providers/oauth2: add ACR support

This commit is contained in:
Jens Langhammer 2020-12-26 20:16:50 +01:00
parent 43bb29e16a
commit 6c8e9fb553
4 changed files with 7 additions and 0 deletions

View file

@ -17,3 +17,5 @@ SCOPE_GITHUB_USER_READ = "read:user"
SCOPE_GITHUB_USER_EMAIL = "user:email"
# Read info about teams
SCOPE_GITHUB_ORG_READ = "read:org"
ACR_AUTHENTIK_DEFAULT = "goauthentik.io/providers/oauth2/default"

View file

@ -27,6 +27,7 @@ from authentik.events.utils import get_user
from authentik.lib.utils.template import render_to_string
from authentik.lib.utils.time import timedelta_from_string, timedelta_string_validator
from authentik.providers.oauth2.apps import AuthentikProviderOAuth2Config
from authentik.providers.oauth2.constants import ACR_AUTHENTIK_DEFAULT
from authentik.providers.oauth2.generators import (
generate_client_id,
generate_client_secret,
@ -392,6 +393,7 @@ class IDToken:
exp: Optional[int] = None
iat: Optional[int] = None
auth_time: Optional[int] = None
acr: Optional[str] = ACR_AUTHENTIK_DEFAULT
nonce: Optional[str] = None
at_hash: Optional[str] = None

View file

@ -135,6 +135,7 @@ class OAuthAuthorizationParams:
code_challenge_method=query_dict.get("code_challenge_method"),
)
# pylint: disable=too-many-branches
def __post_init__(self):
try:
self.provider: OAuth2Provider = OAuth2Provider.objects.get(

View file

@ -7,6 +7,7 @@ from django.views import View
from structlog import get_logger
from authentik.core.models import Application
from authentik.providers.oauth2.constants import ACR_AUTHENTIK_DEFAULT
from authentik.providers.oauth2.models import OAuth2Provider
LOGGER = get_logger()
@ -54,6 +55,7 @@ class ProviderInfoView(View):
"client_secret_post",
"client_secret_basic",
],
"acr_values_supported": [ACR_AUTHENTIK_DEFAULT],
}
# pylint: disable=unused-argument