providers/oauth2: add request_parameter_supported

This commit is contained in:
Jens Langhammer 2020-12-27 11:46:15 +01:00
parent f17d809219
commit d17b2b0d1b
2 changed files with 7 additions and 6 deletions

View file

@ -119,6 +119,7 @@ class OAuthAuthorizationParams:
grant_type, grant_type,
) )
max_age = query_dict.get("max_age")
return OAuthAuthorizationParams( return OAuthAuthorizationParams(
client_id=query_dict.get("client_id", ""), client_id=query_dict.get("client_id", ""),
redirect_uri=query_dict.get("redirect_uri", ""), redirect_uri=query_dict.get("redirect_uri", ""),
@ -130,12 +131,11 @@ class OAuthAuthorizationParams:
prompt=ALLOWED_PROMPT_PARAMS.intersection( prompt=ALLOWED_PROMPT_PARAMS.intersection(
set(query_dict.get("prompt", "").split()) set(query_dict.get("prompt", "").split())
), ),
max_age=query_dict.get("max_age"), max_age=int(max_age) if max_age else None,
code_challenge=query_dict.get("code_challenge"), code_challenge=query_dict.get("code_challenge"),
code_challenge_method=query_dict.get("code_challenge_method"), code_challenge_method=query_dict.get("code_challenge_method"),
) )
# pylint: disable=too-many-branches
def __post_init__(self): def __post_init__(self):
try: try:
self.provider: OAuth2Provider = OAuth2Provider.objects.get( self.provider: OAuth2Provider = OAuth2Provider.objects.get(
@ -190,10 +190,6 @@ class OAuthAuthorizationParams:
self.redirect_uri, "invalid_request", self.grant_type self.redirect_uri, "invalid_request", self.grant_type
) )
# max_age directly from the Querystring will be a string
if self.max_age:
self.max_age = int(self.max_age)
def create_code(self, request: HttpRequest) -> AuthorizationCode: def create_code(self, request: HttpRequest) -> AuthorizationCode:
"""Create an AuthorizationCode object for the request""" """Create an AuthorizationCode object for the request"""
code = AuthorizationCode() code = AuthorizationCode()

View file

@ -60,6 +60,11 @@ class ProviderInfoView(View):
# We only advertise the 'openid' scope, as the rest vary depending on application # We only advertise the 'openid' scope, as the rest vary depending on application
SCOPE_OPENID, SCOPE_OPENID,
], ],
# https://openid.net/specs/openid-connect-core-1_0.html#RequestObject
"request_parameter_supported": False,
# Because claims are dynamic and per-application, the only fixed Claim is "sub"
"claims_supported": ["sub"],
"claims_parameter_supported": False,
} }
# pylint: disable=unused-argument # pylint: disable=unused-argument