Révision 6388360c
Ajouté par Serghei Mihai il y a environ 9 ans
ckanext/ozwillo_pyoidc/oidc.py | ||
---|---|---|
26 | 26 |
if behaviour: |
27 | 27 |
self.behaviour = behaviour |
28 | 28 |
|
29 |
def create_authn_request(self, session, acr_value=None):
|
|
30 |
session["state"] = rndstr()
|
|
31 |
session["nonce"] = rndstr()
|
|
29 |
def create_authn_request(self, acr_value=None): |
|
30 |
self.state = rndstr()
|
|
31 |
nonce = rndstr()
|
|
32 | 32 |
request_args = { |
33 | 33 |
"response_type": self.behaviour["response_type"], |
34 | 34 |
"scope": self.behaviour["scope"], |
35 |
"state": session["state"],
|
|
36 |
"nonce": session["nonce"],
|
|
35 |
"state": self.state,
|
|
36 |
"nonce": nonce,
|
|
37 | 37 |
"redirect_uri": self.registration_response["redirect_uris"][0] |
38 | 38 |
} |
39 | 39 |
|
... | ... | |
64 | 64 |
authresp = self.parse_response(AuthorizationResponse, response, |
65 | 65 |
sformat="dict", keyjar=self.keyjar) |
66 | 66 |
|
67 |
if self.state != authresp['state']: |
|
68 |
raise OIDCError("Invalid state %s." % authresp["state"]) |
|
69 |
|
|
67 | 70 |
if isinstance(authresp, ErrorResponse): |
68 | 71 |
return OIDCError("Access denied") |
69 | 72 |
|
Formats disponibles : Unified diff
checking the 'state' parameter issued by idp