2020-08-19 08:32:44 +00:00
|
|
|
"""passbook OAuth2 OpenID well-known views"""
|
2020-09-02 22:04:12 +00:00
|
|
|
from typing import Any, Dict
|
|
|
|
|
2020-08-19 08:32:44 +00:00
|
|
|
from django.http import HttpRequest, HttpResponse, JsonResponse
|
|
|
|
from django.shortcuts import get_object_or_404, reverse
|
|
|
|
from django.views import View
|
|
|
|
from structlog import get_logger
|
|
|
|
|
|
|
|
from passbook.core.models import Application
|
|
|
|
from passbook.providers.oauth2.models import OAuth2Provider
|
|
|
|
|
|
|
|
LOGGER = get_logger()
|
|
|
|
|
|
|
|
PLAN_CONTEXT_PARAMS = "params"
|
|
|
|
PLAN_CONTEXT_SCOPES = "scopes"
|
|
|
|
|
|
|
|
|
|
|
|
class ProviderInfoView(View):
|
|
|
|
"""OpenID-compliant Provider Info"""
|
|
|
|
|
2020-09-02 22:04:12 +00:00
|
|
|
def get_info(self, provider: OAuth2Provider) -> Dict[str, Any]:
|
|
|
|
"""Get dictionary for OpenID Connect information"""
|
|
|
|
return {
|
|
|
|
"issuer": provider.get_issuer(self.request),
|
|
|
|
"authorization_endpoint": self.request.build_absolute_uri(
|
|
|
|
reverse("passbook_providers_oauth2:authorize")
|
|
|
|
),
|
|
|
|
"token_endpoint": self.request.build_absolute_uri(
|
|
|
|
reverse("passbook_providers_oauth2:token")
|
|
|
|
),
|
|
|
|
"userinfo_endpoint": self.request.build_absolute_uri(
|
|
|
|
reverse("passbook_providers_oauth2:userinfo")
|
|
|
|
),
|
|
|
|
"end_session_endpoint": self.request.build_absolute_uri(
|
2020-09-17 19:55:01 +00:00
|
|
|
reverse(
|
|
|
|
"passbook_providers_oauth2:end-session",
|
|
|
|
kwargs={"application_slug": provider.application.slug},
|
|
|
|
)
|
2020-09-02 22:04:12 +00:00
|
|
|
),
|
|
|
|
"introspection_endpoint": self.request.build_absolute_uri(
|
|
|
|
reverse("passbook_providers_oauth2:token-introspection")
|
|
|
|
),
|
|
|
|
"response_types_supported": [provider.response_type],
|
|
|
|
"jwks_uri": self.request.build_absolute_uri(
|
|
|
|
reverse(
|
|
|
|
"passbook_providers_oauth2:jwks",
|
|
|
|
kwargs={"application_slug": provider.application.slug},
|
|
|
|
)
|
|
|
|
),
|
|
|
|
"id_token_signing_alg_values_supported": [provider.jwt_alg],
|
|
|
|
# See: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
|
|
|
|
"subject_types_supported": ["public"],
|
|
|
|
"token_endpoint_auth_methods_supported": [
|
|
|
|
"client_secret_post",
|
|
|
|
"client_secret_basic",
|
|
|
|
],
|
|
|
|
}
|
|
|
|
|
2020-08-19 08:32:44 +00:00
|
|
|
# pylint: disable=unused-argument
|
|
|
|
def get(
|
|
|
|
self, request: HttpRequest, application_slug: str, *args, **kwargs
|
|
|
|
) -> HttpResponse:
|
|
|
|
"""OpenID-compliant Provider Info"""
|
|
|
|
|
|
|
|
application = get_object_or_404(Application, slug=application_slug)
|
|
|
|
provider: OAuth2Provider = get_object_or_404(
|
|
|
|
OAuth2Provider, pk=application.provider_id
|
|
|
|
)
|
2020-09-02 22:04:12 +00:00
|
|
|
response = JsonResponse(self.get_info(provider))
|
2020-08-19 08:32:44 +00:00
|
|
|
response["Access-Control-Allow-Origin"] = "*"
|
|
|
|
|
|
|
|
return response
|