improve OIDC compatibility

This commit is contained in:
Jens Langhammer 2019-06-25 17:57:25 +02:00
parent 2645bd0132
commit 98c844f3d6
3 changed files with 9 additions and 3 deletions

View file

@ -71,7 +71,7 @@ class LoginView(UserPassesTestMixin, FormView):
if not pre_user: if not pre_user:
# No user found # No user found
return self.invalid_login(self.request) return self.invalid_login(self.request)
self.request.session.flush() # self.request.session.flush()
self.request.session[AuthenticationView.SESSION_PENDING_USER] = pre_user.pk self.request.session[AuthenticationView.SESSION_PENDING_USER] = pre_user.pk
return _redirect_with_qs('passbook_core:auth-process', self.request.GET) return _redirect_with_qs('passbook_core:auth-process', self.request.GET)

View file

@ -20,6 +20,7 @@ OAUTH2_PROVIDER_APPLICATION_MODEL = 'passbook_oauth_provider.OAuth2Provider'
OAUTH2_PROVIDER = { OAUTH2_PROVIDER = {
# this is the list of available scopes # this is the list of available scopes
'SCOPES': { 'SCOPES': {
'openid': 'Access OpenID Userinfo',
'openid:userinfo': 'Access OpenID Userinfo', 'openid:userinfo': 'Access OpenID Userinfo',
# 'write': 'Write scope', # 'write': 'Write scope',
# 'groups': 'Access to your groups', # 'groups': 'Access to your groups',

View file

@ -8,16 +8,21 @@ from django.views.generic import View
class OpenIDConfigurationView(View): class OpenIDConfigurationView(View):
"""Return OpenID Configuration""" """Return OpenID Configuration"""
def get_issuer_url(self, request):
"""Get correct issuer URL"""
full_url = request.build_absolute_uri(reverse('passbook_oauth_provider:openid-discovery'))
return full_url.replace(".well-known/openid-configuration", "")
def get(self, request: HttpRequest): def get(self, request: HttpRequest):
"""Get Response conform to https://openid.net/specs/openid-connect-discovery-1_0.html""" """Get Response conform to https://openid.net/specs/openid-connect-discovery-1_0.html"""
return JsonResponse({ return JsonResponse({
'issuer': request.build_absolute_uri(reverse('passbook_core:overview')), 'issuer': self.get_issuer_url(rqeuest),
'authorization_endpoint': request.build_absolute_uri( 'authorization_endpoint': request.build_absolute_uri(
reverse('passbook_oauth_provider:oauth2-authorize')), reverse('passbook_oauth_provider:oauth2-authorize')),
'token_endpoint': request.build_absolute_uri(reverse('passbook_oauth_provider:token')), 'token_endpoint': request.build_absolute_uri(reverse('passbook_oauth_provider:token')),
"jwks_uri": request.build_absolute_uri(reverse('passbook_oauth_provider:openid-jwks')), "jwks_uri": request.build_absolute_uri(reverse('passbook_oauth_provider:openid-jwks')),
"scopes_supported": [ "scopes_supported": [
"openid:userinfo", "openid",
], ],
}) })