ipsilon

Clone
Source Code
GIT

#111 openidc: Make it possible to disable dynamic client registration
Merged 7 years ago by puiterwijk. Opened 7 years ago by puiterwijk.
puiterwijk/ipsilon disableable-dynreg  into  master

file modified
+9 -2 
@@ -840,6 +840,10 @@ 
 

  class Registration(APIRequest):
 

  

      def POST(self, *args, **kwargs):
 

+         if not self.cfg.allow_dynamic_client_registration:
 

+             raise APIError(400, 'invalid_request',
 

+                            'dynamic client registration has been disabled')
 

+ 

          try:
 

              client_metadata = json.loads(cherrypy.request.rfile.read())
 

          except:
 
@@ -1135,8 +1139,6 @@ 
 

                                             'UserInfo'),
 

              'jwks_uri': '%s%s' % (self.cfg.endpoint_url,
 

                                    'Jwks'),
 

-             'registration_endpoint': '%s%s' % (self.cfg.endpoint_url,
 

-                                                'Registration'),
 

              'scopes_supported': self.cfg.supported_scopes,
 

              'response_types_supported': ['code', 'id_token' 'token',
 

                                           'token id_token'],
 
@@ -1183,6 +1185,11 @@ 
 

              'op_tos_uri': self.cfg.tos_url,
 

          }
 

  

+         if self.cfg.allow_dynamic_client_registration:
 

+             configuration['registration_endpoint'] = '%s%s' % (
 

+                 self.cfg.endpoint_url,
 

+                 'Registration')
 

+ 

          return json.dumps(configuration)
 

      wellknown_openid_configuration.public_function = True

file modified
+8 
@@ -69,6 +69,10 @@ 
 

                  'idp subject salt',
 

                  'The salt used for pairwise subjects.',
 

                  None),
 

+             pconfig.Condition(
 

+                 'allow dynamic client registration',
 

+                 'Allow Dynamic Client registrations for Relying Parties',
 

+                 True),
 

              pconfig.MappingList(
 

                  'default attribute mapping',
 

                  'Defines how to map attributes',
 
@@ -128,6 +132,10 @@ 
 

          return self.get_config_value('idp subject salt')
 

  

      @property
 

+     def allow_dynamic_client_registration(self):
 

+         return self.get_config_value('allow dynamic client registration')
 

+ 

+     @property
 

      def default_attribute_mapping(self):
 

          return self.get_config_value('default attribute mapping')

This makes it possible for administrators to disable dynamic client registration.

Signed-off-by: Patrick Uiterwijk puiterwijk@redhat.com

Looks fine to me, :thumbsup:

rebased
7 years ago

Pull-Request has been merged by puiterwijk
7 years ago
Metadata
None
No Tags
Changes Summary 2
+9 -2
file changed
ipsilon/providers/openidc/auth.py
+8 -0
file changed
ipsilon/providers/openidcp.py
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.