OAuth Provider Rewrite (#182)

2020-08-19 10:32:44 +02:00
parent b9076b5fd4
commit c7a2410b1d
97 changed files with 3107 additions and 1911 deletions
--- a/passbook/providers/oauth2/views/provider.py
+++ b/passbook/providers/oauth2/views/provider.py
@ -0,0 +1,65 @@
+"""passbook OAuth2 OpenID well-known views"""
+from django.http import HttpRequest, HttpResponse, JsonResponse
+from django.shortcuts import get_object_or_404, reverse
+from django.views import View
+from structlog import get_logger
+
+from passbook.core.models import Application
+from passbook.providers.oauth2.models import OAuth2Provider
+
+LOGGER = get_logger()
+
+PLAN_CONTEXT_PARAMS = "params"
+PLAN_CONTEXT_SCOPES = "scopes"
+
+
+class ProviderInfoView(View):
+    """OpenID-compliant Provider Info"""
+
+    # pylint: disable=unused-argument
+    def get(
+        self, request: HttpRequest, application_slug: str, *args, **kwargs
+    ) -> HttpResponse:
+        """OpenID-compliant Provider Info"""
+
+        application = get_object_or_404(Application, slug=application_slug)
+        provider: OAuth2Provider = get_object_or_404(
+            OAuth2Provider, pk=application.provider_id
+        )
+        response = JsonResponse(
+            {
+                "issuer": provider.get_issuer(request),
+                "authorization_endpoint": request.build_absolute_uri(
+                    reverse("passbook_providers_oauth2:authorize")
+                ),
+                "token_endpoint": request.build_absolute_uri(
+                    reverse("passbook_providers_oauth2:token")
+                ),
+                "userinfo_endpoint": request.build_absolute_uri(
+                    reverse("passbook_providers_oauth2:userinfo")
+                ),
+                "end_session_endpoint": request.build_absolute_uri(
+                    reverse("passbook_providers_oauth2:end-session")
+                ),
+                "introspection_endpoint": request.build_absolute_uri(
+                    reverse("passbook_providers_oauth2:token-introspection")
+                ),
+                "response_types_supported": [provider.response_type],
+                "jwks_uri": request.build_absolute_uri(
+                    reverse(
+                        "passbook_providers_oauth2:jwks",
+                        kwargs={"application_slug": application.slug},
+                    )
+                ),
+                "id_token_signing_alg_values_supported": [provider.jwt_alg],
+                # See: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
+                "subject_types_supported": ["public"],
+                "token_endpoint_auth_methods_supported": [
+                    "client_secret_post",
+                    "client_secret_basic",
+                ],
+            }
+        )
+        response["Access-Control-Allow-Origin"] = "*"
+
+        return response