wip

2025-05-15 17:17:02 +02:00 · 2023-12-06 13:34:13 -05:00 · 2023-12-06 13:34:13 -05:00 · 2e1ff849cf
commit 2e1ff849cf
parent cd022404f0
2 changed files with 12 additions and 3 deletions
--- a/src/djangooidc/oidc.py
+++ b/src/djangooidc/oidc.py
@ -162,7 +162,7 @@ class Client(oic.Client):
            logger.error(err)
            logger.error("Unable to parse response for %s" % state)
            raise o_e.AuthenticationFailed(locator=state)
-
+        logger.info(authn_response)
        # ErrorResponse is not raised, it is passed back...
        if isinstance(authn_response, ErrorResponse):
            error = authn_response.get("error", "")
@ -207,7 +207,7 @@ class Client(oic.Client):
            logger.error(err)
            logger.error("Unable to request user info for %s" % state)
            raise o_e.AuthenticationFailed(locator=state)
-
+        logger.info(info_response)
        # ErrorResponse is not raised, it is passed back...
        if isinstance(info_response, ErrorResponse):
            logger.error("Unable to get user info (%s) for %s" % (info_response.get("error", ""), state))
--- a/src/djangooidc/views.py
+++ b/src/djangooidc/views.py
@ -56,6 +56,7 @@ def error_page(request, error):
 def openid(request):
    """Redirect the user to an authentication provider (OP)."""
    request.session["next"] = request.GET.get("next", "/")
+    request.session["acr_value"] = request.GET.get("acr_value",)

    try:
        return CLIENT.create_authn_request(request.session)
@ -70,6 +71,13 @@ def login_callback(request):
        userinfo = CLIENT.callback(query, request.session)
        user = authenticate(request=request, **userinfo)
        if user:
+            # test for need for identity verification and if it is satisfied
+            # if not satisfied, redirect user to login with stepped up acr_value
+            if requires_step_up_auth(userinfo):
+                return 
+            # 
+            # if User.needs_identity_verification and step_up_acr_value not in 
+            # ial returned from callback, redirect to 
            login(request, user)
            logger.info("Successfully logged in user %s" % user)
            return redirect(request.session.get("next", "/"))
@ -78,7 +86,8 @@ def login_callback(request):
    except Exception as err:
        return error_page(request, err)

-
+def requires_step_up_auth(userinfo):
+    step_up_acr_value = 
 def logout(request, next_page=None):
    """Redirect the user to the authentication provider (OP) logout page."""
    try: