django-oidc-provider/oidc_provider/lib/utils/token.py

from datetime import timedelta
import time
import uuid

from django.utils import timezone
import jwt

from oidc_provider.models import *
from oidc_provider import settings


def create_id_token(iss, sub, aud, auth_time):
    """
    Receives a user object, iss (issuer) and aud (audience).
    Then creates the id_token dic.
    See: http://openid.net/specs/openid-connect-core-1_0.html#IDToken

    Return a dic.
    """
    expires_in = settings.get('OIDC_IDTOKEN_EXPIRE')

    now = timezone.now()

    # Convert datetimes into timestamps.
    iat_time = time.mktime(now.timetuple())
    exp_time = time.mktime((now + timedelta(seconds=expires_in)).timetuple())
    user_auth_time = time.mktime(auth_time.timetuple())

    dic = {
        'iss': iss,
        'sub': sub,
        'aud': aud,
        'exp': exp_time,
        'iat': iat_time,
        'auth_time': user_auth_time,
    }

    return dic


def encode_id_token(id_token_dic, client_secret):
    """
    Represent the ID Token as a JSON Web Token (JWT).

    Return a hash.
    """
    id_token_hash = jwt.encode(id_token_dic, client_secret)

    return id_token_hash


def create_token(user, client, id_token_dic, scope):
    """
    Create and populate a Token object.

    Return a Token object.
    """
    token = Token()
    token.user = user
    token.client = client
    token.access_token = uuid.uuid4().hex

    token.id_token = id_token_dic

    token.refresh_token = uuid.uuid4().hex
    token.expires_at = timezone.now() + timedelta(
        seconds=settings.get('OIDC_TOKEN_EXPIRE'))
    token.scope = scope

    return token


def create_code(user, client, scope):
    """
    Create and populate a Code object.

    Return a Code object.
    """
    code = Code()
    code.user = user
    code.client = client
    code.code = uuid.uuid4().hex
    code.expires_at = timezone.now() + timedelta(
        seconds=settings.get('OIDC_CODE_EXPIRE'))
    code.scope = scope

    return code