From 98c844f3d64b9c78c68830191f04e0647466de7d Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@haufe-lexware.com>
Date: Tue, 25 Jun 2019 17:57:25 +0200
Subject: [PATCH] improve OIDC compatibility

---
 passbook/core/views/authentication.py   | 2 +-
 passbook/oauth_provider/settings.py     | 1 +
 passbook/oauth_provider/views/openid.py | 9 +++++++--
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/passbook/core/views/authentication.py b/passbook/core/views/authentication.py
index 32373d701..3879dd7e1 100644
--- a/passbook/core/views/authentication.py
+++ b/passbook/core/views/authentication.py
@@ -71,7 +71,7 @@ class LoginView(UserPassesTestMixin, FormView):
         if not pre_user:
             # No user found
             return self.invalid_login(self.request)
-        self.request.session.flush()
+        # self.request.session.flush()
         self.request.session[AuthenticationView.SESSION_PENDING_USER] = pre_user.pk
         return _redirect_with_qs('passbook_core:auth-process', self.request.GET)
 
diff --git a/passbook/oauth_provider/settings.py b/passbook/oauth_provider/settings.py
index 8c3156d6d..7d7178119 100644
--- a/passbook/oauth_provider/settings.py
+++ b/passbook/oauth_provider/settings.py
@@ -20,6 +20,7 @@ OAUTH2_PROVIDER_APPLICATION_MODEL = 'passbook_oauth_provider.OAuth2Provider'
 OAUTH2_PROVIDER = {
     # this is the list of available scopes
     'SCOPES': {
+        'openid': 'Access OpenID Userinfo',
         'openid:userinfo': 'Access OpenID Userinfo',
         # 'write': 'Write scope',
         # 'groups': 'Access to your groups',
diff --git a/passbook/oauth_provider/views/openid.py b/passbook/oauth_provider/views/openid.py
index 63399a4ef..6b1a4f4aa 100644
--- a/passbook/oauth_provider/views/openid.py
+++ b/passbook/oauth_provider/views/openid.py
@@ -8,16 +8,21 @@ from django.views.generic import View
 class OpenIDConfigurationView(View):
     """Return OpenID Configuration"""
 
+    def get_issuer_url(self, request):
+        """Get correct issuer URL"""
+        full_url = request.build_absolute_uri(reverse('passbook_oauth_provider:openid-discovery'))
+        return full_url.replace(".well-known/openid-configuration", "")
+
     def get(self, request: HttpRequest):
         """Get Response conform to https://openid.net/specs/openid-connect-discovery-1_0.html"""
         return JsonResponse({
-            'issuer': request.build_absolute_uri(reverse('passbook_core:overview')),
+            'issuer': self.get_issuer_url(rqeuest),
             'authorization_endpoint': request.build_absolute_uri(
                 reverse('passbook_oauth_provider:oauth2-authorize')),
             'token_endpoint': request.build_absolute_uri(reverse('passbook_oauth_provider:token')),
             "jwks_uri": request.build_absolute_uri(reverse('passbook_oauth_provider:openid-jwks')),
             "scopes_supported": [
-                "openid:userinfo",
+                "openid",
             ],
         })