -05:00