diff --git a/src/satosa/backends/apple.py b/src/satosa/backends/apple.py index 37f756a68..cc5d851c3 100644 --- a/src/satosa/backends/apple.py +++ b/src/satosa/backends/apple.py @@ -19,18 +19,20 @@ from satosa.internal import InternalData from .base import BackendModule from .oauth import get_metadata_desc_for_oauth_backend +from .oauth import _get_metadata_to_decorate +from ..context import Context from ..exception import SATOSAAuthenticationError, SATOSAError from ..response import Redirect import json import requests - logger = logging.getLogger(__name__) NONCE_KEY = "oidc_nonce" STATE_KEY = "oidc_state" + # https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple class AppleBackend(BackendModule): """Sign in with Apple backend""" @@ -240,8 +242,8 @@ def response_endpoint(self, context, *args): ) logger.error(logline) raise SATOSAAuthenticationError(context.state, "No user info available.") - all_user_claims = dict(list(userinfo.items()) + list(id_token_claims.items())) + context.decorate(Context.KEY_METADATA_STORE, _get_metadata_to_decorate(self.config)) msg = "UserInfo: {}".format(all_user_claims) logline = lu.LOG_FMT.format(id=lu.get_session_id(context.state), message=msg) logger.debug(logline) @@ -313,7 +315,7 @@ def _create_client(provider_metadata, client_metadata, verify_ssl=True): ) client.subject_type = ( - client.registration_response.get("subject_type") - or client.provider_info["subject_types_supported"][0] + client.registration_response.get("subject_type") + or client.provider_info["subject_types_supported"][0] ) return client diff --git a/src/satosa/backends/github.py b/src/satosa/backends/github.py index 70944e371..23463ac86 100644 --- a/src/satosa/backends/github.py +++ b/src/satosa/backends/github.py @@ -10,6 +10,8 @@ from oic.oauth2.message import AuthorizationResponse from satosa.backends.oauth import _OAuthBackend +from .oauth import _get_metadata_to_decorate +from satosa.context import Context from satosa.internal import AuthenticationInformation from satosa.internal import InternalData from satosa.response import Redirect @@ -99,6 +101,7 @@ def _authn_response(self, context): internal_response.attributes = self.converter.to_internal( self.external_type, user_info) internal_response.subject_id = str(user_info[self.user_id_attr]) + context.decorate(Context.KEY_METADATA_STORE, _get_metadata_to_decorate(self.config)) return self.auth_callback_func(context, internal_response) def user_information(self, access_token): diff --git a/src/satosa/backends/linkedin.py b/src/satosa/backends/linkedin.py index 8d3a85b4c..e157f5068 100644 --- a/src/satosa/backends/linkedin.py +++ b/src/satosa/backends/linkedin.py @@ -10,6 +10,8 @@ from oic.oauth2.message import AuthorizationResponse from satosa.backends.oauth import _OAuthBackend +from .oauth import _get_metadata_to_decorate +from satosa.context import Context from satosa.internal import AuthenticationInformation from satosa.internal import InternalData from satosa.response import Redirect @@ -110,6 +112,7 @@ def _authn_response(self, context): self.external_type, user_info) internal_response.subject_id = user_info[self.user_id_attr] + context.decorate(Context.KEY_METADATA_STORE, _get_metadata_to_decorate(self.config)) return self.auth_callback_func(context, internal_response) def user_information(self, access_token, api): diff --git a/src/satosa/backends/oauth.py b/src/satosa/backends/oauth.py index 3e2bd041b..771b1e351 100644 --- a/src/satosa/backends/oauth.py +++ b/src/satosa/backends/oauth.py @@ -12,6 +12,7 @@ from oic.utils.authn.authn_context import UNSPECIFIED import satosa.logging_util as lu +from satosa.context import Context from satosa.internal import AuthenticationInformation from satosa.internal import InternalData from satosa.exception import SATOSAAuthenticationError @@ -145,6 +146,7 @@ def _authn_response(self, context): internal_response = InternalData(auth_info=self.auth_info(context.request)) internal_response.attributes = self.converter.to_internal(self.external_type, user_info) internal_response.subject_id = user_info[self.user_id_attr] + context.decorate(Context.KEY_METADATA_STORE, _get_metadata_to_decorate(self.config)) return self.auth_callback_func(context, internal_response) def auth_info(self, request): @@ -331,3 +333,22 @@ def get_metadata_desc_for_oauth_backend(entity_id, config): metadata_description.append(description) return metadata_description + + +def _get_metadata_to_decorate(config): + metadata_dict = {} + if "entity_info" in config: + entity_info = config["entity_info"] + if "ui_info" in entity_info: + ui_info = entity_info["ui_info"] + for name in ui_info.get("display_name", []): + if name[1] == "en": + metadata_dict["client_name"] = name[0] + metadata_dict["client_name#" + name[1]] = name[0] + for logo in ui_info.get("logo", []): + if logo["lang"] == "en": + metadata_dict["logo_uri"] = logo["image"] + metadata_dict["logo_width"] = logo["width"] + metadata_dict["logo_height"] = logo["height"] + metadata_dict["logo_uri#" + logo["lang"]] = logo["image"] + return metadata_dict diff --git a/src/satosa/backends/openid_connect.py b/src/satosa/backends/openid_connect.py index 58d47af9b..96aec4376 100644 --- a/src/satosa/backends/openid_connect.py +++ b/src/satosa/backends/openid_connect.py @@ -22,6 +22,9 @@ from ..exception import SATOSAAuthenticationError from ..exception import SATOSAError from ..exception import SATOSAMissingStateError +from .oauth import _get_metadata_to_decorate +from ..context import Context +from ..exception import SATOSAAuthenticationError, SATOSAError from ..response import Redirect @@ -242,6 +245,7 @@ def response_endpoint(self, context, *args): logger.error(logline) raise SATOSAAuthenticationError(context.state, "No user info available.") + context.decorate(Context.KEY_METADATA_STORE, _get_metadata_to_decorate(self.config)) all_user_claims = dict(list(userinfo.items()) + list(id_token_claims.items())) msg = "UserInfo: {}".format(all_user_claims) logline = lu.LOG_FMT.format(id=lu.get_session_id(context.state), message=msg) diff --git a/src/satosa/backends/orcid.py b/src/satosa/backends/orcid.py index 649e72451..4b3a961fb 100644 --- a/src/satosa/backends/orcid.py +++ b/src/satosa/backends/orcid.py @@ -9,8 +9,10 @@ from oic.utils.authn.authn_context import UNSPECIFIED from oic.oauth2.consumer import stateID from oic.oauth2.message import AuthorizationResponse +from .oauth import _get_metadata_to_decorate from satosa.backends.oauth import _OAuthBackend +from satosa.context import Context from satosa.internal import InternalData from satosa.internal import AuthenticationInformation from satosa.util import rndstr @@ -79,6 +81,7 @@ def _authn_response(self, context): internal_response.attributes = self.converter.to_internal( self.external_type, user_info) internal_response.subject_id = user_info[self.user_id_attr] + context.decorate(Context.KEY_METADATA_STORE, _get_metadata_to_decorate(self.config)) return self.auth_callback_func(context, internal_response) def user_information(self, access_token, orcid, name=None):