-
Notifications
You must be signed in to change notification settings - Fork 19
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
BREAKING CHANGE: The user_id scope is now required when using the EdXOAuth2 backend for oAuth+SSO. This means that the oauth application must first be configured to have access to the user_id scope, which is not available by default. The backend will then pull the user_id from the JWT and store it in the UserSocialAuth.extra_data field. ARCH-603
- Loading branch information
Showing
4 changed files
with
72 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -210,7 +210,7 @@ def access_token_body(self, request, _url, headers): | |
expires_in = 3600 | ||
access_token = self.create_jws_access_token(expires_in) | ||
body = json.dumps({ | ||
'scope': 'read write profile email', | ||
'scope': 'read write profile email user_id', | ||
'token_type': 'JWT', | ||
'expires_in': expires_in, | ||
'access_token': access_token | ||
|
@@ -242,11 +242,12 @@ def create_jws_access_token(self, expires_in=3600, issuer=None, key=None, alg='R | |
'sub': 'e3bfe0e4e7c6693efba9c3a93ee7f31b', | ||
'preferred_username': self.expected_username, | ||
'aud': 'InkocujLikyucsEdwiWatdebrEackmevLakDuifKooshkakWow', | ||
'scopes': ['read', 'write', 'profile', 'email'], | ||
'scopes': ['read', 'write', 'profile', 'email', 'user_id'], | ||
'email': '[email protected]', | ||
'exp': timegm(expiration_datetime.utctimetuple()), | ||
'name': 'Joe Smith', | ||
'family_name': 'Smith' | ||
'family_name': 'Smith', | ||
'user_id': '1', | ||
} | ||
access_token = JWS(payload, jwk=key, alg=alg).sign_compact() | ||
return access_token | ||
|
@@ -310,3 +311,21 @@ def test_end_session_url(self): | |
# Now, add the public url root to the settings. | ||
self.set_social_auth_setting('PUBLIC_URL_ROOT', self.public_url_root) | ||
self.assertEqual(self.backend.end_session_url(), self.public_url_root + logout_location) | ||
|
||
def test_user_data(self): | ||
user_data = self.backend.user_data(self.create_jws_access_token()) | ||
self.assertDictEqual(user_data, { | ||
'name': 'Joe Smith', | ||
'preferred_username': 'jsmith', | ||
'email': '[email protected]', | ||
'given_name': 'Joe', | ||
'user_id': '1', | ||
'family_name': 'Smith', | ||
'administrator': False | ||
}) | ||
|
||
def test_extra_data(self): | ||
""" | ||
Ensure that `user_id` stays in EXTRA_DATA. | ||
""" | ||
self.assertEqual(self.backend.EXTRA_DATA, [('user_id', 'user_id', True)]) |