Benjamin Dauvergne
316248cf96
compat: add a set_cookie function ( #52929 )
2021-04-17 18:34:02 +02:00
Benjamin Dauvergne
cf9c0b2cc0
auth_oidc: report token endpoint errors to user and in logs ( #47656 )
2021-04-15 21:31:28 +02:00
Valentin Deniaud
86d946adcd
misc: apply isort ( #52457 )
2021-03-30 13:59:53 +02:00
Valentin Deniaud
4bb33d3d3c
misc: apply black ( #52457 )
2021-03-30 11:32:55 +02:00
Benjamin Dauvergne
7b500fc32c
auth_oidc: use SameSite=Lax ( #51252 )
2021-02-18 14:28:51 +01:00
Benjamin Dauvergne
7514632fe6
auth_oidc: enforce SameSite=Lax on the state cookie ( #48347 )
...
SameSite=Lax is needed for the cookie to be sent by the browser during
redirection chain from the provider. We could just depend on the fact
that cookie without SameSite are Lax by default, but it's better to be
explicit.
2021-02-08 16:00:04 +01:00
Benjamin Dauvergne
7b002f861f
auth_oidc: use a signed state ( #47825 )
...
State is no more stored in the session, it's made using signing.dumps()
instead, to be more resilient. It's associated to a cookie scoped to the
callback path and the nonce created from the state id using an HMAC
construction with settings.SECRET_KEY.
2020-10-29 00:34:41 +01:00
Paul Marillonnet
8804de70b7
dj2:2: fix 'reverse' import ( #41238 )
2020-04-27 14:34:24 +02:00
Paul Marillonnet
4cc45665b7
oidc authn: verify id token signature ( #31862 )
2019-10-17 16:13:11 +02:00
Paul Marillonnet
e274ba1a16
auth_oidc: properly redirect to authz endpoint when logging in ( #35294 )
2019-08-07 16:22:33 +02:00
Benjamin Dauvergne
27702e72c7
add request as first argument to all backends ( #33992 )
2019-07-02 12:49:28 +02:00
Benjamin Dauvergne
9fbbf0519a
spring cleaning ( #32934 )
...
* reorganize views and forms
* add copyright headers to all .py files
* fix all style errors reported by flake8
2019-05-14 16:19:25 +02:00
Benjamin Dauvergne
05d68af54e
auth_oidc: compare token_type case insensitively ( fixes #32281 )
2019-04-15 11:50:32 +02:00
Benjamin Dauvergne
b4110b3b3c
auth_oidc: verify and store id_token nonce ( fixes #29009 )
2018-12-18 17:15:51 +01:00
Benjamin Dauvergne
68f87021c2
auth_oidc: add support for "claims" parameter ( fixes #26565 )
...
It allows A2 to signal to OIDC OP that some claims are required,
see :
https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
2018-10-22 12:11:48 +02:00
Benjamin Dauvergne
0d54ed1d81
set content_type=text/plain on all HttpResponse returning simple text ( fixes #19976 )
...
To prevent XSS attacks.
2017-11-08 15:03:52 +01:00
Benjamin Dauvergne
49d40d9f4d
auth_oidc: call oidc_login() instead of a2.utils.login() ( fixes #15648 )
2017-03-27 19:48:06 +02:00
Benjamin Dauvergne
54d76ab17c
authentic2_auth_oidc: forward logout to OIDC providers ( fixes #14117 )
2016-11-29 18:21:02 +01:00
Benjamin Dauvergne
4efb2b534c
add OpenID Connect authentication plugin ( fixes #13714 )
...
It only supports the authorization code flow, and configuration can only be done
through Django admin for now.
2016-11-03 16:31:02 +01:00