diff --git a/src/simple_openid_connect/data.py b/src/simple_openid_connect/data.py index 8da67f2..541b6d8 100644 --- a/src/simple_openid_connect/data.py +++ b/src/simple_openid_connect/data.py @@ -4,9 +4,8 @@ import enum import logging import time -from typing import Any, Callable, List, Literal, Mapping, Optional, Type, Union +from typing import Any, Callable, List, Literal, Mapping, Optional, Union -from cryptojwt import JWK from pydantic import AnyHttpUrl, Extra, Field, root_validator from simple_openid_connect.base_data import OpenidBaseModel @@ -166,7 +165,7 @@ class IdToken(OpenidBaseModel): class Config: extra = Extra.allow - allow_mutation = True + allow_mutation = False iss: AnyHttpUrl "REQUIRED. Issuer Identifier for the Issuer of the response The iss value is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components." @@ -201,9 +200,6 @@ class Config: sid: Optional[str] "OPTIONAL. Session ID - String identifier for a Session. This represents a Session of a User Agent or device for a logged-in End-User at an RP. Different sid values are used to identify distinct sessions at an OP. The sid value need only be unique in the context of a particular issuer. Its contents are opaque to the RP." - raw_token: Optional[str] - "The raw token received from the issuer." - def validate_extern( self, issuer: str, @@ -297,14 +293,6 @@ def validate_extern( "The session associated with this ID-Token was authenticated too far in the past", ) - @classmethod - def parse_jwt( - cls: Type["IdToken"], value: str, signing_keys: List[JWK] - ) -> "IdToken": - token = super().parse_jwt(value, signing_keys) - token.raw_token = value - return token - class JwtAccessToken(OpenidBaseModel): """ diff --git a/src/simple_openid_connect/integrations/django/migrations/0003_openidsession_add_raw_id_token.py b/src/simple_openid_connect/integrations/django/migrations/0003_openidsession_add_raw_id_token.py new file mode 100644 index 0000000..2667c8f --- /dev/null +++ b/src/simple_openid_connect/integrations/django/migrations/0003_openidsession_add_raw_id_token.py @@ -0,0 +1,17 @@ +# Generated by Django 4.2.1 on 2024-02-08 07:55 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + dependencies = [ + ("simple_openid_connect_django", "0002_move_sessions_id_token"), + ] + + operations = [ + migrations.AddField( + model_name="openidsession", + name="raw_id_token", + field=models.TextField(blank=True), + ), + ] diff --git a/src/simple_openid_connect/integrations/django/models.py b/src/simple_openid_connect/integrations/django/models.py index 08dac15..710cf23 100644 --- a/src/simple_openid_connect/integrations/django/models.py +++ b/src/simple_openid_connect/integrations/django/models.py @@ -87,6 +87,7 @@ def update_session( refresh_token=token_response.refresh_token or "", refresh_token_expiry=_calc_expiry(token_response.refresh_expires_in), _id_token=id_token.json(), # type: ignore[unused-ignore,misc] + raw_id_token=token_response.id_token, ) @@ -107,6 +108,7 @@ class OpenidSession(models.Model): refresh_token = models.TextField(blank=True) refresh_token_expiry = models.DateTimeField(null=True) _id_token = models.TextField("json representation of this sessions is token") + raw_id_token = models.TextField(blank=True) @property def id_token(self) -> IdToken: @@ -116,13 +118,10 @@ def id_token(self) -> IdToken: def id_token(self, value: IdToken) -> None: self._id_token = value.json() - @property - def raw_id_token(self) -> Optional[str]: - return self.id_token.raw_token - def update_session(self, token_response: TokenSuccessResponse) -> None: self.scope = str(token_response.scope) self.access_token = token_response.access_token self.access_token_expiry = _calc_expiry(token_response.expires_in) self.refresh_token = token_response.refresh_token or "" self.refresh_token_expiry = _calc_expiry(token_response.refresh_expires_in) + self.raw_id_token = token_response.id_token