def req_any(request, vender, action, mode, *args, **kwargs): form = AuthReqForm(vender=__package__, data=request.POST or None) if request.method == "POST" and form.is_valid(): rp = form.cleaned_data["rp"] conf = rp.authority.auth_metadata_object ruri = request.build_absolute_uri(reverse("rp_auth", kwargs=dict(vender="azure", action="res", mode="code"))) authreq = AuthReq( response_type="code", client_id=rp.identifier, redirect_uri=ruri, scope="openid profile email", prompt="admin_consent", ) authreq["resource"] = "https://graph.windows.net" signon = SignOn.create(request.user, rp, authreq) authreq["session_state"] = signon.state request.session["state"] = signon.state if conf.authorization_endpoint.find("?") > 0: sep = "&" else: sep = "?" location = conf.authorization_endpoint + sep + authreq.to_qs() res = HttpResponse(location, status=302) res["Location"] = location return res return TemplateResponse(request, "venders/azure/req_any.html", dict(request=request, form=form))
def test_create(self): from connect.rp.models import RelyingParty r = RelyingParty.get_selfissued('http://hoge.com/') from connect.messages.auth import AuthReq authreq = AuthReq( redirect_uri=r.identifier ) from connect.rp.models import SignOn s = SignOn.create(r, authreq) print s.nonce, s.state, s.request print authreq.to_qs()
def req_any(request, vender, action, mode): form = AuthReqForm( vender=__package__, data=request.POST or None) if request.method == "POST" and form.is_valid(): rp = form.cleaned_data['rp'] conf = rp.authority.auth_metadata_object ruri = request.build_absolute_uri( reverse('rp_auth', kwargs=dict( vender='google', action='res', mode='code', )) ) # https://developers.google.com/accounts/docs/OAuth2Login#authenticationuriparameters authreq = AuthReq( response_type="code", client_id=rp.identifier, redirect_uri=ruri, scope="openid profile email", prompt=PROMPT[1], ) authreq['include_granted_scopes'] = 'false' signon = SignOn.create(request.user, rp, authreq) request.session['state'] = signon.state authreq.nonce = None #: TODO: nonce not supported ? if conf.authorization_endpoint.find('?') > 0: sep = "&" else: sep = "?" location = conf.authorization_endpoint + sep + authreq.to_qs() res = HttpResponse(location, status=302) res['Location'] = location return res ctx = dict( request=request, vender=vender, form=form) return TemplateResponse( request, 'venders/google/req_any.html', ctx)
def req_any(request, vender, action, mode): # redirect_uri == client_id (7.2) ruri = request.build_absolute_uri(reverse("rp_auth", kwargs=dict(vender="self", action="res", mode="implicit"))) # TODO: create the Authority(=SIOP) if not created yet. authority = create_authority() # TODO: create the RP for SIOP if not created yet. rp = create_relyingparty(authority, ruri) form = AuthReqForm(vender=__package__, data=request.POST or None) if request.method == "POST" and form.is_valid(): rp = form.cleaned_data["rp"] conf = rp.authority.auth_metadata_object # AuthReq (7.3) scopes = ["openid", "profile", "email", "address", "phone"] authreq = AuthReq( scope=" ".join(scopes), # TODO: Selection response_type="id_token", # ID Token in implicit client_id=ruri, # redirect_uri == client_id (7.2) id_token_hint=None, claims=None, registration=None, # Client Meta request=None, # Request Object ) signon = SignOn.create(request.user, rp, authreq, request.session.session_key) request.session["state"] = signon.state if conf.authorization_endpoint.find("?") > 0: sep = "&" else: sep = "?" location = conf.authorization_endpoint + sep + authreq.to_qs() res = HttpResponse(location, status=302) res["Location"] = location return res ctx = dict(request=request, vender=vender, form=form) return TemplateResponse(request, "venders/%s/req_any.html" % vender, ctx)