Based on the OAuth 2.0 Token Introspection spec the "aud" field should be based on the token. Previously "aud" was populated with the id of the client making the introspection request which seems wrong. This changes the endpoint to return the value from the token. The "client_id" field is then changed to return the client id for the client that originally requested the token rather than returning the "aud" value from the token. From the spec https://tools.ietf.org/html/rfc7662: client_id OPTIONAL. Client identifier for the OAuth 2.0 client that requested this token. aud OPTIONAL. Service-specific string identifier or list of string identifiers representing the intended audience for this token, as defined in JWT [RFC7519]. |
||
---|---|---|
docs | ||
example | ||
oidc_provider | ||
.gitignore | ||
.travis.yml | ||
LICENSE | ||
MANIFEST.in | ||
README.md | ||
setup.py | ||
tox.ini |
Django OpenID Connect Provider
About OpenID
OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol, which allows computing clients to verify the identity of an end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end-user in an interoperable and REST-like manner. Like Google for example.
About the package
django-oidc-provider
can help you providing out of the box all the endpoints, data and logic needed to add OpenID Connect (and OAuth2) capabilities to your Django projects.
Support for Python 3 and 2. Also latest versions of django.