summaryrefslogtreecommitdiff
path: root/oauthlib/openid/connect/core/grant_types/implicit.py
diff options
context:
space:
mode:
Diffstat (limited to 'oauthlib/openid/connect/core/grant_types/implicit.py')
-rw-r--r--oauthlib/openid/connect/core/grant_types/implicit.py23
1 files changed, 21 insertions, 2 deletions
diff --git a/oauthlib/openid/connect/core/grant_types/implicit.py b/oauthlib/openid/connect/core/grant_types/implicit.py
index 0a6fcb7..d3797b2 100644
--- a/oauthlib/openid/connect/core/grant_types/implicit.py
+++ b/oauthlib/openid/connect/core/grant_types/implicit.py
@@ -10,6 +10,7 @@ import logging
from .base import GrantTypeBase
from oauthlib.oauth2.rfc6749.grant_types.implicit import ImplicitGrant as OAuth2ImplicitGrant
+from oauthlib.oauth2.rfc6749.errors import InvalidRequestError
log = logging.getLogger(__name__)
@@ -23,11 +24,29 @@ class ImplicitGrant(GrantTypeBase):
self.register_response_type('id_token token')
self.custom_validators.post_auth.append(
self.openid_authorization_validator)
- self.custom_validators.post_auth.append(
- self.openid_implicit_authorization_validator)
self.register_token_modifier(self.add_id_token)
def add_id_token(self, token, token_handler, request):
if 'state' not in token:
token['state'] = request.state
return super(ImplicitGrant, self).add_id_token(token, token_handler, request)
+
+ def openid_authorization_validator(self, request):
+ """Additional validation when following the implicit flow.
+ """
+ request_info = super(ImplicitGrant, self).openid_authorization_validator(request)
+ if not request_info: # returns immediately if OAuth2.0
+ return request_info
+
+ # REQUIRED. String value used to associate a Client session with an ID
+ # Token, and to mitigate replay attacks. The value is passed through
+ # unmodified from the Authentication Request to the ID Token.
+ # Sufficient entropy MUST be present in the nonce values used to
+ # prevent attackers from guessing values. For implementation notes, see
+ # Section 15.5.2.
+ if not request.nonce:
+ raise InvalidRequestError(
+ request=request,
+ description='Request is missing mandatory nonce parameter.'
+ )
+ return request_info
View Lorry Controller Status