diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 0000000..affd63b --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,54 @@ +name-template: 'v$RESOLVED_VERSION' +tag-template: 'v$RESOLVED_VERSION' +categories: +- + title: 'Features' + labels: + - 'enhancement' + - 'feat' + - 'feature' +- + title: 'Bug Fixes' + labels: + - 'bug' + - 'bugfix' + - 'fix' +- + title: 'Maintenance' + labels: + - 'chore' + - 'style' +change-template: '- $TITLE @$AUTHOR (#$NUMBER)' +change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks. +version-resolver: + major: + labels: ['major'] + minor: + labels: ['minor'] + patch: + labels: ['patch'] + default: patch +exclude-labels: ['skip'] +autolabeler: +- + label: 'bug' + branch: + - '/bug\/.+/' + - '/bugfix\/.+/' + - '/fix\/.+/' +- + label: 'enhancement' + branch: + - '/dependabot\/.+/' + - '/enhancement\/.+/' + - '/feat\/.+/' + - '/feature\/.+/' +- + label: 'chore' + branch: + - '/chore\/.+/' + - '/style\/.+/' +template: | + ## Release notes + + $CHANGES diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index e7a3cf3..8d9cdfa 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -5,9 +5,9 @@ name: oidcrp on: push: - branches: [ main, develop ] + branches: [ master, develop ] pull_request: - branches: [ main, develop ] + branches: [ master, develop ] jobs: build: diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml new file mode 100644 index 0000000..ff418de --- /dev/null +++ b/.github/workflows/release-drafter.yml @@ -0,0 +1,17 @@ +name: Release drafter + +on: + push: + branches: [master, develop] + pull_request: + types: [opened, reopened, synchronize] + +jobs: + update_release_draft: + name: Update draft release + runs-on: ubuntu-latest + steps: + - + uses: release-drafter/release-drafter@v5 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/example/flask_rp/conf.json b/example/flask_rp/conf.json index 7696d67..2325f03 100644 --- a/example/flask_rp/conf.json +++ b/example/flask_rp/conf.json @@ -136,7 +136,7 @@ } } }, - "local": { + "flask_provider": { "client_preferences": { "application_name": "rphandler", "application_type": "web", @@ -204,6 +204,75 @@ } } } + }, + "django_provider": { + "client_preferences": { + "application_name": "rphandler", + "application_type": "web", + "contacts": [ + "ops@example.com" + ], + "response_types": [ + "code" + ], + "scope": [ + "openid", + "profile", + "email", + "address", + "phone" + ], + "token_endpoint_auth_method": [ + "client_secret_basic", + "client_secret_post" + ] + }, + "issuer": "https://127.0.0.1:8000/", + "redirect_uris": [ + "https://{domain}:{port}/authz_cb/django" + ], + "post_logout_redirect_uris": [ + "https://{domain}:{port}/session_logout/django" + ], + "frontchannel_logout_uri": "https://{domain}:{port}/fc_logout/django", + "frontchannel_logout_session_required": true, + "backchannel_logout_uri": "https://{domain}:{port}/bc_logout/django", + "backchannel_logout_session_required": true, + "services": { + "discovery": { + "class": "oidcrp.oidc.provider_info_discovery.ProviderInfoDiscovery", + "kwargs": {} + }, + "registration": { + "class": "oidcrp.oidc.registration.Registration", + "kwargs": {} + }, + "authorization": { + "class": "oidcrp.oidc.authorization.Authorization", + "kwargs": {} + }, + "accesstoken": { + "class": "oidcrp.oidc.access_token.AccessToken", + "kwargs": {} + }, + "userinfo": { + "class": "oidcrp.oidc.userinfo.UserInfo", + "kwargs": {} + }, + "end_session": { + "class": "oidcrp.oidc.end_session.EndSession", + "kwargs": {} + } + }, + "add_ons": { + "pkce": { + "function": "oidcrp.oauth2.add_on.pkce.add_support", + "kwargs": { + "code_challenge_length": 64, + "code_challenge_method": "S256" + } + } + } } }, "webserver": { diff --git a/example/flask_rp/views.py b/example/flask_rp/views.py index 15abf2d..10b7b36 100644 --- a/example/flask_rp/views.py +++ b/example/flask_rp/views.py @@ -1,4 +1,5 @@ import logging +import urllib from urllib.parse import parse_qs from flask import Blueprint @@ -149,8 +150,21 @@ def finalize(op_hash, request_args): return make_response(res['error'], 400) +def get_ophash_by_cb_uri(url:str): + uri = urllib.parse.splitquery(request.url)[0] + clients = current_app.rp_config.clients + for k,v in clients.items(): + for endpoint in ("redirect_uris", + "post_logout_redirect_uris", + "frontchannel_logout_uri", + "backchannel_logout_uri"): + if uri in clients[k].get(endpoint, []): + return k + + @oidc_rp_views.route('/authz_cb/') def authz_cb(op_hash): + op_hash = get_ophash_by_cb_uri(request.url) return finalize(op_hash, request.args) @@ -215,6 +229,7 @@ def session_change(): # post_logout_redirect_uri @oidc_rp_views.route('/session_logout/') def session_logout(op_hash): + op_hash = get_ophash_by_cb_uri(request.url) _rp = get_rp(op_hash) logger.debug('post_logout') return "Post logout from {}".format(_rp.client_get("service_context").issuer) diff --git a/src/oidcrp/oidc/__init__.py b/src/oidcrp/oidc/__init__.py index 34dc2ab..cb000e4 100755 --- a/src/oidcrp/oidc/__init__.py +++ b/src/oidcrp/oidc/__init__.py @@ -21,8 +21,7 @@ DEFAULT_SERVICES = { "discovery": { - 'class': 'oidcrp.oidc.provider_info_discovery' - '.ProviderInfoDiscovery' + 'class': 'oidcrp.oidc.provider_info_discovery.ProviderInfoDiscovery' }, 'registration': { 'class': 'oidcrp.oidc.registration.Registration' @@ -38,6 +37,9 @@ }, 'userinfo': { 'class': 'oidcrp.oidc.userinfo.UserInfo' + }, + 'end_session': { + 'class': 'oidcrp.oidc.end_session.EndSession' } }