trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/oauth2: fix several small implicit flow errors

This commit is contained in:
Jens Langhammer 2020-09-14 00:09:46 +02:00
parent 1c57128f11
commit 810f10edfe
1 changed files with 8 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
passbook/providers/oauth2/views/authorize.py
View File

@ -10,7 +10,7 @@ from django.utils import timezone
from django.views import View from django.views import View
from structlog import get_logger from structlog import get_logger
from passbook.core.models import Application, Token from passbook.core.models import Application
from passbook.flows.models import in_memory_stage from passbook.flows.models import in_memory_stage
from passbook.flows.planner import ( from passbook.flows.planner import (
PLAN_CONTEXT_APPLICATION, PLAN_CONTEXT_APPLICATION,
@ -248,28 +248,26 @@ class OAuthFulfillmentStage(StageView):
str(self.params.state) if self.params.state else "" str(self.params.state) if self.params.state else ""
] ]
elif self.params.grant_type in [GrantTypes.IMPLICIT, GrantTypes.HYBRID]: elif self.params.grant_type in [GrantTypes.IMPLICIT, GrantTypes.HYBRID]:
token: Token = self.provider.create_token( token = self.provider.create_refresh_token(
user=self.request.user, scope=self.params.scope, user=self.request.user, scope=self.params.scope,
) )
# Check if response_type must include access_token in the response. # Check if response_type must include access_token in the response.
if self.params.response_type in [ if self.params.response_type in [
ResponseTypes.id_token_token, ResponseTypes.ID_TOKEN_TOKEN,
ResponseTypes.code_id_token_token, ResponseTypes.CODE_ID_TOKEN_TOKEN,
ResponseTypes.token, ResponseTypes.ID_TOKEN,
ResponseTypes.code_token, ResponseTypes.CODE_TOKEN,
]: ]:
query_fragment["access_token"] = token.access_token query_fragment["access_token"] = token.access_token
# We don't need id_token if it's an OAuth2 request. # We don't need id_token if it's an OAuth2 request.
if SCOPE_OPENID in self.params.scope: if SCOPE_OPENID in self.params.scope:
id_token = token.create_id_token( id_token = token.create_id_token(
user=self.request.user, user=self.request.user, request=self.request,
request=self.request,
scope=self.params.scope,
) )
id_token.nonce = self.params.nonce id_token.nonce = self.params.nonce
id_token.scope = self.params.scope
# Include at_hash when access_token is being returned. # Include at_hash when access_token is being returned.
if "access_token" in query_fragment: if "access_token" in query_fragment:
id_token.at_hash = token.at_hash id_token.at_hash = token.at_hash
@ -283,8 +281,6 @@ class OAuthFulfillmentStage(StageView):
]: ]:
query_fragment["id_token"] = id_token.encode(self.provider) query_fragment["id_token"] = id_token.encode(self.provider)
token.id_token = id_token token.id_token = id_token
else:
token.id_token = {}
# Store the token. # Store the token.
token.save() token.save()