search

jazzband / django-oauth-toolkit

OAuth2 goodies for the Djangonauts!
https://django-oauth-toolkit.readthedocs.io
Other
3.06k stars 777 forks source link

fix: prompt=none shows a login screen #1361

Closed andyzickler closed 7 months ago

andyzickler commented 7 months ago

Fixes #1268

Description of the Change

Fix bug preventing support for Silent Authentication. If an unauthorized request to AuthorizationView with a query parameter that contains prompt=none happens, then we will redirect with an error code of login_required otherwise everything will proceed as before.

See https://auth0.com/docs/authenticate/login/configure-silent-authentication#error-responses and https://openid.net/specs/openid-connect-core-1_0.html#AuthError

fully supporting prompt=none will require implementing validate_silent_login in the validator. this doesn't implement that, but will allow people to implement it if they want until we can implement a good implementation for DOT.

Checklist

codecov[bot] commented 7 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (a4b26b1) 97.54% compared to head (d8c0a70) 97.56%.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #1361 +/- ## ========================================== + Coverage 97.54% 97.56% +0.01% ========================================== Files 32 32 Lines 2120 2132 +12 ========================================== + Hits 2068 2080 +12 Misses 52 52 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

andyzickler commented 7 months ago

This PR was a bit optimistic and naïve. Tests written via spec passed, but not in real world testing with the ldp and rp apps. Future implementation likely needs to implement oauthlib's validate_silent_login

dopry commented 7 months ago

I think it was on the right track. Let's isolate the dispatch fixes so someone could at least in theory implement validate_silent_login

dopry commented 7 months ago

@n2ygk @tonial I'd love to get a review from you guys on this. I've been working on it with @andyzickler. This bug is blocking an SSO implementation for me I'd really like to complete.