Skip to content

Commit 8f2669c

Browse files
rgaiacsnijelpre-commit-ci[bot]
authored
feat: Add support to SOCIAL_AUTH_OIDC_PROMPT and others (#1127)
* Add support to SOCIAL_AUTH_OIDC_PROMPT Related to #1124 * Add support to more paramenters of OpenID Connect * Add exceptions AuthInvalidParameter and AuthNotImplementedParameter * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Update social_core/exceptions.py * Apply suggestions from code review * Apply suggestions from code review --------- Co-authored-by: Michal Čihař <michal@weblate.org> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Michal Čihař <michal@cihar.com>
1 parent 858fd3b commit 8f2669c

File tree

2 files changed

+78
-2
lines changed

2 files changed

+78
-2
lines changed

social_core/backends/open_id_connect.py

Lines changed: 64 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,12 @@
1616
from jwt.utils import base64url_decode
1717

1818
from social_core.backends.oauth import BaseOAuth2
19-
from social_core.exceptions import AuthMissingParameter, AuthTokenError
19+
from social_core.exceptions import (
20+
AuthInvalidParameter,
21+
AuthMissingParameter,
22+
AuthNotImplementedParameter,
23+
AuthTokenError,
24+
)
2025
from social_core.utils import cache
2126

2227

@@ -64,6 +69,14 @@ class OpenIdConnectAuth(BaseOAuth2):
6469
USERINFO_URL = ""
6570
JWKS_URI = ""
6671
TOKEN_ENDPOINT_AUTH_METHOD = ""
72+
# Optional parameters for Authentication Request
73+
DISPLAY = None
74+
PROMPT = None
75+
MAX_AGE = None
76+
UI_LOCALES = None
77+
ID_TOKEN_HINT = None
78+
LOGIN_HINT = None
79+
ACR_VALUES = None
6780

6881
def __init__(self, *args, **kwargs):
6982
self.id_token = None
@@ -136,10 +149,59 @@ def get_remote_jwks_keys(self):
136149
response = self.request(self.jwks_uri())
137150
return json.loads(response.text)["keys"]
138151

139-
def auth_params(self, state=None):
152+
def auth_params(self, state=None): # noqa: C901
140153
"""Return extra arguments needed on auth process."""
141154
params = super().auth_params(state)
142155
params["nonce"] = self.get_and_store_nonce(self.authorization_url(), state)
156+
157+
display = self.setting("DISPLAY", default=self.DISPLAY)
158+
if display is not None:
159+
if not display:
160+
raise AuthMissingParameter(
161+
self, "OpenID Connect display value cannot be empty string."
162+
)
163+
164+
if display not in ("page", "popup", "touch", "wap"):
165+
raise AuthMissingParameter(
166+
self, f"Invalid OpenID Connect display value: {display}"
167+
)
168+
169+
params["display"] = display
170+
171+
prompt = self.setting("PROMPT", default=self.PROMPT)
172+
if prompt is not None:
173+
if not prompt:
174+
raise AuthInvalidParameter(self, "prompt")
175+
176+
for prompt_token in prompt.split():
177+
if prompt_token not in ("none", "login", "consent", "select_account"):
178+
raise AuthInvalidParameter(self, "prompt")
179+
180+
params["prompt"] = prompt
181+
182+
max_age = self.setting("MAX_AGE", default=self.MAX_AGE)
183+
if max_age is not None:
184+
if max_age < 0:
185+
raise AuthInvalidParameter(self, "max_age")
186+
187+
params["max_age"] = max_age
188+
189+
ui_locales = self.setting("UI_LOCALES", default=self.UI_LOCALES)
190+
if ui_locales is not None:
191+
raise AuthNotImplementedParameter(self, "ui_locales")
192+
193+
id_token_hint = self.setting("ID_TOKEN_HINT", default=self.ID_TOKEN_HINT)
194+
if id_token_hint is not None:
195+
raise AuthNotImplementedParameter(self, "id_token_hint")
196+
197+
login_hint = self.setting("LOGIN_HINT", default=self.LOGIN_HINT)
198+
if login_hint is not None:
199+
raise AuthNotImplementedParameter(self, "login_hint")
200+
201+
acr_values = self.setting("ACR_VALUES", default=self.ACR_VALUES)
202+
if acr_values is not None:
203+
raise AuthNotImplementedParameter(self, "acr_values")
204+
143205
return params
144206

145207
def get_and_store_nonce(self, url, state):

social_core/exceptions.py

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,20 @@ def __str__(self):
8989
return f"Missing needed parameter {self.parameter}"
9090

9191

92+
class AuthInvalidParameter(AuthMissingParameter):
93+
"""Invalid value for parameter to start or complete the process."""
94+
95+
def __str__(self):
96+
return f"Invalid value for parameter {self.parameter}"
97+
98+
99+
class AuthNotImplementedParameter(AuthMissingParameter):
100+
"""Optional parameter not implemented to start or complete the process."""
101+
102+
def __str__(self):
103+
return f"Not implemented parameter {self.parameter}"
104+
105+
92106
class AuthStateMissing(AuthException):
93107
"""State parameter is incorrect."""
94108

0 commit comments

Comments
 (0)