Skip to content

Commit

Permalink
Extract token creations to their own methods
Browse files Browse the repository at this point in the history 
This enables subclasses to customize the token and code creation.
  • Loading branch information
@mikkokeskinen @juanifioren
mikkokeskinen authored and juanifioren committed May 23, 2023
1 parent c786f81 commit 3c5e05f
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 22 deletions.
37 changes: 24 additions & 13 deletions oidc_provider/lib/endpoints/authorize.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,31 +126,42 @@ def validate_params(self):
raise AuthorizeError(
self.params['redirect_uri'], 'invalid_request', self.grant_type)

def create_code(self):
code = create_code(
user=self.request.user,
client=self.client,
scope=self.params['scope'],
nonce=self.params['nonce'],
is_authentication=self.is_authentication,
code_challenge=self.params['code_challenge'],
code_challenge_method=self.params['code_challenge_method'],
)

return code

def create_token(self):
token = create_token(
user=self.request.user,
client=self.client,
scope=self.params['scope'],
)

return token

def create_response_uri(self):
uri = urlsplit(self.params['redirect_uri'])
query_params = parse_qs(uri.query)
query_fragment = {}

try:
if self.grant_type in ['authorization_code', 'hybrid']:
code = create_code(
user=self.request.user,
client=self.client,
scope=self.params['scope'],
nonce=self.params['nonce'],
is_authentication=self.is_authentication,
code_challenge=self.params['code_challenge'],
code_challenge_method=self.params['code_challenge_method'])
code = self.create_code()
code.save()

if self.grant_type == 'authorization_code':
query_params['code'] = code.code
query_params['state'] = self.params['state'] if self.params['state'] else ''
elif self.grant_type in ['implicit', 'hybrid']:
token = create_token(
user=self.request.user,
client=self.client,
scope=self.params['scope'])
token = self.create_token()

# Check if response_type must include access_token in the response.
if (self.params['response_type'] in
Expand Down
30 changes: 21 additions & 9 deletions oidc_provider/lib/endpoints/token.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,13 +166,23 @@ def create_response_dic(self):
elif self.params['grant_type'] == 'client_credentials':
return self.create_client_credentials_response_dic()

def create_token(self, user, client, scope):
token = create_token(
user=user,
client=client,
scope=scope,
)

return token

def create_code_response_dic(self):
# See https://tools.ietf.org/html/rfc6749#section-4.1

token = create_token(
token = self.create_token(
user=self.code.user,
client=self.code.client,
scope=self.code.scope)
scope=self.code.scope,
)

if self.code.is_authentication:
id_token_dic = create_id_token(
Expand Down Expand Up @@ -213,10 +223,11 @@ def create_refresh_response_dic(self):
if unauthorized_scopes:
raise TokenError('invalid_scope')

token = create_token(
token = self.create_token(
user=self.token.user,
client=self.token.client,
scope=scope)
scope=scope,
)

# If the Token has an id_token it's an Authentication request.
if self.token.id_token:
Expand Down Expand Up @@ -252,10 +263,11 @@ def create_refresh_response_dic(self):
def create_access_token_response_dic(self):
# See https://tools.ietf.org/html/rfc6749#section-4.3
token_scopes = self.validate_requested_scopes()
token = create_token(
token = self.create_token(
self.user,
self.client,
token_scopes)
token_scopes,
)

id_token_dic = create_id_token(
token=token,
Expand Down Expand Up @@ -283,11 +295,11 @@ def create_client_credentials_response_dic(self):
# See https://tools.ietf.org/html/rfc6749#section-4.4.3
token_scopes = self.validate_requested_scopes()

token = create_token(
token = self.create_token(
user=None,
client=self.client,
scope=token_scopes)

scope=token_scopes,
)
token.save()

return {
Expand Down

0 comments on commit 3c5e05f

Please sign in to comment.