0002-idp_oidc-hide-RSA-algorithms-if-no-JWKSET-is-defined.patch
src/authentic2_idp_oidc/migrations/0001_initial.py | ||
---|---|---|
44 | 44 |
('redirect_uris', models.TextField(verbose_name='redirect URIs', validators=[authentic2_idp_oidc.models.validate_https_url])), |
45 | 45 |
('sector_identifier_uri', models.URLField(verbose_name='sector identifier URI', blank=True)), |
46 | 46 |
('identifier_policy', models.PositiveIntegerField(default=2, verbose_name='identifier policy', choices=[(1, 'uuid'), (2, 'pairwise'), (3, 'email')])), |
47 |
('idtoken_algo', models.PositiveIntegerField(default=1, verbose_name='IDToken signature algorithm', choices=[(1, 'RSA'), (2, 'HMAC')])),
|
|
47 |
('idtoken_algo', models.PositiveIntegerField(default=1, verbose_name='IDToken signature algorithm', choices=[(2, 'HMAC')])), |
|
48 | 48 |
('created', models.DateTimeField(auto_now_add=True, verbose_name='created')), |
49 | 49 |
('modified', models.DateTimeField(auto_now=True, verbose_name='modified')), |
50 | 50 |
], |
src/authentic2_idp_oidc/models.py | ||
---|---|---|
4 | 4 |
from django.db import models |
5 | 5 |
from django.contrib.contenttypes.models import ContentType |
6 | 6 |
from django.core.validators import URLValidator |
7 |
from django.core.exceptions import ValidationError |
|
7 |
from django.core.exceptions import ValidationError, ImproperlyConfigured
|
|
8 | 8 |
from django.utils.translation import ugettext_lazy as _ |
9 | 9 |
from django.conf import settings |
10 | 10 |
from django.utils.timezone import now |
... | ... | |
12 | 12 | |
13 | 13 |
from authentic2.managers import GenericManager |
14 | 14 |
from authentic2.models import Service |
15 |
from authentic2.utils import to_iter |
|
15 | 16 | |
16 | 17 |
from . import utils, managers |
17 | 18 | |
... | ... | |
110 | 111 |
verbose_name=_('identifier policy'), |
111 | 112 |
default=POLICY_PAIRWISE, |
112 | 113 |
choices=IDENTIFIER_POLICIES) |
114 | ||
115 |
@to_iter |
|
116 |
def get_idtoken_algorithms(): |
|
117 |
try: |
|
118 |
utils.get_jwkset() |
|
119 |
except ImproperlyConfigured: |
|
120 |
return [(algo_id, algo_name) for algo_id, algo_name in OIDCClient.ALGO_CHOICES |
|
121 |
if algo_id != OIDCClient.ALGO_RSA] |
|
122 |
return OIDCClient.ALGO_CHOICES |
|
123 | ||
113 | 124 |
idtoken_algo = models.PositiveIntegerField( |
114 | 125 |
default=ALGO_RSA, |
115 |
choices=ALGO_CHOICES,
|
|
126 |
choices=get_idtoken_algorithms(),
|
|
116 | 127 |
verbose_name=_('IDToken signature algorithm')) |
117 | 128 |
has_api_access = models.BooleanField( |
118 | 129 |
verbose_name=_('has API access'), |
119 |
- |