Update createapplication command (#1132)

* Add --algorithm argument and fix --skip-authorization help text for createapplication command

* Add unit test for update to createapplication command

* Add to AUTHORS

* Update changelog for createapplication command changes

* Add documentation for 'createapplication' command to 'management_commands.rst'

Co-authored-by: Alan Crosswell <[email protected]>

Author: vector-kerr

AUTHORS

@@ -23,6 +23,7 @@ Bart Merenda
 Bas van Oostveen
 Brian Helba
 Carl Schwan
+Daniel 'Vector' Kerr
 Dave Burkholder
 David Fischer
 David Smith

CHANGELOG.md

@@ -32,9 +32,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   If you've [customized OIDC responses](https://django-oauth-toolkit.readthedocs.io/en/latest/oidc.html#customizing-the-oidc-responses)
   and want to retain the pre-2.x behavior, set `oidc_claim_scope = None` in your subclass of `OAuth2Validator`.
 * #1108 OIDC: Make the `access_token` available to `get_oidc_claims` when called from `get_userinfo_claims`.
+* #1132: Added `--algorithm` argument to `createapplication` management command
 
 ### Fixed
 * #1108 OIDC: Fix `validate_bearer_token()` to properly set `request.scopes` to the list of granted scopes.
+* #1132: Fixed help text for `--skip-authorization` argument of the `createapplication` management command
 
 ### Removed
 * #1124 (**Breaking**, **Security**) Removes support for insecure `urn:ietf:wg:oauth:2.0:oob` and `urn:ietf:wg:oauth:2.0:oob:auto` which are replaced

docs/management_commands.rst

@@ -4,6 +4,8 @@ Management commands
 Django OAuth Toolkit exposes some useful management commands that can be run via shell or by other means (eg: cron)
 
 .. _cleartokens:
+.. _createapplication:
+
 
 cleartokens
 ~~~~~~~~~~~
@@ -21,3 +23,38 @@ To prevent the CPU and RAM high peaks during deletion process use ``CLEAR_EXPIRE
 
 Note: Refresh tokens need to expire before AccessTokens can be removed from the
 database. Using ``cleartokens`` without ``REFRESH_TOKEN_EXPIRE_SECONDS`` has limited effect.
+
+
+
+createapplication
+~~~~~~~~~~~~~~~~~
+
+The ``createapplication`` management command provides a shortcut to create a new application in a programmatic way.
+
+.. code-block:: sh
+
+    usage: manage.py createapplication [-h] [--client-id CLIENT_ID] [--user USER] [--redirect-uris REDIRECT_URIS]
+				       [--client-secret CLIENT_SECRET] [--name NAME] [--skip-authorization] [--version] [-v {0,1,2,3}]
+				       [--settings SETTINGS] [--pythonpath PYTHONPATH] [--traceback] [--no-color] [--force-color]
+				       [--skip-checks]
+				       client_type authorization_grant_type
+
+    Shortcut to create a new application in a programmatic way
+
+    positional arguments:
+      client_type           The client type, can be confidential or public
+      authorization_grant_type
+			    The type of authorization grant to be used
+
+    optional arguments:
+      -h, --help            show this help message and exit
+      --client-id CLIENT_ID
+			    The ID of the new application
+      --user USER           The user the application belongs to
+      --redirect-uris REDIRECT_URIS
+			    The redirect URIs, this must be a space separated string e.g 'URI1 URI2'
+      --client-secret CLIENT_SECRET
+			    The secret for this application
+      --name NAME           The name this application
+      --skip-authorization  The ID of the new application
+      ...

oauth2_provider/management/commands/createapplication.py

@@ -49,7 +49,12 @@ def add_arguments(self, parser):
         parser.add_argument(
             "--skip-authorization",
             action="store_true",
-            help="The ID of the new application",
+            help="If set, completely bypass the authorization form, even on the first use of the application",
+        )
+        parser.add_argument(
+            "--algorithm",
+            type=str,
+            help="The OIDC token signing algorithm for this application (e.g., 'RS256' or 'HS256')",
         )
 
     def handle(self, *args, **options):

tests/test_commands.py

@@ -1,5 +1,6 @@
 from io import StringIO
 
+import pytest
 from django.contrib.auth import get_user_model
 from django.contrib.auth.hashers import check_password
 from django.core.management import call_command
@@ -8,6 +9,8 @@
 
 from oauth2_provider.models import get_application_model
 
+from . import presets
+
 
 Application = get_application_model()
 
@@ -112,6 +115,20 @@ def test_application_created_with_user(self):
 
         self.assertEqual(app.user, user)
 
+    @pytest.mark.usefixtures("oauth2_settings")
+    @pytest.mark.oauth2_settings(presets.OIDC_SETTINGS_RW)
+    def test_application_created_with_algorithm(self):
+        call_command(
+            "createapplication",
+            "confidential",
+            "authorization-code",
+            "--redirect-uris=http://example.com http://example2.com",
+            "--algorithm=RS256",
+        )
+        app = Application.objects.get()
+
+        self.assertEqual(app.algorithm, "RS256")
+
     def test_validation_failed_message(self):
         output = StringIO()
         call_command(