kumi/django-oidc-provider
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
810 commits 1 branch 0 tags 2.4 MiB
Python 96.1%
HTML 3.8%
Go to file
Tuomas Suutari ea340993b1 Fix scope handling of token endpoint (#193) 
The token endpoint handled the scope parameter incorrectly for all of
the three handled grant types:

 1. For "authorization_code" grant type the scope parameter in the token
    request should not be respected but the scope should be taken from
    the authorization code.  It was not totally ignored, but rather the
    scope parameter of the token request was used for the generated ID
    token.  This had two consequences:

      * Spec conforming implementations of authorization code flow
        didn't get correct ID tokens, since they usually don't pass
        scope parameter with the token request.

      * It's possible to get a broader scope for the ID token than what
        is authorized by the user in the original authorization code
        request.

 2. For "refresh_token" grant type the scope parameter in the token
    request should only allow narrowing down the scope.  It wasn't
    narrowed, but rather the original auth code scope was used for the
    access token and the passed in scope parameter was used for the ID
    token (again allowing unauthorized scopes in the ID token).

 3. For "password" grant type the scope parameter in the token request
    should be respected.  The problem with this was that it wasn't
    properly splitted when passed to ID token creation.

Fixes #186
2017-07-10 17:48:12 +02:00
docs Fixes #192 2017-07-07 17:47:11 +02:00
example_project Adds per-client consent customization 2017-04-11 13:16:06 -07:00
oidc_provider Fix scope handling of token endpoint (#193) 2017-07-10 17:48:12 +02:00
.gitignore Add tests for at_hash 2016-08-08 11:24:07 -06:00
.travis.yml added python 3.6 and django 1.11 2017-05-08 16:25:44 +02:00
CHANGELOG.md Bump version v0.5.1. 2017-05-18 23:49:06 -03:00
LICENSE Bump version v0.4.3. 2016-11-02 12:28:39 -03:00
MANIFEST.in Fix translations handling 2016-11-24 13:09:19 +01:00
README.md Update README.md 2016-12-02 12:27:08 -03:00
runtests.py Allow test suite specification 2016-08-11 16:19:10 -06:00
setup.py Merge pull request #176 from qedsoftware/develop 2017-05-18 23:57:10 -03:00
tox.ini added TOX for Django 1.11 and PYthon 3.6 2017-05-05 05:43:39 +02:00

README.md

Django OIDC Provider

Python Versions PyPI Versions Documentation Status Travis

About OpenID

OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol, which allows computing clients to verify the identity of an end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end-user in an interoperable and REST-like manner. Like Google for example.

About the package

django-oidc-provider can help you providing out of the box all the endpoints, data and logic needed to add OpenID Connect capabilities to your Django projects.

Support for Python 3 and 2. Also latest versions of django.

Read docs for more info.

Contributing

Join us! we love contributions, so please feel free to fix bugs, improve things, provide documentation. You SHOULD follow this steps:

  • Fork the project.
  • Make your feature addition or bug fix.
  • Add tests for it inside oidc_provider/tests. Then run all and ensure everything is OK (read docs for how to test in all envs).
  • Send pull request to the develop branch.