A couple of spelling errors in text.

Allow for 'none' algorithm for signing IDToken.
This commit is contained in:
Roland Hedberg 2014-12-09 10:39:37 +01:00
parent 7bf839168b
commit ad5eb40dc6
5 changed files with 38 additions and 21 deletions

View File

@ -1,14 +1,6 @@
A complete OpenID Connect implementation A complete OpenID Connect implementation
======================================== ========================================
This will eventually be a complete implementation of OpenID Connect. This a fairly complete implementation of OpenID Connect as
And as a side effect a fairly complete implementation of OAuth2.0 . specified in http://openid.net/specs/openid-connect-core-1_0.html.
And as a side effect a complete implementation of OAuth2.0 too.
But while the standards are in the flux they are, the best I can do is
to track them as close as possible.
Expect a certain time-laps between changes of the documents and the
corresponding change of the code. I will strive to keep the time lap as
short as possible.

View File

@ -133,7 +133,7 @@ if __name__ == "__main__":
parser.add_argument('-d', dest='delete', action='store_true', parser.add_argument('-d', dest='delete', action='store_true',
help="delete the entity with the given client_id") help="delete the entity with the given client_id")
parser.add_argument('-c', dest='create', action='store_true', parser.add_argument('-c', dest='create', action='store_true',
help=("create a new client, returns the stored" "" help=("create a new client, returns the stored "
"information")) "information"))
parser.add_argument('-s', dest='show', action='store_true', parser.add_argument('-s', dest='show', action='store_true',
help=("show information connected to a specific" help=("show information connected to a specific"

View File

@ -611,7 +611,7 @@ class IdToken(OpenIDSchema):
assert self["azr"] in self["aud"] assert self["azr"] in self["aud"]
except AssertionError: except AssertionError:
raise VerificationError( raise VerificationError(
"Missmatch between azr and aud claims", self) "Mismatch between azr and aud claims", self)
if "azr" in self: if "azr" in self:
if "client_id" in kwargs: if "client_id" in kwargs:

View File

@ -267,7 +267,11 @@ class Provider(AProvider):
if alg == "": if alg == "":
alg = self.jwx_def["sign_alg"]["id_token"] alg = self.jwx_def["sign_alg"]["id_token"]
logger.debug("Signing alg: %s [%s]" % (alg, alg2keytype(alg))) if alg:
logger.debug("Signing alg: %s [%s]" % (alg, alg2keytype(alg)))
else:
alg = "none"
_idt = self.server.make_id_token(session, loa, self.baseurl, alg, code, _idt = self.server.make_id_token(session, loa, self.baseurl, alg, code,
access_token, user_info, auth_time) access_token, user_info, auth_time)
@ -754,7 +758,10 @@ class Provider(AProvider):
try: try:
alg = client_info["id_token_signed_response_alg"] alg = client_info["id_token_signed_response_alg"]
except KeyError: except KeyError:
alg = self.jwx_def["sign_alg"]["id_token"] try:
alg = self.jwx_def["sign_alg"]["id_token"]
except KeyError:
alg = "none"
id_token = self.id_token_as_signed_jwt(sinfo, alg=alg, id_token = self.id_token_as_signed_jwt(sinfo, alg=alg,
code=code, code=code,
@ -1123,12 +1130,18 @@ class Provider(AProvider):
if "redirect_uris" in request: if "redirect_uris" in request:
ruri = [] ruri = []
client_type = request["application_type"] try:
client_type = request["application_type"]
except KeyError: # default
client_type = "web"
if client_type == "web": if client_type == "web":
if request["response_types"] == ["code"]: try:
must_https = False if request["response_types"] == ["code"]:
else: # one has to be implicit or hybrid must_https = False
else: # one has to be implicit or hybrid
must_https = True
except KeyError:
must_https = True must_https = True
else: else:
must_https = False must_https = False

View File

@ -94,7 +94,18 @@ class UserAuthnMethod(CookieDealer):
return {"uid": uid} return {"uid": uid}
def generate_return_url(self, return_to, uid): def generate_return_url(self, return_to, uid, path=""):
"""
:param return_to: If it starts with '/' it's an absolute path otherwise
a relative path.
:param uid:
:param path: The verify path
"""
if not return_to.startswith("/"):
p = path.split("/")
p[-1] = return_to
return_to = "/".join(p)
return create_return_url(return_to, uid, **{self.query_param: "true"}) return create_return_url(return_to, uid, **{self.query_param: "true"})
def verify(self, **kwargs): def verify(self, **kwargs):
@ -289,7 +300,8 @@ class UsernamePasswordMako(UserAuthnMethod):
try: try:
return_to = self.generate_return_url(kwargs["return_to"], _qp) return_to = self.generate_return_url(kwargs["return_to"], _qp)
except KeyError: except KeyError:
return_to = self.generate_return_url(self.return_to, _qp) return_to = self.generate_return_url(self.return_to, _qp,
kwargs["path"])
return Redirect(return_to, headers=[cookie]), True return Redirect(return_to, headers=[cookie]), True
def done(self, areq): def done(self, areq):