Révision 34457e9c
Ajouté par Serghei Mihai il y a environ 9 ans
ckanext/ozwillo_pyoidc/oidc.py | ||
---|---|---|
27 | 27 |
self.behaviour = behaviour |
28 | 28 |
|
29 | 29 |
def create_authn_request(self, acr_value=None): |
30 |
self.state = rndstr()
|
|
30 |
state = rndstr() |
|
31 | 31 |
nonce = rndstr() |
32 | 32 |
request_args = { |
33 | 33 |
"response_type": self.behaviour["response_type"], |
34 | 34 |
"scope": self.behaviour["scope"], |
35 |
"state": self.state,
|
|
35 |
"state": state, |
|
36 | 36 |
"nonce": nonce, |
37 | 37 |
"redirect_uri": self.registration_response["redirect_uris"][0] |
38 | 38 |
} |
... | ... | |
51 | 51 |
logger.info("URL: %s" % url) |
52 | 52 |
logger.debug("ht_args: %s" % ht_args) |
53 | 53 |
|
54 |
return str(url), ht_args |
|
54 |
return str(url), ht_args, state
|
|
55 | 55 |
|
56 |
def callback(self, response): |
|
56 |
def callback(self, state, response):
|
|
57 | 57 |
""" |
58 | 58 |
This is the method that should be called when an AuthN response has been |
59 | 59 |
received from the OP. |
60 |
|
|
61 |
:param response: The URL returned by the OP |
|
62 |
:return: |
|
63 | 60 |
""" |
64 | 61 |
authresp = self.parse_response(AuthorizationResponse, response, |
65 | 62 |
sformat="dict", keyjar=self.keyjar) |
63 |
app_admin = False |
|
64 |
app_user = False |
|
66 | 65 |
try: |
67 |
if self.state != authresp['state']:
|
|
66 |
if state != authresp['state']: |
|
68 | 67 |
raise OIDCError("Invalid state %s." % authresp["state"]) |
69 | 68 |
except AttributeError: |
70 | 69 |
raise OIDCError("access denied") |
71 | 70 |
|
72 | 71 |
if isinstance(authresp, ErrorResponse): |
73 |
return OIDCError("Access denied")
|
|
72 |
raise OIDCError("Access denied")
|
|
74 | 73 |
|
75 | 74 |
try: |
76 | 75 |
self.id_token[authresp["state"]] = authresp["id_token"] |
... | ... | |
93 | 92 |
scope="openid", state=authresp["state"], request_args=args, |
94 | 93 |
authn_method=self.registration_response["token_endpoint_auth_method"]) |
95 | 94 |
id_token = atresp['id_token'] |
96 |
self.app_admin = 'app_admin' in id_token and id_token['app_admin']
|
|
97 |
self.app_user = 'app_user' in id_token and id_token['app_user']
|
|
95 |
app_admin = 'app_admin' in id_token and id_token['app_admin'] |
|
96 |
app_user = 'app_user' in id_token and id_token['app_user'] |
|
98 | 97 |
except Exception as err: |
99 | 98 |
logger.error("%s" % err) |
100 | 99 |
raise |
... | ... | |
112 | 111 |
|
113 | 112 |
logger.debug("UserInfo: %s" % inforesp) |
114 | 113 |
|
115 |
return userinfo |
|
114 |
return userinfo, app_admin, app_user, self.access_token, self.id_token
|
|
116 | 115 |
|
117 | 116 |
def create_client(**kwargs): |
118 | 117 |
""" |
Formats disponibles : Unified diff
sso attributes stored in session.