entrouvert
/
pyoidc-ozwillo
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

A couple of spelling errors in text. 

Allow for 'none' algorithm for signing IDToken.
This commit is contained in:
Roland Hedberg 2014-12-09 10:39:37 +01:00
parent 7bf839168b
commit ad5eb40dc6
5 changed files with 38 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.rst
View File

@ -1,14 +1,6 @@
A complete OpenID Connect implementation
========================================
This will eventually be a complete implementation of OpenID Connect.
And as a side effect a fairly complete implementation of OAuth2.0 .
But while the standards are in the flux they are, the best I can do is
to track them as close as possible.
Expect a certain time-laps between changes of the documents and the
corresponding change of the code. I will strive to keep the time lap as
short as possible.
This a fairly complete implementation of OpenID Connect as
specified in http://openid.net/specs/openid-connect-core-1_0.html.
And as a side effect a complete implementation of OAuth2.0 too.

2
script/client_management.py
View File

@ -133,7 +133,7 @@ if __name__ == "__main__":
parser.add_argument('-d', dest='delete', action='store_true',
help="delete the entity with the given client_id")
parser.add_argument('-c', dest='create', action='store_true',
help=("create a new client, returns the stored" ""
help=("create a new client, returns the stored "
"information"))
parser.add_argument('-s', dest='show', action='store_true',
help=("show information connected to a specific"

2
src/oic/oic/message.py
View File

@ -611,7 +611,7 @@ class IdToken(OpenIDSchema):
assert self["azr"] in self["aud"]
except AssertionError:
raise VerificationError(
"Missmatch between azr and aud claims", self)
"Mismatch between azr and aud claims", self)
if "azr" in self:
if "client_id" in kwargs:

25
src/oic/oic/provider.py
View File

@ -267,7 +267,11 @@ class Provider(AProvider):
if alg == "":
alg = self.jwx_def["sign_alg"]["id_token"]
logger.debug("Signing alg: %s [%s]" % (alg, alg2keytype(alg)))
if alg:
logger.debug("Signing alg: %s [%s]" % (alg, alg2keytype(alg)))
else:
alg = "none"
_idt = self.server.make_id_token(session, loa, self.baseurl, alg, code,
access_token, user_info, auth_time)
@ -754,7 +758,10 @@ class Provider(AProvider):
try:
alg = client_info["id_token_signed_response_alg"]
except KeyError:
alg = self.jwx_def["sign_alg"]["id_token"]
try:
alg = self.jwx_def["sign_alg"]["id_token"]
except KeyError:
alg = "none"
id_token = self.id_token_as_signed_jwt(sinfo, alg=alg,
code=code,
@ -1123,12 +1130,18 @@ class Provider(AProvider):
if "redirect_uris" in request:
ruri = []
client_type = request["application_type"]
try:
client_type = request["application_type"]
except KeyError: # default
client_type = "web"
if client_type == "web":
if request["response_types"] == ["code"]:
must_https = False
else: # one has to be implicit or hybrid
try:
if request["response_types"] == ["code"]:
must_https = False
else: # one has to be implicit or hybrid
must_https = True
except KeyError:
must_https = True
else:
must_https = False

16
src/oic/utils/authn/user.py
View File

@ -94,7 +94,18 @@ class UserAuthnMethod(CookieDealer):
return {"uid": uid}
def generate_return_url(self, return_to, uid):
def generate_return_url(self, return_to, uid, path=""):
"""
:param return_to: If it starts with '/' it's an absolute path otherwise
a relative path.
:param uid:
:param path: The verify path
"""
if not return_to.startswith("/"):
p = path.split("/")
p[-1] = return_to
return_to = "/".join(p)
return create_return_url(return_to, uid, **{self.query_param: "true"})
def verify(self, **kwargs):
@ -289,7 +300,8 @@ class UsernamePasswordMako(UserAuthnMethod):
try:
return_to = self.generate_return_url(kwargs["return_to"], _qp)
except KeyError:
return_to = self.generate_return_url(self.return_to, _qp)
return_to = self.generate_return_url(self.return_to, _qp,
kwargs["path"])
return Redirect(return_to, headers=[cookie]), True
def done(self, areq):