A couple of spelling errors in text.
Allow for 'none' algorithm for signing IDToken.
This commit is contained in:
parent
7bf839168b
commit
ad5eb40dc6
14
README.rst
14
README.rst
|
@ -1,14 +1,6 @@
|
|||
A complete OpenID Connect implementation
|
||||
========================================
|
||||
|
||||
This will eventually be a complete implementation of OpenID Connect.
|
||||
And as a side effect a fairly complete implementation of OAuth2.0 .
|
||||
|
||||
But while the standards are in the flux they are, the best I can do is
|
||||
to track them as close as possible.
|
||||
|
||||
Expect a certain time-laps between changes of the documents and the
|
||||
corresponding change of the code. I will strive to keep the time lap as
|
||||
short as possible.
|
||||
|
||||
|
||||
This a fairly complete implementation of OpenID Connect as
|
||||
specified in http://openid.net/specs/openid-connect-core-1_0.html.
|
||||
And as a side effect a complete implementation of OAuth2.0 too.
|
||||
|
|
|
@ -133,7 +133,7 @@ if __name__ == "__main__":
|
|||
parser.add_argument('-d', dest='delete', action='store_true',
|
||||
help="delete the entity with the given client_id")
|
||||
parser.add_argument('-c', dest='create', action='store_true',
|
||||
help=("create a new client, returns the stored" ""
|
||||
help=("create a new client, returns the stored "
|
||||
"information"))
|
||||
parser.add_argument('-s', dest='show', action='store_true',
|
||||
help=("show information connected to a specific"
|
||||
|
|
|
@ -611,7 +611,7 @@ class IdToken(OpenIDSchema):
|
|||
assert self["azr"] in self["aud"]
|
||||
except AssertionError:
|
||||
raise VerificationError(
|
||||
"Missmatch between azr and aud claims", self)
|
||||
"Mismatch between azr and aud claims", self)
|
||||
|
||||
if "azr" in self:
|
||||
if "client_id" in kwargs:
|
||||
|
|
|
@ -267,7 +267,11 @@ class Provider(AProvider):
|
|||
if alg == "":
|
||||
alg = self.jwx_def["sign_alg"]["id_token"]
|
||||
|
||||
logger.debug("Signing alg: %s [%s]" % (alg, alg2keytype(alg)))
|
||||
if alg:
|
||||
logger.debug("Signing alg: %s [%s]" % (alg, alg2keytype(alg)))
|
||||
else:
|
||||
alg = "none"
|
||||
|
||||
_idt = self.server.make_id_token(session, loa, self.baseurl, alg, code,
|
||||
access_token, user_info, auth_time)
|
||||
|
||||
|
@ -754,7 +758,10 @@ class Provider(AProvider):
|
|||
try:
|
||||
alg = client_info["id_token_signed_response_alg"]
|
||||
except KeyError:
|
||||
alg = self.jwx_def["sign_alg"]["id_token"]
|
||||
try:
|
||||
alg = self.jwx_def["sign_alg"]["id_token"]
|
||||
except KeyError:
|
||||
alg = "none"
|
||||
|
||||
id_token = self.id_token_as_signed_jwt(sinfo, alg=alg,
|
||||
code=code,
|
||||
|
@ -1123,12 +1130,18 @@ class Provider(AProvider):
|
|||
|
||||
if "redirect_uris" in request:
|
||||
ruri = []
|
||||
client_type = request["application_type"]
|
||||
try:
|
||||
client_type = request["application_type"]
|
||||
except KeyError: # default
|
||||
client_type = "web"
|
||||
|
||||
if client_type == "web":
|
||||
if request["response_types"] == ["code"]:
|
||||
must_https = False
|
||||
else: # one has to be implicit or hybrid
|
||||
try:
|
||||
if request["response_types"] == ["code"]:
|
||||
must_https = False
|
||||
else: # one has to be implicit or hybrid
|
||||
must_https = True
|
||||
except KeyError:
|
||||
must_https = True
|
||||
else:
|
||||
must_https = False
|
||||
|
|
|
@ -94,7 +94,18 @@ class UserAuthnMethod(CookieDealer):
|
|||
|
||||
return {"uid": uid}
|
||||
|
||||
def generate_return_url(self, return_to, uid):
|
||||
def generate_return_url(self, return_to, uid, path=""):
|
||||
"""
|
||||
:param return_to: If it starts with '/' it's an absolute path otherwise
|
||||
a relative path.
|
||||
:param uid:
|
||||
:param path: The verify path
|
||||
"""
|
||||
if not return_to.startswith("/"):
|
||||
p = path.split("/")
|
||||
p[-1] = return_to
|
||||
return_to = "/".join(p)
|
||||
|
||||
return create_return_url(return_to, uid, **{self.query_param: "true"})
|
||||
|
||||
def verify(self, **kwargs):
|
||||
|
@ -289,7 +300,8 @@ class UsernamePasswordMako(UserAuthnMethod):
|
|||
try:
|
||||
return_to = self.generate_return_url(kwargs["return_to"], _qp)
|
||||
except KeyError:
|
||||
return_to = self.generate_return_url(self.return_to, _qp)
|
||||
return_to = self.generate_return_url(self.return_to, _qp,
|
||||
kwargs["path"])
|
||||
return Redirect(return_to, headers=[cookie]), True
|
||||
|
||||
def done(self, areq):
|
||||
|
|
Reference in New Issue