0009-idp_oidc-fix-order-of-ALGO_CHOICES-in-migrations-425.patch
src/authentic2_idp_oidc/migrations/0001_initial.py | ||
---|---|---|
44 | 44 |
('redirect_uris', models.TextField(verbose_name='redirect URIs', validators=[authentic2_idp_oidc.models.validate_https_url])), |
45 | 45 |
('sector_identifier_uri', models.URLField(verbose_name='sector identifier URI', blank=True)), |
46 | 46 |
('identifier_policy', models.PositiveIntegerField(default=2, verbose_name='identifier policy', choices=[(1, 'uuid'), (2, 'pairwise'), (3, 'email')])), |
47 |
('idtoken_algo', models.PositiveIntegerField(default=2, verbose_name='IDToken signature algorithm', choices=[(2, 'HMAC')])), |
|
47 |
('idtoken_algo', models.PositiveIntegerField(default=2, verbose_name='IDToken signature algorithm', choices=[(2, 'HMAC'), (1, 'RSA'), (3, 'EC')])),
|
|
48 | 48 |
('created', models.DateTimeField(auto_now_add=True, verbose_name='created')), |
49 | 49 |
('modified', models.DateTimeField(auto_now=True, verbose_name='modified')), |
50 | 50 |
], |
src/authentic2_idp_oidc/models.py | ||
---|---|---|
143 | 143 |
help_text=_('Permitted or default scopes (for credentials grant)'), |
144 | 144 |
default='', |
145 | 145 |
blank=True) |
146 | ||
147 |
@to_iter |
|
148 |
def get_idtoken_algorithms(): |
|
149 |
try: |
|
150 |
utils.get_jwkset() |
|
151 |
except ImproperlyConfigured: |
|
152 |
return [(algo_id, algo_name) for algo_id, algo_name in OIDCClient.ALGO_CHOICES |
|
153 |
if algo_id not in (OIDCClient.ALGO_RSA, OIDCClient.ALGO_EC)] |
|
154 |
return OIDCClient.ALGO_CHOICES |
|
155 | ||
156 | 146 |
idtoken_algo = models.PositiveIntegerField( |
157 | 147 |
default=ALGO_HMAC, |
158 |
choices=get_idtoken_algorithms(),
|
|
148 |
choices=ALGO_CHOICES,
|
|
159 | 149 |
verbose_name=_('IDToken signature algorithm')) |
160 | 150 |
has_api_access = models.BooleanField( |
161 | 151 |
verbose_name=_('has API access'), |
... | ... | |
183 | 173 |
def clean(self): |
184 | 174 |
self.redirect_uris = strip_words(self.redirect_uris) |
185 | 175 |
self.post_logout_redirect_uris = strip_words(self.post_logout_redirect_uris) |
176 |
if self.idtoken_algo in (OIDCClient.ALGO_RSA, OIDCClient.ALGO_EC): |
|
177 |
try: |
|
178 |
utils.get_jwkset() |
|
179 |
except ImproperlyConfigured: |
|
180 |
raise ValidationError( |
|
181 |
_('You cannot use algorithm %(algorithm)s, setting A2_IDP_OIDC_JWKSET is not defined') % |
|
182 |
{'algorithm': self.get_idtoken_algo_display()}) |
|
186 | 183 | |
187 | 184 |
def get_wanted_attributes(self): |
188 | 185 |
return self.oidcclaim_set.filter(name__isnull=False).values_list('value', flat=True) |
189 |
- |