improve OIDC compatibility

2019-06-25 17:57:25 +02:00 · 2019-06-25 17:57:25 +02:00 · 98c844f3d6
parent 2645bd0132
commit 98c844f3d6
3 changed files with 9 additions and 3 deletions
--- a/passbook/core/views/authentication.py
+++ b/passbook/core/views/authentication.py
@ -71,7 +71,7 @@ class LoginView(UserPassesTestMixin, FormView):
        if not pre_user:
            # No user found
            return self.invalid_login(self.request)
-        self.request.session.flush()
+        # self.request.session.flush()
        self.request.session[AuthenticationView.SESSION_PENDING_USER] = pre_user.pk
        return _redirect_with_qs('passbook_core:auth-process', self.request.GET)

--- a/passbook/oauth_provider/settings.py
+++ b/passbook/oauth_provider/settings.py
@ -20,6 +20,7 @@ OAUTH2_PROVIDER_APPLICATION_MODEL = 'passbook_oauth_provider.OAuth2Provider'
 OAUTH2_PROVIDER = {
    # this is the list of available scopes
    'SCOPES': {
+        'openid': 'Access OpenID Userinfo',
        'openid:userinfo': 'Access OpenID Userinfo',
        # 'write': 'Write scope',
        # 'groups': 'Access to your groups',
--- a/passbook/oauth_provider/views/openid.py
+++ b/passbook/oauth_provider/views/openid.py
@ -8,16 +8,21 @@ from django.views.generic import View
 class OpenIDConfigurationView(View):
    """Return OpenID Configuration"""

+    def get_issuer_url(self, request):
+        """Get correct issuer URL"""
+        full_url = request.build_absolute_uri(reverse('passbook_oauth_provider:openid-discovery'))
+        return full_url.replace(".well-known/openid-configuration", "")
+
    def get(self, request: HttpRequest):
        """Get Response conform to https://openid.net/specs/openid-connect-discovery-1_0.html"""
        return JsonResponse({
-            'issuer': request.build_absolute_uri(reverse('passbook_core:overview')),
+            'issuer': self.get_issuer_url(rqeuest),
            'authorization_endpoint': request.build_absolute_uri(
                reverse('passbook_oauth_provider:oauth2-authorize')),
            'token_endpoint': request.build_absolute_uri(reverse('passbook_oauth_provider:token')),
            "jwks_uri": request.build_absolute_uri(reverse('passbook_oauth_provider:openid-jwks')),
            "scopes_supported": [
-                "openid:userinfo",
+                "openid",
            ],
        })