Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix google OpenID Connect #747

Closed
wants to merge 19 commits into from
Closed

Fix google OpenID Connect #747

wants to merge 19 commits into from

Conversation

mvschaik
Copy link
Contributor

This PR fixes logins with Google OpenID Connect. It merges #687 and #693.

mvschaik and others added 14 commits July 18, 2015 21:58
@mvschaik
Expect the right nonce in OIDC token
d4d0647
@mvschaik
Fix test for OIDC
a57d97b
@mvschaik @MaartenKos
OIDC discovery
d1d60ac 
And use jwkest to decode signature, because it supports more than just HS256.
@MaartenKos
Add tests for OIDC
f5f2647
@MaartenKos
Actually test RSA keys
4ef0bc9
@MaartenKos
Fix initialization of OIDC settings
fdec758
@MaartenKos
Fix nonce in py27 test
ae4dac0
@mvschaik
Make optional params optional
8b0a17d 
And delay caching of discovery document until all parameters are set to avoid using cache when document interpretation failed.
@MaartenKos
Fix invalid refernce to self.oidc_config
44df046
@MaartenKos
Different issuer for Google
e623a6c
@MaartenKos
Properly cache OIDC discover doc and JWKS
141ce6e
@MaartenKos
Cache per class to avoid cache sharing with subclasses
271710f
@MaartenKos
Merge branch 'fix-oidc-nonce' into fix-google-openidc
0ee7825
@MaartenKos
Merge branch 'oidc-discovery' into fix-google-openidc
c21874e 
Conflicts:
	social/tests/backends/open_id.py
@nickcatal nickcatal mentioned this pull request Sep 30, 2015
Closed
nickcatal
nickcatal reviewed Sep 30, 2015
View reviewed changes
social/backends/open_id.py
'fullname': response.get('name'),
'first_name': response.get('given_name'),
'last_name': response.get('family_name'),
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be closer to

        values = {'username': '', 'email': '', 'fullname': '',
                  'first_name': '', 'last_name': ''}

        fullname = values.get('name') or ''
        first_name = values.get('given_name') or ''
        last_name = values.get('family_name') or ''
        email = values.get('email') or ''

        if not fullname and first_name and last_name:
            fullname = first_name + ' ' + last_name
        elif fullname:
            try:
                first_name, last_name = fullname.rsplit(' ', 1)
            except ValueError:
                last_name = fullname

        username_key = self.setting('USERNAME_KEY') or self.USERNAME_KEY
        values.update({'fullname': fullname, 'first_name': first_name,
                       'last_name': last_name,
                       'username': values.get(username_key) or
                                   (first_name.title() + last_name.title()),
                       'email': email})
        return values

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I appreciate your suggestion, but these fields have been standardized for OIDC in http://openid.net/specs/openid-connect-core-1_0.html#rfc.section.5.1. I therefore would prefer to use these as a sensible default. I guess most users would override the OpenIdConnectAuth to customize this for the actual values the backend provides (if the backend doesn't adhere to the RFC).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was mostly talking about username_key = self.setting('USERNAME_KEY') or self.USERNAME_KEY

Which lets users override the username in their own settings file and exists in other backends.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added the USERNAME_KEY setting.

@nickcatal
Copy link
Contributor

Left a few comments that I could see on first glance.

This is what I need to start to flesh out part 2 of #750 so hopefully it gets merged in.

@mvschaik mvschaik mentioned this pull request Sep 30, 2015
Closed
@mvschaik
Copy link
Contributor Author

mvschaik commented Oct 1, 2015

Thanks for your suggestions, @nickcatal! I've added some fixes. I hope it gets merged in too!

@gabejackson gabejackson mentioned this pull request Nov 22, 2016
Closed
@gabejackson
Copy link

Any reason this hasn't been merged yet? Have been working on something similar lately and could lend a hand getting this merged if needed.

@omab omab force-pushed the master branch 2 times, most recently from 1078c07 to de9f179 Compare December 3, 2016 14:23
@omab
Copy link
Owner

omab commented Dec 13, 2016

I've ported this PR into social-core.

Thanks!

@omab omab closed this Dec 13, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@mvschaik @nickcatal @gabejackson @omab @MaartenKos