idp_oidc: build the sid using the client_id instead of the sector identifier (#84017)
This commit is contained in:
parent
3f038a7519
commit
1d92a060a1
|
@ -278,12 +278,15 @@ def get_issuer(request):
|
|||
|
||||
|
||||
def get_session_id(session, client):
|
||||
"""Derive an OIDC Session Id from the real session identifier, the sector
|
||||
identifier of the RP and the secret key of the Django instance"""
|
||||
"""Derive an OIDC Session Id by hashing:
|
||||
- the real session identifier,
|
||||
- the client id,
|
||||
- the secret key from Django's settings.
|
||||
"""
|
||||
session_key = force_bytes(session.session_key)
|
||||
sector_identifier = force_bytes(client.get_sector_identifier())
|
||||
client_id = force_bytes(client.client_id)
|
||||
secret_key = force_bytes(settings.SECRET_KEY)
|
||||
return hashlib.md5(session_key + sector_identifier + secret_key).hexdigest()
|
||||
return hashlib.md5(session_key + client_id + secret_key).hexdigest()
|
||||
|
||||
|
||||
def get_oidc_sessions(request):
|
||||
|
|
|
@ -111,6 +111,11 @@ OIDC_CLIENT_PARAMS = [
|
|||
'always_save_authorization': True,
|
||||
'authorization_default_duration': 105,
|
||||
},
|
||||
# test that nothings depends upon the sector_identifier_uri when UUID policy is used.
|
||||
{
|
||||
'identifier_policy': OIDCClient.POLICY_UUID,
|
||||
'redirect_uris': 'https://example.com/callbac%C3%A9\nhttps://other.com/callback/',
|
||||
},
|
||||
]
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue