OpenConceptLab/ocl_issues#1338 | API to exchange code with OID token

OpenConceptLab · Aug 8, 2022 · 3161c3b · 3161c3b
1 parent 1cd221a
commit 3161c3b
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 10 deletions.
diff --git a/core/common/services.py b/core/common/services.py
@@ -345,6 +345,21 @@ def get_admin_token():
         )
         return response.json().get('access_token')
 
+    @staticmethod
+    def exchange_code_for_token(code, redirect_uri):
+        response = requests.post(
+            settings.OIDC_OP_TOKEN_ENDPOINT,
+            data=dict(
+                grant_type='authorization_code',
+                client_id=settings.OIDC_RP_CLIENT_ID,
+                client_secret=settings.OIDC_RP_CLIENT_SECRET,
+                code=code,
+                redirect_uri=redirect_uri
+            )
+
+        )
+        return response.json()
+
     @staticmethod
     def get_admin_headers():
         return dict(Authorization=f'Bearer {OIDCAuthService.get_admin_token()}')

diff --git a/core/settings.py b/core/settings.py
@@ -416,6 +416,7 @@
 OIDC_STORE_ACCESS_TOKEN = True
 OIDC_CREATE_USER = True
 LOGIN_REDIRECT_URL = os.environ.get('LOGIN_REDIRECT_URL', 'http://localhost:4000')
+LOGOUT_REDIRECT_URL = os.environ.get('LOGOUT_REDIRECT_URL', 'http://localhost:4000')
 KEYCLOAK_ADMIN = os.environ.get('KEYCLOAK_ADMIN', 'root')
 KEYCLOAK_ADMIN_PASSWORD = os.environ.get('KEYCLOAK_ADMIN_PASSWORD', 'Root123')
 OIDC_CALLBACK_CLASS = 'core.users.views.OCLOIDCAuthenticationCallbackView'
diff --git a/core/users/urls.py b/core/users/urls.py
@@ -6,6 +6,7 @@
 
 urlpatterns = [
     re_path(r'^$', views.UserListView.as_view(), name='userprofile-list'),
+    path('oidc/code-exchange/', views.OIDCodeExchangeView.as_view(), name='user-oid-code-exchange'),
     path('login/', views.TokenAuthenticationView.as_view(), name='user-login'),
     path('signup/', views.UserSignup.as_view(), name='user-signup'),
     re_path(

diff --git a/core/users/views.py b/core/users/views.py
@@ -30,20 +30,27 @@
 from core.users.search import UserProfileSearch
 from core.users.serializers import UserDetailSerializer, UserCreateSerializer, UserListSerializer, UserSummarySerializer
 from .models import UserProfile
-from ..common.services import AuthService
+from ..common.services import AuthService, OIDCAuthService
 
 
 class OCLOIDCAuthenticationCallbackView(OIDCAuthenticationCallbackView):
     pass
-    # def login_success(self):
-    #     print("**QP***", dict(self.request.GET.items()))
-    #     print("**Session***", self.request.session.items())
-        # auth.login(self.request, self.user)
-        # expiration_interval = self.get_settings('OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS', 60 * 15)
-        # self.request.session['oidc_id_token_expiration'] = time.time() + expiration_interval
-        #
-        # return Response(dict(token=self.request.session['oidc_access_token']))
-        # return super().login_success()
+
+
+class OIDCodeExchangeView(APIView):
+    permission_classes = (AllowAny, )
+
+    @staticmethod
+    def post(request):
+        code = request.data.get('code', None)
+        redirect_uri = request.data.get('redirect_uri', None)
+        if not code or not redirect_uri:
+            return Response(
+                dict(error='code and redirect_uri are mandatory to exchange for token'),
+                status=status.HTTP_400_BAD_REQUEST
+            )
+        return Response(
+            OIDCAuthService.exchange_code_for_token(code, redirect_uri))
 
 
 class TokenAuthenticationView(ObtainAuthToken):