From 88f670eaab12e094eae144229470d42ec424ea83 Mon Sep 17 00:00:00 2001
From: Maarten van Schaik <maarten@byte.nl>
Date: Tue, 27 Oct 2015 12:04:10 +0100
Subject: [PATCH] Add request to resolve user function

This makes it possible to determine the user based on more things than
just the userinfo or id_token, for instance HTTP headers in the request.
---
 README.md                   | 4 ++--
 oidc_auth/authentication.py | 6 +++---
 oidc_auth/settings.py       | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index bb90462..f58ab71 100644
--- a/README.md
+++ b/README.md
@@ -43,8 +43,8 @@ OIDC_AUTH = {
     'OIDC_AUDIENCES': ('myapp',),
     
     # (Optional) Function that resolves id_token into user.
-    # This function receives an id_token dict and expects to return
-    # a User object. The default implementation tries to find the user
+    # This function receives a request and an id_token dict and expects to
+    # return a User object. The default implementation tries to find the user
     # based on username (natural key) taken from the 'sub'-claim of the
     # id_token.
     'OIDC_RESOLVE_USER_FUNCTION': 'oidc_auth.authentication.get_user_by_id',
diff --git a/oidc_auth/authentication.py b/oidc_auth/authentication.py
index 2ff2ba3..02201d9 100644
--- a/oidc_auth/authentication.py
+++ b/oidc_auth/authentication.py
@@ -16,7 +16,7 @@
 from django.utils.translation import ugettext as _
 
 
-def get_user_by_id(id_token):
+def get_user_by_id(request, id_token):
     User = get_user_model()
     try:
         user = User.objects.get_by_natural_key(id_token.get('sub'))
@@ -46,7 +46,7 @@ def authenticate(self, request):
             msg = _('Invalid Authorization header. Unable to verify bearer token')
             raise AuthenticationFailed(msg)
 
-        user = api_settings.OIDC_RESOLVE_USER_FUNCTION(userinfo)
+        user = api_settings.OIDC_RESOLVE_USER_FUNCTION(request, userinfo)
 
         return user, userinfo
 
@@ -88,7 +88,7 @@ def authenticate(self, request):
         payload = self.decode_jwt(jwt_value)
         self.validate_claims(payload)
 
-        user = api_settings.OIDC_RESOLVE_USER_FUNCTION(payload)
+        user = api_settings.OIDC_RESOLVE_USER_FUNCTION(request, payload)
 
         return user, payload
 
diff --git a/oidc_auth/settings.py b/oidc_auth/settings.py
index db78fac..fd2a436 100644
--- a/oidc_auth/settings.py
+++ b/oidc_auth/settings.py
@@ -14,7 +14,7 @@
     # Time before JWKS will be refreshed
     'OIDC_JWKS_EXPIRATION_TIME': 24*60*60,
 
-    # Function to resolve user from token or userinfo
+    # Function to resolve user from request and token or userinfo
     'OIDC_RESOLVE_USER_FUNCTION': 'oidc_auth.authentication.get_user_by_id',
 
     # Time before bearer token validity is verified again