providers/oauth2: use generate_key instead of uuid4

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-12-13 22:13:20 +01:00
parent 4911a243ff
commit 69678dcfa6

View file

@ -8,7 +8,6 @@ from datetime import datetime
from hashlib import sha256
from typing import Any, Optional, Type
from urllib.parse import urlparse
from uuid import uuid4
from dacite import from_dict
from django.db import models
@ -225,7 +224,7 @@ class OAuth2Provider(Provider):
token = RefreshToken(
user=user,
provider=self,
refresh_token=uuid4().hex,
refresh_token=generate_key(),
expires=timezone.now() + timedelta_from_string(self.token_validity),
scope=scope,
)
@ -434,7 +433,7 @@ class RefreshToken(ExpiringModel, BaseGrantModel):
"""Create access token with a similar format as Okta, Keycloak, ADFS"""
token = self.create_id_token(user, request).to_dict()
token["cid"] = self.provider.client_id
token["uid"] = uuid4().hex
token["uid"] = generate_key()
return self.provider.encode(token)
def create_id_token(self, user: User, request: HttpRequest) -> IDToken: