Project

General

Profile

« Previous | Next » 

Revision 34457e9c

Added by Serghei Mihai almost 9 years ago

sso attributes stored in session.

View differences:

ckanext/ozwillo_pyoidc/oidc.py
27 27
            self.behaviour = behaviour
28 28

  
29 29
    def create_authn_request(self, acr_value=None):
30
        self.state = rndstr()
30
        state = rndstr()
31 31
        nonce = rndstr()
32 32
        request_args = {
33 33
            "response_type": self.behaviour["response_type"],
34 34
            "scope": self.behaviour["scope"],
35
            "state": self.state,
35
            "state": state,
36 36
            "nonce": nonce,
37 37
            "redirect_uri": self.registration_response["redirect_uris"][0]
38 38
        }
......
51 51
        logger.info("URL: %s" % url)
52 52
        logger.debug("ht_args: %s" % ht_args)
53 53

  
54
        return str(url), ht_args
54
        return str(url), ht_args, state
55 55

  
56
    def callback(self, response):
56
    def callback(self, state, response):
57 57
        """
58 58
        This is the method that should be called when an AuthN response has been
59 59
        received from the OP.
60

  
61
        :param response: The URL returned by the OP
62
        :return:
63 60
        """
64 61
        authresp = self.parse_response(AuthorizationResponse, response,
65 62
                                       sformat="dict", keyjar=self.keyjar)
63
        app_admin = False
64
        app_user = False
66 65
        try:
67
            if self.state != authresp['state']:
66
            if state != authresp['state']:
68 67
                raise OIDCError("Invalid state %s." % authresp["state"])
69 68
        except AttributeError:
70 69
            raise OIDCError("access denied")
71 70

  
72 71
        if isinstance(authresp, ErrorResponse):
73
            return OIDCError("Access denied")
72
            raise OIDCError("Access denied")
74 73

  
75 74
        try:
76 75
            self.id_token[authresp["state"]] = authresp["id_token"]
......
93 92
                    scope="openid", state=authresp["state"], request_args=args,
94 93
                    authn_method=self.registration_response["token_endpoint_auth_method"])
95 94
                id_token = atresp['id_token']
96
                self.app_admin = 'app_admin' in id_token and id_token['app_admin']
97
                self.app_user = 'app_user' in id_token  and id_token['app_user']
95
                app_admin = 'app_admin' in id_token and id_token['app_admin']
96
                app_user = 'app_user' in id_token  and id_token['app_user']
98 97
            except Exception as err:
99 98
                logger.error("%s" % err)
100 99
                raise
......
112 111

  
113 112
        logger.debug("UserInfo: %s" % inforesp)
114 113

  
115
        return userinfo
114
        return userinfo, app_admin, app_user, self.access_token, self.id_token
116 115

  
117 116
def create_client(**kwargs):
118 117
    """

Also available in: Unified diff