ARCH-435 | Add hook for encode_id_token

Author: Chris Pickett

CHANGELOG.md

@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 
 ### [Unreleased]
 
+### [0.6.0-orm] - 2018-10-03
+
+##### Changed
+- Added `OIDC_IDTOKEN_ENCODE_HOOK` setting to allow for setting function that's used when encoding an id_token.
 
 ### [0.5.5] - 2018-09-11
 

oidc_provider/lib/endpoints/authorize.py

@@ -22,7 +22,6 @@
 from oidc_provider.lib.utils.token import (
     create_code,
     create_token,
-    encode_id_token,
 )
 from oidc_provider.models import (
     Client,
@@ -167,6 +166,10 @@ def create_response_uri(self):
                     )
                     id_token_dic = create_id_token_hook(**kwargs)
 
+                    encode_id_token = settings.import_hook(
+                        'OIDC_IDTOKEN_ENCODE_HOOK'
+                    )
+
                     # Check if response_type must include id_token in the response.
                     if self.params['response_type'] in ['id_token', 'id_token token', 'code id_token', 'code id_token token']:
                         query_fragment['id_token'] = encode_id_token(id_token_dic, self.client)

oidc_provider/lib/endpoints/token.py

@@ -18,7 +18,6 @@
 from oidc_provider.lib.utils.token import (
     create_id_token,
     create_token,
-    encode_id_token,
 )
 from oidc_provider.models import (
     Client,
@@ -37,6 +36,9 @@ def __init__(self, request):
         self.user = None
         self._extract_params()
 
+    def _encode_id_token(self, *args):
+        return settings.import_hook('OIDC_IDTOKEN_ENCODE_HOOK')(*args)
+
     def _extract_params(self):
         client_id, client_secret = self._extract_client_auth()
 
@@ -187,7 +189,7 @@ def create_access_token_response_dic(self):
             'refresh_token': token.refresh_token,
             'expires_in': settings.get('OIDC_TOKEN_EXPIRE'),
             'token_type': 'bearer',
-            'id_token': encode_id_token(id_token_dic, token.client),
+            'id_token': self._encode_id_token(id_token_dic, token.client),
         }
 
     def create_code_response_dic(self):
@@ -226,7 +228,7 @@ def create_code_response_dic(self):
             'refresh_token': token.refresh_token,
             'token_type': 'bearer',
             'expires_in': settings.get('OIDC_TOKEN_EXPIRE'),
-            'id_token': encode_id_token(id_token_dic, token.client),
+            'id_token': self._encode_id_token(id_token_dic, token.client),
         }
 
         return dic
@@ -273,7 +275,7 @@ def create_refresh_response_dic(self):
             'refresh_token': token.refresh_token,
             'token_type': 'bearer',
             'expires_in': settings.get('OIDC_TOKEN_EXPIRE'),
-            'id_token': encode_id_token(id_token_dic, self.token.client),
+            'id_token': self._encode_id_token(id_token_dic, self.token.client),
         }
 
         return dic

oidc_provider/settings.py

@@ -139,6 +139,14 @@ def OIDC_IDTOKEN_CREATE_HOOK(self):
         """
         return 'oidc_provider.lib.utils.token.create_id_token'
 
+    @property
+    def OIDC_IDTOKEN_ENCODE_HOOK(self):
+        """
+        OPTIONAL. A string with the location of your hook.
+        Used to encode a dictionary that will be the payload of the id_token.
+        """
+        return 'oidc_provider.lib.utils.token.encode_id_token'
+
     @property
     def OIDC_GRANT_TYPE_PASSWORD_ENABLE(self):
         """

setup.py

@@ -10,7 +10,7 @@
 
 setup(
     name='django-oidc-provider',
-    version='0.5.5',
+    version='0.6.0-orm',
     packages=find_packages(),
     include_package_data=True,
     license='MIT License',