Skip to content

Commit

Permalink
Add request to resolve user function
Browse files Browse the repository at this point in the history 
This makes it possible to determine the user based on more things than
just the userinfo or id_token, for instance HTTP headers in the request.
  • Loading branch information
@MaartenKos
MaartenKos committed Oct 27, 2015
1 parent 9a592c5 commit 88f670e
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 6 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,8 @@ OIDC_AUTH = {
'OIDC_AUDIENCES': ('myapp',),

# (Optional) Function that resolves id_token into user.
# This function receives an id_token dict and expects to return
# a User object. The default implementation tries to find the user
# This function receives a request and an id_token dict and expects to
# return a User object. The default implementation tries to find the user
# based on username (natural key) taken from the 'sub'-claim of the
# id_token.
'OIDC_RESOLVE_USER_FUNCTION': 'oidc_auth.authentication.get_user_by_id',
Expand Down
6 changes: 3 additions & 3 deletions oidc_auth/authentication.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
from django.utils.translation import ugettext as _


def get_user_by_id(id_token):
def get_user_by_id(request, id_token):
User = get_user_model()
try:
user = User.objects.get_by_natural_key(id_token.get('sub'))
Expand Down Expand Up @@ -46,7 +46,7 @@ def authenticate(self, request):
msg = _('Invalid Authorization header. Unable to verify bearer token')
raise AuthenticationFailed(msg)

user = api_settings.OIDC_RESOLVE_USER_FUNCTION(userinfo)
user = api_settings.OIDC_RESOLVE_USER_FUNCTION(request, userinfo)

return user, userinfo

Expand Down Expand Up @@ -88,7 +88,7 @@ def authenticate(self, request):
payload = self.decode_jwt(jwt_value)
self.validate_claims(payload)

user = api_settings.OIDC_RESOLVE_USER_FUNCTION(payload)
user = api_settings.OIDC_RESOLVE_USER_FUNCTION(request, payload)

return user, payload

Expand Down
2 changes: 1 addition & 1 deletion oidc_auth/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
# Time before JWKS will be refreshed
'OIDC_JWKS_EXPIRATION_TIME': 24*60*60,

# Function to resolve user from token or userinfo
# Function to resolve user from request and token or userinfo
'OIDC_RESOLVE_USER_FUNCTION': 'oidc_auth.authentication.get_user_by_id',

# Time before bearer token validity is verified again
Expand Down

0 comments on commit 88f670e

Please sign in to comment.