entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 35 Releases Activity
5,569 Commits 190 Branches 448 Tags 29 MiB
Commit Graph

19 Commits

Author SHA1 Message Date
Benjamin Dauvergne 316248cf96 compat: add a set_cookie function (#52929) 2021-04-17 18:34:02 +02:00
Benjamin Dauvergne cf9c0b2cc0 auth_oidc: report token endpoint errors to user and in logs (#47656) 2021-04-15 21:31:28 +02:00
Valentin Deniaud 86d946adcd misc: apply isort (#52457) 2021-03-30 13:59:53 +02:00
Valentin Deniaud 4bb33d3d3c misc: apply black (#52457) 2021-03-30 11:32:55 +02:00
Benjamin Dauvergne 7b500fc32c auth_oidc: use SameSite=Lax (#51252) 2021-02-18 14:28:51 +01:00
Benjamin Dauvergne 7514632fe6 auth_oidc: enforce SameSite=Lax on the state cookie (#48347) 
SameSite=Lax is needed for the cookie to be sent by the browser during
redirection chain from the provider. We could just depend on the fact
that cookie without SameSite are Lax by default, but it's better to be
explicit.
 2021-02-08 16:00:04 +01:00
Benjamin Dauvergne 7b002f861f auth_oidc: use a signed state (#47825) 
State is no more stored in the session, it's made using signing.dumps()
instead, to be more resilient. It's associated to a cookie scoped to the
callback path and the nonce created from the state id using an HMAC
construction with settings.SECRET_KEY.
 2020-10-29 00:34:41 +01:00
Paul Marillonnet 8804de70b7 dj2:2: fix 'reverse' import (#41238) 2020-04-27 14:34:24 +02:00
Paul Marillonnet 4cc45665b7 oidc authn: verify id token signature (#31862) 2019-10-17 16:13:11 +02:00
Paul Marillonnet e274ba1a16 auth_oidc: properly redirect to authz endpoint when logging in (#35294) 2019-08-07 16:22:33 +02:00
Benjamin Dauvergne 27702e72c7 add request as first argument to all backends (#33992) 2019-07-02 12:49:28 +02:00
Benjamin Dauvergne 9fbbf0519a spring cleaning (#32934) 
* reorganize views and forms
* add copyright headers to all .py files
* fix all style errors reported by flake8
 2019-05-14 16:19:25 +02:00
Benjamin Dauvergne 05d68af54e auth_oidc: compare token_type case insensitively (fixes #32281) 2019-04-15 11:50:32 +02:00
Benjamin Dauvergne b4110b3b3c auth_oidc: verify and store id_token nonce (fixes #29009) 2018-12-18 17:15:51 +01:00
Benjamin Dauvergne 68f87021c2 auth_oidc: add support for "claims" parameter (fixes #26565) 
It allows A2 to signal to OIDC OP that some claims are required,
see :

  https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
 2018-10-22 12:11:48 +02:00
Benjamin Dauvergne 0d54ed1d81 set content_type=text/plain on all HttpResponse returning simple text (fixes #19976) 
To prevent XSS attacks.
 2017-11-08 15:03:52 +01:00
Benjamin Dauvergne 49d40d9f4d auth_oidc: call oidc_login() instead of a2.utils.login() (fixes #15648) 2017-03-27 19:48:06 +02:00
Benjamin Dauvergne 54d76ab17c authentic2_auth_oidc: forward logout to OIDC providers (fixes #14117) 2016-11-29 18:21:02 +01:00
Benjamin Dauvergne 4efb2b534c add OpenID Connect authentication plugin (fixes #13714) 
It only supports the authorization code flow, and configuration can only be done
through Django admin for now.
 2016-11-03 16:31:02 +01:00