From 98c844f3d64b9c78c68830191f04e0647466de7d Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 25 Jun 2019 17:57:25 +0200 Subject: [PATCH] improve OIDC compatibility --- passbook/core/views/authentication.py | 2 +- passbook/oauth_provider/settings.py | 1 + passbook/oauth_provider/views/openid.py | 9 +++++++-- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/passbook/core/views/authentication.py b/passbook/core/views/authentication.py index 32373d701..3879dd7e1 100644 --- a/passbook/core/views/authentication.py +++ b/passbook/core/views/authentication.py @@ -71,7 +71,7 @@ class LoginView(UserPassesTestMixin, FormView): if not pre_user: # No user found return self.invalid_login(self.request) - self.request.session.flush() + # self.request.session.flush() self.request.session[AuthenticationView.SESSION_PENDING_USER] = pre_user.pk return _redirect_with_qs('passbook_core:auth-process', self.request.GET) diff --git a/passbook/oauth_provider/settings.py b/passbook/oauth_provider/settings.py index 8c3156d6d..7d7178119 100644 --- a/passbook/oauth_provider/settings.py +++ b/passbook/oauth_provider/settings.py @@ -20,6 +20,7 @@ OAUTH2_PROVIDER_APPLICATION_MODEL = 'passbook_oauth_provider.OAuth2Provider' OAUTH2_PROVIDER = { # this is the list of available scopes 'SCOPES': { + 'openid': 'Access OpenID Userinfo', 'openid:userinfo': 'Access OpenID Userinfo', # 'write': 'Write scope', # 'groups': 'Access to your groups', diff --git a/passbook/oauth_provider/views/openid.py b/passbook/oauth_provider/views/openid.py index 63399a4ef..6b1a4f4aa 100644 --- a/passbook/oauth_provider/views/openid.py +++ b/passbook/oauth_provider/views/openid.py @@ -8,16 +8,21 @@ from django.views.generic import View class OpenIDConfigurationView(View): """Return OpenID Configuration""" + def get_issuer_url(self, request): + """Get correct issuer URL""" + full_url = request.build_absolute_uri(reverse('passbook_oauth_provider:openid-discovery')) + return full_url.replace(".well-known/openid-configuration", "") + def get(self, request: HttpRequest): """Get Response conform to https://openid.net/specs/openid-connect-discovery-1_0.html""" return JsonResponse({ - 'issuer': request.build_absolute_uri(reverse('passbook_core:overview')), + 'issuer': self.get_issuer_url(rqeuest), 'authorization_endpoint': request.build_absolute_uri( reverse('passbook_oauth_provider:oauth2-authorize')), 'token_endpoint': request.build_absolute_uri(reverse('passbook_oauth_provider:token')), "jwks_uri": request.build_absolute_uri(reverse('passbook_oauth_provider:openid-jwks')), "scopes_supported": [ - "openid:userinfo", + "openid", ], })