Project

General

Profile

« Previous | Next » 

Revision 6388360c

Added by Serghei Mihai almost 11 years ago

checking the 'state' parameter issued by idp

View differences:

ckanext/ozwillo_pyoidc/oidc.py
if behaviour:
self.behaviour = behaviour
def create_authn_request(self, session, acr_value=None):
session["state"] = rndstr()
session["nonce"] = rndstr()
def create_authn_request(self, acr_value=None):
self.state = rndstr()
nonce = rndstr()
request_args = {
"response_type": self.behaviour["response_type"],
"scope": self.behaviour["scope"],
"state": session["state"],
"nonce": session["nonce"],
"state": self.state,
"nonce": nonce,
"redirect_uri": self.registration_response["redirect_uris"][0]
}
......
authresp = self.parse_response(AuthorizationResponse, response,
sformat="dict", keyjar=self.keyjar)
if self.state != authresp['state']:
raise OIDCError("Invalid state %s." % authresp["state"])
if isinstance(authresp, ErrorResponse):
return OIDCError("Access denied")
ckanext/ozwillo_pyoidc/plugin.py
if 'organization_id' in session:
g = model.Group.get(session['organization_id'])
client = Clients.get(g)
url, ht_args = client.create_authn_request(session, conf.ACR_VALUES)
url, ht_args = client.create_authn_request(conf.ACR_VALUES)
if ht_args:
toolkit.request.headers.update(ht_args)
redirect_to(url)

Also available in: Unified diff