Add comments, do cleanup

src/djangooidc/oidc.py

@@ -14,7 +14,7 @@ from oic.oic import AuthorizationRequest, AuthorizationResponse, RegistrationRes
 from oic.oic.message import AccessTokenResponse
 from oic.utils.authn.client import CLIENT_AUTHN_METHOD
 from oic.utils import keyio
-from urllib.parse import urlparse, urlunparse, urlencode, parse_qs
+
 
 from . import exceptions as o_e
 
@@ -145,7 +145,7 @@ class Client(oic.Client):
             if headers:
                 for key, value in headers.items():
                     response[key] = value
-            print(f"create auth => response is {response}")
+
         except Exception as err:
             logger.error(err)
             logger.error("Failed to create redirect object for %s" % state)
@@ -237,11 +237,12 @@ class Client(oic.Client):
             raise o_e.AuthenticationFailed(locator=state)
         info_response_dict = info_response.to_dict()
 
-        if "needs_biometric_validation" in session and session["needs_biometric_validation"]:
-            if "vtm" in session:
-                info_response_dict["vtm"] = session.get("vtm")
-            if "vtr" in session:
-                info_response_dict["vtr"] = session.get("vtr")
+        # Define vtm/vtr information on the user dictionary so we can track this in one location.
+        # If a user has this information, then they are bumped up in terms of verification level.
+        if session.get("needs_biometric_validation") is True:
+            info_response_dict["vtm"] = session.get("vtm", "")
+            info_response_dict["vtr"] = session.get("vtr", "")
+
         logger.debug("user info: %s" % info_response_dict)
         return info_response_dict
 
@@ -302,14 +303,18 @@ class Client(oic.Client):
         super(Client, self).store_response(resp, info)
 
     def get_default_acr_value(self):
-        """returns the acr_value from settings
-        this helper function is called from djangooidc views"""
+        """Returns the acr_value from settings.
+        This helper function is called from djangooidc views."""
         return self.behaviour.get("acr_value")
 
     def get_vtm_value(self):
+        """Returns the vtm value from settings.
+        This helper function is called from djangooidc views."""
         return self.behaviour.get("vtm")
     
     def get_vtr_value(self, cleaned=True):
+        """Returns the vtr value from settings.
+        This helper function is called from djangooidc views."""
         vtr = self.behaviour.get("vtr")
         return json.dumps(vtr) if cleaned else vtr
 

src/djangooidc/views.py

@@ -91,10 +91,16 @@ def login_callback(request):
             _initialize_client()
         query = parse_qs(request.GET.urlencode())
         userinfo = CLIENT.callback(query, request.session)
+
         # test for need for identity verification and if it is satisfied
-        # if not satisfied, redirect user to login with stepped up acr_value
+        # if not satisfied, redirect user to login requiring biometric auth
+
+        # Tests for the presence of the vtm/vtr values in the userinfo object.
+        # If they are there, then we can set a flag in our session for tracking purposes. 
         needs_biometric_validation = _requires_biometric_auth(userinfo)
         request.session["needs_biometric_validation"] = needs_biometric_validation
+
+        # Return a redirect request to a new auth url that enables biometric validation
         if needs_biometric_validation:
             return CLIENT.create_authn_request(request.session, do_biometric_auth=True)
 

src/registrar/config/settings.py

@@ -497,13 +497,13 @@ LOGGING = {
         # OpenID Connect logger
         "oic": {
             "handlers": ["console"],
-            "level": "DEBUG",
+            "level": "INFO",
             "propagate": False,
         },
         # Django wrapper for OpenID Connect
         "djangooidc": {
             "handlers": ["console"],
-            "level": "DEBUG",
+            "level": "INFO",
             "propagate": False,
         },
         # Our app!
@@ -562,7 +562,10 @@ OIDC_PROVIDERS = {
             "scope": ["email", "profile:name", "phone"],
             "user_info_request": ["email", "first_name", "last_name", "phone"],
             "acr_value": "http://idmanagement.gov/ns/assurance/ial/1",
+            # "P1" is the current IdV option; "Pb" stands for 'biometric'
             "vtr": ["Pb","P1"],
+            # The url that biometric authentication takes place at.
+            # A similar analog is the url for acr_value.
             "vtm": "https://developer.login.gov/vot-trust-framework",
         },
         "client_registration": {
@@ -583,7 +586,8 @@ OIDC_PROVIDERS = {
             "acr_value": "http://idmanagement.gov/ns/assurance/ial/1",
             # "P1" is the current IdV option; "Pb" stands for 'biometric'
             "vtr": ["Pb","P1"],
-            # Stand in replacement for the step_up_acr_value for ial2
+            # The url that biometric authentication takes place at.
+            # A similar analog is the url for acr_value.
             "vtm": "https://developer.login.gov/vot-trust-framework",
         },
         "client_registration": {