Add support to SOCIAL_AUTH_OIDC_PROMPT and others

social_core/backends/open_id_connect.py

@@ -64,6 +64,14 @@
     USERINFO_URL = ""
     JWKS_URI = ""
     TOKEN_ENDPOINT_AUTH_METHOD = ""
+    # Optional parameters for Authentication Request
+    DISPLAY = None
+    PROMPT = None
+    MAX_AGE = None
+    UI_LOCALES = None
+    ID_TOKEN_HINT = None
+    LOGIN_HINT = None
+    ACR_VALUES = None
 
     def __init__(self, *args, **kwargs):
         self.id_token = None
@@ -136,10 +144,55 @@
         response = self.request(self.jwks_uri())
         return json.loads(response.text)["keys"]
 
     def auth_params(self, state=None):
         """Return extra arguments needed on auth process."""
         params = super().auth_params(state)
         params["nonce"] = self.get_and_store_nonce(self.authorization_url(), state)
+
+        display = self.setting("DISPLAY", default=self.DISPLAY)
+        if display is not None:
+            if not display:
+                raise AuthMissingParameter("OpenID Connect display value cannot be empty string.")
+
+            if display not in ("page", "popup", "touch", "wap"):
+                raise AuthMissingParameter(f"Invalid OpenID Connect display value: {display}")
+
+            params["display"] = display
+
+        prompt = self.setting("PROMPT", default=self.PROMPT)
+        if prompt is not None:
+            if not prompt:
+                raise AuthInvalidParameter("prompt")
+
+            for prompt_token in prompt.split():
+                if prompt_token not in ("none", "login", "consent", "select_account"):
+                    raise AuthInvalidParameter("prompt")
+
+            params["prompt"] = prompt
+
+        max_age = self.setting("MAX_AGE", default=self.MAX_AGE)
+        if max_age is not None:
+            if max_age < 0:
+                raise AuthInvalidParameter("max_age")
+
+            params["max_age"] = max_age
+
+        ui_locales = self.setting("UI_LOCALES", default=self.UI_LOCALES)
+        if ui_locales is not None:
+            raise AuthNotImplementedParameter("ui_locales")
+
+        id_token_hint = self.setting("ID_TOKEN_HINT", default=self.ID_TOKEN_HINT)
+        if id_token_hint is not None:
+            raise AuthNotImplementedParameter("id_token_hint")
+
+        login_hint = self.setting("LOGIN_HINT", default=self.LOGIN_HINT)
+        if login_hint is not None:
+            raise AuthNotImplementedParameter("login_hint")
+
+        acr_values = self.setting("ACR_VALUES", default=self.ACR_VALUES)
+        if acr_values is not None:
+            raise AuthNotImplementedParameter("acr_values")
+
         return params
 
     def get_and_store_nonce(self, url, state):

social_core/exceptions.py

@@ -89,6 +89,28 @@ def __str__(self):
         return f"Missing needed parameter {self.parameter}"
 
 
+class AuthInvalidParameter(AuthException):
+    """Invalid value for parameter to start or complete the process."""
+
+    def __init__(self, backend, parameter, *args, **kwargs):
+        self.parameter = parameter
+        super().__init__(backend, *args, **kwargs)
+
+    def __str__(self):
+        return f"Invalid value for parameter {self.parameter}"
+
+
+class AuthNotImplementedParameter(AuthException):
+    """Optional parameter not implemented to start or complete the process."""
+
+    def __init__(self, backend, parameter, *args, **kwargs):
+        self.parameter = parameter
+        super().__init__(backend, *args, **kwargs)
+
+    def __str__(self):
+        return f"Not implemented parameter {self.parameter}"
+
+
 class AuthStateMissing(AuthException):
     """State parameter is incorrect."""