From c9f73d718e7c3857a07e7f61a9c2c8ce4f928187 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 18 Mar 2019 20:35:11 +0100 Subject: [PATCH] start implementing openid connect discovery --- passbook/oauth_client/forms.py | 2 +- passbook/oauth_provider/urls.py | 8 +++++-- passbook/oauth_provider/views/openid.py | 30 +++++++++++++++++++++++++ 3 files changed, 37 insertions(+), 3 deletions(-) create mode 100644 passbook/oauth_provider/views/openid.py diff --git a/passbook/oauth_client/forms.py b/passbook/oauth_client/forms.py index 3f4db257e..a4e49ff00 100644 --- a/passbook/oauth_client/forms.py +++ b/passbook/oauth_client/forms.py @@ -120,5 +120,5 @@ class AzureADOAuthSourceForm(OAuthSourceForm): 'request_token_url': '', 'authorization_url': 'https://login.microsoftonline.com/common/oauth2/authorize', 'access_token_url': 'https://login.microsoftonline.com/common/oauth2/token', - 'profile_url': ' https://login.microsoftonline.com/common/openid/userinfo', + 'profile_url': ' https://graph.windows.net/myorganization/me?api-version=1.6', } diff --git a/passbook/oauth_provider/urls.py b/passbook/oauth_provider/urls.py index 8541fe886..5badf8aa3 100644 --- a/passbook/oauth_provider/urls.py +++ b/passbook/oauth_provider/urls.py @@ -3,7 +3,7 @@ from django.urls import path from oauth2_provider import views -from passbook.oauth_provider.views import oauth2 +from passbook.oauth_provider.views import oauth2, openid urlpatterns = [ # Custom OAuth 2 Authorize View @@ -14,8 +14,12 @@ urlpatterns = [ path('authorize/permission_denied/', oauth2.OAuthPermissionDenied.as_view(), name='oauth2-permission-denied'), # OAuth API - path("authorize/", views.AuthorizationView.as_view(), name="authorize"), path("token/", views.TokenView.as_view(), name="token"), path("revoke_token/", views.RevokeTokenView.as_view(), name="revoke-token"), path("introspect/", views.IntrospectTokenView.as_view(), name="introspect"), + # OpenID-Connect Discovery + path('.well-known/openid-configuration', openid.OpenIDConfigurationView.as_view(), + name='openid-discovery'), + path('.well-known/jwks.json', openid.JSONWebKeyView.as_view(), + name='openid-jwks'), ] diff --git a/passbook/oauth_provider/views/openid.py b/passbook/oauth_provider/views/openid.py new file mode 100644 index 000000000..b37f0877a --- /dev/null +++ b/passbook/oauth_provider/views/openid.py @@ -0,0 +1,30 @@ +"""passbook oauth provider OpenID Views""" + +from django.http import HttpRequest, JsonResponse +from django.shortcuts import reverse +from django.views.generic import View + + +class OpenIDConfigurationView(View): + """Return OpenID Configuration""" + + def get(self, request: HttpRequest): + """Get Response conform to https://openid.net/specs/openid-connect-discovery-1_0.html""" + return JsonResponse({ + 'issuer': request.build_absolute_uri(), + 'authorization_endpoint': request.build_absolute_uri( + reverse('passbook_oauth_provider:oauth2-authorize')), + 'token_endpoint': request.build_absolute_uri(reverse('passbook_oauth_provider:token')), + "jwks_uri": request.build_absolute_uri(reverse('passbook_oauth_provider:openid-jwks')), + "scopes_supported": [ + "openid:userinfo", + ], + }) + + +class JSONWebKeyView(View): + """JSON Web Key View""" + + def get(self, request: HttpRequest): + """JSON Webkeys are not implemented yet, hence return an empty object""" + return JsonResponse({})