def req_any(request, vender, action, mode, *args, **kwargs):
form = AuthReqForm(vender=__package__, data=request.POST or None)
if request.method == "POST" and form.is_valid():
rp = form.cleaned_data["rp"]
conf = rp.authority.auth_metadata_object
ruri = request.build_absolute_uri(reverse("rp_auth", kwargs=dict(vender="azure", action="res", mode="code")))
authreq = AuthReq(
response_type="code",
client_id=rp.identifier,
redirect_uri=ruri,
scope="openid profile email",
prompt="admin_consent",
)
authreq["resource"] = "https://graph.windows.net"
signon = SignOn.create(request.user, rp, authreq)
authreq["session_state"] = signon.state
request.session["state"] = signon.state
if conf.authorization_endpoint.find("?") > 0:
sep = "&"
else:
sep = "?"
location = conf.authorization_endpoint + sep + authreq.to_qs()
res = HttpResponse(location, status=302)
res["Location"] = location
return res
return TemplateResponse(request, "venders/azure/req_any.html", dict(request=request, form=form))
def req_any(request, vender, action, mode):
form = AuthReqForm(
vender=__package__,
data=request.POST or None)
if request.method == "POST" and form.is_valid():
rp = form.cleaned_data['rp']
conf = rp.authority.auth_metadata_object
ruri = request.build_absolute_uri(
reverse('rp_auth', kwargs=dict(
vender='google', action='res', mode='code',
))
)
# https://developers.google.com/accounts/docs/OAuth2Login#authenticationuriparameters
authreq = AuthReq(
response_type="code",
client_id=rp.identifier,
redirect_uri=ruri,
scope="openid profile email",
prompt=PROMPT[1],
)
authreq['include_granted_scopes'] = 'false'
signon = SignOn.create(request.user, rp, authreq)
request.session['state'] = signon.state
authreq.nonce = None #: TODO: nonce not supported ?
if conf.authorization_endpoint.find('?') > 0:
sep = "&"
else:
sep = "?"
location = conf.authorization_endpoint + sep + authreq.to_qs()
res = HttpResponse(location, status=302)
res['Location'] = location
return res
ctx = dict(
request=request,
vender=vender,
form=form)
return TemplateResponse(
request,
'venders/google/req_any.html', ctx)
def req_any(request, vender, action, mode):
# redirect_uri == client_id (7.2)
ruri = request.build_absolute_uri(reverse("rp_auth", kwargs=dict(vender="self", action="res", mode="implicit")))
# TODO: create the Authority(=SIOP) if not created yet.
authority = create_authority()
# TODO: create the RP for SIOP if not created yet.
rp = create_relyingparty(authority, ruri)
form = AuthReqForm(vender=__package__, data=request.POST or None)
if request.method == "POST" and form.is_valid():
rp = form.cleaned_data["rp"]
conf = rp.authority.auth_metadata_object
# AuthReq (7.3)
scopes = ["openid", "profile", "email", "address", "phone"]
authreq = AuthReq(
scope=" ".join(scopes), # TODO: Selection
response_type="id_token", # ID Token in implicit
client_id=ruri, # redirect_uri == client_id (7.2)
id_token_hint=None,
claims=None,
registration=None, # Client Meta
request=None, # Request Object
)
signon = SignOn.create(request.user, rp, authreq, request.session.session_key)
request.session["state"] = signon.state
if conf.authorization_endpoint.find("?") > 0:
sep = "&"
else:
sep = "?"
location = conf.authorization_endpoint + sep + authreq.to_qs()
res = HttpResponse(location, status=302)
res["Location"] = location
return res
ctx = dict(request=request, vender=vender, form=form)
return TemplateResponse(request, "venders/%s/req_any.html" % vender, ctx)
