59 |
59 |
params['error_description'] = error_description
|
60 |
60 |
if error_uri:
|
61 |
61 |
params['error_uri'] = error_uri
|
62 |
|
if state:
|
|
62 |
if state is not None:
|
63 |
63 |
params['state'] = state
|
64 |
64 |
if fragment:
|
65 |
65 |
return redirect(request, redirect_uri + '#%s' % urlencode(params), resolve=False)
|
... | ... | |
83 |
83 |
return HttpResponseBadRequest('invalid request: unknown client_id')
|
84 |
84 |
fragment = client.authorization_flow == client.FLOW_IMPLICIT
|
85 |
85 |
|
86 |
|
state = request.GET.get('state', '')
|
|
86 |
state = request.GET.get('state')
|
87 |
87 |
|
88 |
88 |
try:
|
89 |
89 |
response_type = request.GET['response_type']
|
... | ... | |
95 |
95 |
fragment=fragment)
|
96 |
96 |
|
97 |
97 |
prompt = set(filter(None, request.GET.get('prompt', '').split()))
|
98 |
|
nonce = request.GET.get('nonce', '')
|
|
98 |
nonce = request.GET.get('nonce')
|
99 |
99 |
scopes = utils.scope_set(scope)
|
100 |
100 |
|
101 |
101 |
max_age = request.GET.get('max_age')
|
... | ... | |
158 |
158 |
error_description='login is required but prompt is none',
|
159 |
159 |
state=state,
|
160 |
160 |
fragment=fragment)
|
161 |
|
return login_require(request, params={'nonce': nonce})
|
|
161 |
params = {}
|
|
162 |
if nonce is not None:
|
|
163 |
params['nonce'] = nonce
|
|
164 |
return login_require(request, params=params)
|
162 |
165 |
|
163 |
166 |
last_auth = last_authentication_event(request.session)
|
164 |
167 |
if max_age is not None and time.time() - last_auth['when'] >= max_age:
|
... | ... | |
167 |
170 |
error_description='login is required but prompt is none',
|
168 |
171 |
state=state,
|
169 |
172 |
fragment=fragment)
|
170 |
|
return login_require(request, params={'nonce': nonce})
|
|
173 |
params = {}
|
|
174 |
if nonce is not None:
|
|
175 |
params['nonce'] = nonce
|
|
176 |
return login_require(request, params=params)
|
171 |
177 |
|
172 |
178 |
qs = models.OIDCAuthorization.objects.filter(client=client, user=request.user)
|
173 |
179 |
if 'consent' in prompt:
|
... | ... | |
226 |
232 |
params = {
|
227 |
233 |
'code': unicode(code.uuid),
|
228 |
234 |
}
|
229 |
|
if state:
|
|
235 |
if state is not None:
|
230 |
236 |
params['state'] = state
|
231 |
237 |
return redirect(request, redirect_uri, params=params, resolve=False)
|
232 |
238 |
else:
|
... | ... | |
241 |
247 |
session_key=request.session.session_key,
|
242 |
248 |
expired=start + datetime.timedelta(seconds=expires_in))
|
243 |
249 |
acr = 0
|
244 |
|
if nonce and last_auth.get('nonce') == nonce:
|
|
250 |
if nonce is not None and last_auth.get('nonce') == nonce:
|
245 |
251 |
acr = 1
|
246 |
252 |
id_token = {
|
247 |
253 |
'iss': request.build_absolute_uri('/'),
|
... | ... | |
253 |
259 |
'auth_time': last_auth['when'],
|
254 |
260 |
'acr': acr,
|
255 |
261 |
}
|
256 |
|
if nonce:
|
|
262 |
if nonce is not None:
|
257 |
263 |
id_token['nonce'] = nonce
|
258 |
264 |
params = {
|
259 |
265 |
'id_token': utils.make_idtoken(client, id_token),
|
260 |
266 |
}
|
261 |
|
if state:
|
|
267 |
if state is not None:
|
262 |
268 |
params['state'] = state
|
263 |
269 |
if need_access_token:
|
264 |
270 |
params.update({
|
... | ... | |
343 |
349 |
expired=oidc_code.created + datetime.timedelta(seconds=expires_in))
|
344 |
350 |
start = now()
|
345 |
351 |
acr = 0
|
346 |
|
if (oidc_code.nonce and last_authentication_event(oidc_code.session).get('nonce') ==
|
|
352 |
if (oidc_code.nonce is not None and last_authentication_event(oidc_code.session).get('nonce') ==
|
347 |
353 |
oidc_code.nonce):
|
348 |
354 |
acr = 1
|
349 |
355 |
id_token = {
|
... | ... | |
356 |
362 |
'auth_time': timestamp_from_datetime(oidc_code.auth_time),
|
357 |
363 |
'acr': acr,
|
358 |
364 |
}
|
359 |
|
if oidc_code.nonce:
|
|
365 |
if oidc_code.nonce is not None:
|
360 |
366 |
id_token['nonce'] = oidc_code.nonce
|
361 |
367 |
response = HttpResponse(json.dumps({
|
362 |
368 |
'access_token': unicode(access_token.uuid),
|
363 |
|
-
|