PR#103: Allow OpenIDC extensions to specify additional claims - ipsilon

ipsilon

#103 Allow OpenIDC extensions to specify additional claims

Merged 7 years ago by puiterwijk. Opened 7 years ago by puiterwijk.

puiterwijk/ipsilon openidc-plugin-idtoken into master

Allow OpenIDC extensions to specify additional claims

Patrick Uiterwijk • 7 years ago

9decb28

Update location of display_name information

Patrick Uiterwijk • 7 years ago

0131dcd

ipsilon/providers/openidc/auth.py

file modified

		`@@ -536,6 +536,14 @@`
		`# pylint: disable=invalid-sequence-index`
		`request_data['claims']['userinfo'][claim] = None`

		`+ # Add claims from extensions`
		`+ for n, e in self.cfg.extensions.available().items():`
pingou commented 7 years ago nit picking, but `n` and `e` aren't quite self-explanatory as variable names :(
alert("boo! (puiterwijk was here)"); Uiterwijk (puiterwijk)">puiterwijk commented 7 years ago Agreed, but that's what's used in the rest of the code. Rephrasing them would probably be a change across the codebase. For info: they stand for "name" and "extension".
pingou commented 7 years ago Arf, bummer :(
		`+ data = e.get_claims(request_data['scope'])`
		`+ self.debug('%s returned %s' % (n, repr(data)))`
		`+ if len(data) > 0:`
		`+ # pylint: disable=invalid-sequence-index`
		`+ request_data['claims']['userinfo'].extend(data)`
		`+`
		`# Store data so we can continue with the request`
		`us = UserSession()`
		`user = us.get_user()`

ipsilon/providers/openidc/plugins/common.py

file modified

+17 -1

		`@@ -37,9 +37,25 @@`
		`display_data = {}`
		`for scope in scopes:`
		`if scope in self.scopes:`
		`- display_data[scope] = self.scopes[scope]`
		`+ if 'display_name' in self.scopes[scope]:`
		`+ display_data[scope] = self.scopes[scope]['display_name']`
		`+ else:`
		`+ display_data[scope] = scope`
		`return display_data`

		`+ def get_claims(self, scopes):`
		`+ if not self.enabled:`
		`+ return {}`
		`+`
		`+ claims = []`
		`+ for scope in scopes:`
		`+ if scope in self.scopes and 'claims' in self.scopes[scope]:`
		`+ data = self.scopes[scope]['claims']`
		`+ if not isinstance(data, list):`
		`+ data = [data]`
		`+ claims.extend(data)`
		`+ return claims`
		`+`
		`def enable(self, provider):`
		`self.enabled = True`
		`self.provider = provider`

puiterwijk commented 7 years ago

This also contains a fix of display_name in plugins.

pingou commented on line 6 of ipsilon/providers/openidc/auth.py 7 years ago

nit picking, but n and e aren't quite self-explanatory as variable names :(

pingou commented 7 years ago

Looks fine to me, with the comment about the name of the variables used

puiterwijk commented on line 6 of ipsilon/providers/openidc/auth.py 7 years ago

Agreed, but that's what's used in the rest of the code.
Rephrasing them would probably be a change across the codebase.
For info: they stand for "name" and "extension".

pingou commented on line 6 of ipsilon/providers/openidc/auth.py 7 years ago

Arf, bummer :(

pingou commented 7 years ago

I still find the names unfortunate but fixing them seems outside the scope of this PR

:thumbsup: for me

puiterwijk commented 7 years ago

This has been merged.

Pull-Request has been closed by puiterwijk

7 years ago