idp_oidc: hide RSA algorithms if no JWKSET is defined (fixes #28249)
This commit is contained in:
parent
b4036dd183
commit
977455a304
|
@ -44,7 +44,7 @@ class Migration(migrations.Migration):
|
|||
('redirect_uris', models.TextField(verbose_name='redirect URIs', validators=[authentic2_idp_oidc.models.validate_https_url])),
|
||||
('sector_identifier_uri', models.URLField(verbose_name='sector identifier URI', blank=True)),
|
||||
('identifier_policy', models.PositiveIntegerField(default=2, verbose_name='identifier policy', choices=[(1, 'uuid'), (2, 'pairwise'), (3, 'email')])),
|
||||
('idtoken_algo', models.PositiveIntegerField(default=1, verbose_name='IDToken signature algorithm', choices=[(1, 'RSA'), (2, 'HMAC')])),
|
||||
('idtoken_algo', models.PositiveIntegerField(default=1, verbose_name='IDToken signature algorithm', choices=[(2, 'HMAC')])),
|
||||
('created', models.DateTimeField(auto_now_add=True, verbose_name='created')),
|
||||
('modified', models.DateTimeField(auto_now=True, verbose_name='modified')),
|
||||
],
|
||||
|
|
|
@ -4,7 +4,7 @@ from importlib import import_module
|
|||
from django.db import models
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.core.validators import URLValidator
|
||||
from django.core.exceptions import ValidationError
|
||||
from django.core.exceptions import ValidationError, ImproperlyConfigured
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
from django.conf import settings
|
||||
from django.utils.timezone import now
|
||||
|
@ -12,6 +12,7 @@ from django.contrib.contenttypes.fields import GenericForeignKey, GenericRelatio
|
|||
|
||||
from authentic2.managers import GenericManager
|
||||
from authentic2.models import Service
|
||||
from authentic2.utils import to_iter
|
||||
|
||||
from . import utils, managers
|
||||
|
||||
|
@ -110,9 +111,19 @@ class OIDCClient(Service):
|
|||
verbose_name=_('identifier policy'),
|
||||
default=POLICY_PAIRWISE,
|
||||
choices=IDENTIFIER_POLICIES)
|
||||
|
||||
@to_iter
|
||||
def get_idtoken_algorithms():
|
||||
try:
|
||||
utils.get_jwkset()
|
||||
except ImproperlyConfigured:
|
||||
return [(algo_id, algo_name) for algo_id, algo_name in OIDCClient.ALGO_CHOICES
|
||||
if algo_id != OIDCClient.ALGO_RSA]
|
||||
return OIDCClient.ALGO_CHOICES
|
||||
|
||||
idtoken_algo = models.PositiveIntegerField(
|
||||
default=ALGO_RSA,
|
||||
choices=ALGO_CHOICES,
|
||||
choices=get_idtoken_algorithms(),
|
||||
verbose_name=_('IDToken signature algorithm'))
|
||||
has_api_access = models.BooleanField(
|
||||
verbose_name=_('has API access'),
|
||||
|
|
Loading…
Reference in New Issue