canaille-globuzma/canaille/oidc/clients.py

import datetime

import wtforms
from canaille.flaskutils import permissions_needed
from canaille.oidc.models import Client
from flask import abort
from flask import Blueprint
from flask import flash
from flask import redirect
from flask import request
from flask import url_for
from flask_babel import lazy_gettext as _
from flask_themer import render_template
from flask_wtf import FlaskForm
from werkzeug.security import gen_salt


bp = Blueprint("clients", __name__, url_prefix="/admin/client")


@bp.route("/")
@permissions_needed("manage_oidc")
def index(user):
    clients = Client.all()
    return render_template(
        "oidc/admin/client_list.html", clients=clients, menuitem="admin"
    )


def client_audiences():
    return [(client.dn, client.client_name) for client in Client.all()]


class ClientAdd(FlaskForm):
    client_name = wtforms.StringField(
        _("Name"),
        validators=[wtforms.validators.DataRequired()],
        render_kw={"placeholder": "Client Name"},
    )
    contacts = wtforms.EmailField(
        _("Contact"),
        validators=[wtforms.validators.Optional()],
        render_kw={"placeholder": "admin@mydomain.tld"},
    )
    client_uri = wtforms.URLField(
        _("URI"),
        validators=[wtforms.validators.DataRequired()],
        render_kw={"placeholder": "https://mydomain.tld"},
    )
    redirect_uris = wtforms.URLField(
        _("Redirect URIs"),
        validators=[wtforms.validators.DataRequired()],
        render_kw={"placeholder": "https://mydomain.tld/callback"},
    )
    post_logout_redirect_uris = wtforms.URLField(
        _("Post logout redirect URIs"),
        validators=[wtforms.validators.Optional()],
        render_kw={"placeholder": "https://mydomain.tld/you-have-been-disconnected"},
    )
    grant_types = wtforms.SelectMultipleField(
        _("Grant types"),
        validators=[wtforms.validators.DataRequired()],
        choices=[
            ("password", "password"),
            ("authorization_code", "authorization_code"),
            ("implicit", "implicit"),
            ("hybrid", "hybrid"),
            ("refresh_token", "refresh_token"),
        ],
        default=["authorization_code", "refresh_token"],
    )
    scope = wtforms.StringField(
        _("Scope"),
        validators=[wtforms.validators.Optional()],
        default="openid profile email",
        render_kw={"placeholder": "openid profile"},
    )
    response_types = wtforms.SelectMultipleField(
        _("Response types"),
        validators=[wtforms.validators.DataRequired()],
        choices=[("code", "code"), ("token", "token"), ("id_token", "id_token")],
        default=["code"],
    )
    token_endpoint_auth_method = wtforms.SelectField(
        _("Token Endpoint Auth Method"),
        validators=[wtforms.validators.DataRequired()],
        choices=[
            ("client_secret_basic", "client_secret_basic"),
            ("client_secret_post", "client_secret_post"),
            ("none", "none"),
        ],
        default="client_secret_basic",
    )
    audience = wtforms.SelectMultipleField(
        _("Token audiences"),
        validators=[wtforms.validators.Optional()],
        choices=client_audiences,
        validate_choice=False,
    )
    logo_uri = wtforms.URLField(
        _("Logo URI"),
        validators=[wtforms.validators.Optional()],
        render_kw={"placeholder": "https://mydomain.tld/logo.png"},
    )
    tos_uri = wtforms.URLField(
        _("Terms of service URI"),
        validators=[wtforms.validators.Optional()],
        render_kw={"placeholder": "https://mydomain.tld/tos.html"},
    )
    policy_uri = wtforms.URLField(
        _("Policy URI"),
        validators=[wtforms.validators.Optional()],
        render_kw={"placeholder": "https://mydomain.tld/policy.html"},
    )
    software_id = wtforms.StringField(
        _("Software ID"),
        validators=[wtforms.validators.Optional()],
        render_kw={"placeholder": "xyz"},
    )
    software_version = wtforms.StringField(
        _("Software Version"),
        validators=[wtforms.validators.Optional()],
        render_kw={"placeholder": "1.0"},
    )
    jwk = wtforms.StringField(
        _("JWK"),
        validators=[wtforms.validators.Optional()],
        render_kw={"placeholder": ""},
    )
    jwks_uri = wtforms.URLField(
        _("JKW URI"),
        validators=[wtforms.validators.Optional()],
        render_kw={"placeholder": ""},
    )
    preconsent = wtforms.BooleanField(
        _("Pre-consent"),
        validators=[wtforms.validators.Optional()],
        default=False,
    )


@bp.route("/add", methods=["GET", "POST"])
@permissions_needed("manage_oidc")
def add(user):
    form = ClientAdd(request.form or None)

    if not request.form:
        return render_template(
            "oidc/admin/client_add.html", form=form, menuitem="admin"
        )

    if not form.validate():
        flash(
            _("The client has not been added. Please check your information."),
            "error",
        )
        return render_template(
            "oidc/admin/client_add.html", form=form, menuitem="admin"
        )

    client_id = gen_salt(24)
    client_id_issued_at = datetime.datetime.now()
    client = Client(
        client_id=client_id,
        client_id_issued_at=client_id_issued_at,
        client_name=form["client_name"].data,
        contacts=[form["contacts"].data],
        client_uri=form["client_uri"].data,
        grant_types=form["grant_types"].data,
        redirect_uris=[form["redirect_uris"].data],
        post_logout_redirect_uris=[form["post_logout_redirect_uris"].data],
        response_types=form["response_types"].data,
        scope=form["scope"].data.split(" "),
        token_endpoint_auth_method=form["token_endpoint_auth_method"].data,
        logo_uri=form["logo_uri"].data,
        tos_uri=form["tos_uri"].data,
        policy_uri=form["policy_uri"].data,
        software_id=form["software_id"].data,
        software_version=form["software_version"].data,
        jwk=form["jwk"].data,
        jwks_uri=form["jwks_uri"].data,
        preconsent=form["preconsent"].data,
        client_secret=""
        if form["token_endpoint_auth_method"].data == "none"
        else gen_salt(48),
    )
    client.audience = [client.dn]
    client.save()
    flash(
        _("The client has been created."),
        "success",
    )

    return redirect(url_for("oidc.clients.edit", client_id=client_id))


@bp.route("/edit/<client_id>", methods=["GET", "POST"])
@permissions_needed("manage_oidc")
def edit(user, client_id):
    if request.method == "GET" or request.form.get("action") == "edit":
        return client_edit(client_id)

    if request.form.get("action") == "delete":
        return client_delete(client_id)

    abort(400)


def client_edit(client_id):
    client = Client.get(client_id)

    if not client:
        abort(404)

    data = dict(client)
    data["scope"] = " ".join(data["scope"])
    data["redirect_uris"] = data["redirect_uris"][0]
    data["contacts"] = data["contacts"][0]
    data["post_logout_redirect_uris"] = (
        data["post_logout_redirect_uris"][0]
        if data["post_logout_redirect_uris"]
        else ""
    )
    data["preconsent"] = client.preconsent
    form = ClientAdd(request.form or None, data=data, client=client)

    if not request.form:
        return render_template(
            "oidc/admin/client_edit.html", form=form, client=client, menuitem="admin"
        )

    if not form.validate():
        flash(
            _("The client has not been edited. Please check your information."),
            "error",
        )

    else:
        client.update(
            client_name=form["client_name"].data,
            contacts=[form["contacts"].data],
            client_uri=form["client_uri"].data,
            grant_types=form["grant_types"].data,
            redirect_uris=[form["redirect_uris"].data],
            post_logout_redirect_uris=[form["post_logout_redirect_uris"].data],
            response_types=form["response_types"].data,
            scope=form["scope"].data.split(" "),
            token_endpoint_auth_method=form["token_endpoint_auth_method"].data,
            logo_uri=form["logo_uri"].data,
            tos_uri=form["tos_uri"].data,
            policy_uri=form["policy_uri"].data,
            software_id=form["software_id"].data,
            software_version=form["software_version"].data,
            jwk=form["jwk"].data,
            jwks_uri=form["jwks_uri"].data,
            audience=form["audience"].data,
            preconsent=form["preconsent"].data,
        )
        client.save()
        flash(
            _("The client has been edited."),
            "success",
        )

    return render_template(
        "oidc/admin/client_edit.html", form=form, client=client, menuitem="admin"
    )


def client_delete(client_id):
    client = Client.get(client_id)

    if not client:
        abort(404)

    flash(
        _("The client has been deleted."),
        "success",
    )
    client.delete()
    return redirect(url_for("oidc.clients.index"))
Client forms 2020-08-17 13:49:48 +00:00			`import datetime`
pre-commit tox test 2021-12-20 22:57:27 +00:00
Client forms 2020-08-17 13:49:48 +00:00			`import wtforms`
pre-commit tox test 2021-12-20 22:57:27 +00:00			`from canaille.flaskutils import permissions_needed`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`from canaille.oidc.models import Client`
pre-commit tox test 2021-12-20 22:57:27 +00:00			`from flask import abort`
			`from flask import Blueprint`
			`from flask import flash`
			`from flask import redirect`
			`from flask import request`
			`from flask import url_for`
			`from flask_babel import lazy_gettext as _`
use flask-themer to allow theme customization 2021-10-28 13:24:34 +00:00			`from flask_themer import render_template`
Client forms 2020-08-17 13:49:48 +00:00			`from flask_wtf import FlaskForm`
			`from werkzeug.security import gen_salt`


split oidc code from the rest 2022-01-11 18:49:06 +00:00			`bp = Blueprint("clients", __name__, url_prefix="/admin/client")`
Client forms 2020-08-17 13:49:48 +00:00

			`@bp.route("/")`
Permissions overhaul 2021-12-02 17:23:14 +00:00			`@permissions_needed("manage_oidc")`
admin_needed passes the user 2020-10-29 10:09:31 +00:00			`def index(user):`
add a 'all' utility class method to LDAPObject to retrieve all class instances 2022-03-10 17:09:59 +00:00			`clients = Client.all()`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`return render_template(`
			`"oidc/admin/client_list.html", clients=clients, menuitem="admin"`
			`)`
Client forms 2020-08-17 13:49:48 +00:00

tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`def client_audiences():`
Variable renaming 2022-10-17 15:49:52 +00:00			`return [(client.dn, client.client_name) for client in Client.all()]`
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00

Client forms 2020-08-17 13:49:48 +00:00			`class ClientAdd(FlaskForm):`
Variable renaming 2022-10-17 15:49:52 +00:00			`client_name = wtforms.StringField(`
Fixed form translations. Closes #19 2020-10-28 14:49:14 +00:00			`_("Name"),`
Client forms 2020-08-17 13:49:48 +00:00			`validators=[wtforms.validators.DataRequired()],`
			`render_kw={"placeholder": "Client Name"},`
			`)`
Variable renaming 2022-10-17 15:49:52 +00:00			`contacts = wtforms.EmailField(`
Fixed form translations. Closes #19 2020-10-28 14:49:14 +00:00			`_("Contact"),`
Client forms 2020-08-17 13:49:48 +00:00			`validators=[wtforms.validators.Optional()],`
			`render_kw={"placeholder": "admin@mydomain.tld"},`
			`)`
Variable renaming 2022-10-17 15:49:52 +00:00			`client_uri = wtforms.URLField(`
Fixed form translations. Closes #19 2020-10-28 14:49:14 +00:00			`_("URI"),`
Client forms 2020-08-17 13:49:48 +00:00			`validators=[wtforms.validators.DataRequired()],`
			`render_kw={"placeholder": "https://mydomain.tld"},`
			`)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`redirect_uris = wtforms.URLField(`
Fixed form translations. Closes #19 2020-10-28 14:49:14 +00:00			`_("Redirect URIs"),`
Client forms 2020-08-17 13:49:48 +00:00			`validators=[wtforms.validators.DataRequired()],`
			`render_kw={"placeholder": "https://mydomain.tld/callback"},`
			`)`
Implemented RP-initiated logout 2022-05-20 12:07:56 +00:00			`post_logout_redirect_uris = wtforms.URLField(`
			`_("Post logout redirect URIs"),`
			`validators=[wtforms.validators.Optional()],`
			`render_kw={"placeholder": "https://mydomain.tld/you-have-been-disconnected"},`
			`)`
Variable renaming 2022-10-17 15:49:52 +00:00			`grant_types = wtforms.SelectMultipleField(`
Fixed form translations. Closes #19 2020-10-28 14:49:14 +00:00			`_("Grant types"),`
Client forms 2020-08-17 13:49:48 +00:00			`validators=[wtforms.validators.DataRequired()],`
			`choices=[`
			`("password", "password"),`
			`("authorization_code", "authorization_code"),`
Implicit flow test 2020-08-20 12:30:42 +00:00			`("implicit", "implicit"),`
			`("hybrid", "hybrid"),`
Implemented refresh grant 2020-08-24 08:52:21 +00:00			`("refresh_token", "refresh_token"),`
Client forms 2020-08-17 13:49:48 +00:00			`],`
Implemented refresh grant 2020-08-24 08:52:21 +00:00			`default=["authorization_code", "refresh_token"],`
Client forms 2020-08-17 13:49:48 +00:00			`)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`scope = wtforms.StringField(`
Fixed form translations. Closes #19 2020-10-28 14:49:14 +00:00			`_("Scope"),`
Client forms 2020-08-17 13:49:48 +00:00			`validators=[wtforms.validators.Optional()],`
Add mail in the default configuration 2020-09-23 15:15:25 +00:00			`default="openid profile email",`
Client forms 2020-08-17 13:49:48 +00:00			`render_kw={"placeholder": "openid profile"},`
			`)`
Variable renaming 2022-10-17 15:49:52 +00:00			`response_types = wtforms.SelectMultipleField(`
Fixed form translations. Closes #19 2020-10-28 14:49:14 +00:00			`_("Response types"),`
Client forms 2020-08-17 13:49:48 +00:00			`validators=[wtforms.validators.DataRequired()],`
Implicit flow test 2020-08-20 12:30:42 +00:00			`choices=[("code", "code"), ("token", "token"), ("id_token", "id_token")],`
Client forms 2020-08-17 13:49:48 +00:00			`default=["code"],`
			`)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`token_endpoint_auth_method = wtforms.SelectField(`
Fixed form translations. Closes #19 2020-10-28 14:49:14 +00:00			`_("Token Endpoint Auth Method"),`
Client forms 2020-08-17 13:49:48 +00:00			`validators=[wtforms.validators.DataRequired()],`
			`choices=[`
			`("client_secret_basic", "client_secret_basic"),`
			`("client_secret_post", "client_secret_post"),`
			`("none", "none"),`
			`],`
			`default="client_secret_basic",`
			`)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`audience = wtforms.SelectMultipleField(`
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`_("Token audiences"),`
			`validators=[wtforms.validators.Optional()],`
			`choices=client_audiences,`
			`validate_choice=False,`
			`)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`logo_uri = wtforms.URLField(`
Fixed form translations. Closes #19 2020-10-28 14:49:14 +00:00			`_("Logo URI"),`
Client forms 2020-08-17 13:49:48 +00:00			`validators=[wtforms.validators.Optional()],`
			`render_kw={"placeholder": "https://mydomain.tld/logo.png"},`
			`)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`tos_uri = wtforms.URLField(`
Fixed form translations. Closes #19 2020-10-28 14:49:14 +00:00			`_("Terms of service URI"),`
Client forms 2020-08-17 13:49:48 +00:00			`validators=[wtforms.validators.Optional()],`
			`render_kw={"placeholder": "https://mydomain.tld/tos.html"},`
			`)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`policy_uri = wtforms.URLField(`
Fixed form translations. Closes #19 2020-10-28 14:49:14 +00:00			`_("Policy URI"),`
Client forms 2020-08-17 13:49:48 +00:00			`validators=[wtforms.validators.Optional()],`
			`render_kw={"placeholder": "https://mydomain.tld/policy.html"},`
			`)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`software_id = wtforms.StringField(`
Fixed form translations. Closes #19 2020-10-28 14:49:14 +00:00			`_("Software ID"),`
Client forms 2020-08-17 13:49:48 +00:00			`validators=[wtforms.validators.Optional()],`
			`render_kw={"placeholder": "xyz"},`
			`)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`software_version = wtforms.StringField(`
Fixed form translations. Closes #19 2020-10-28 14:49:14 +00:00			`_("Software Version"),`
Client forms 2020-08-17 13:49:48 +00:00			`validators=[wtforms.validators.Optional()],`
			`render_kw={"placeholder": "1.0"},`
			`)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`jwk = wtforms.StringField(`
Fixed form translations. Closes #19 2020-10-28 14:49:14 +00:00			`_("JWK"),`
Client forms 2020-08-17 13:49:48 +00:00			`validators=[wtforms.validators.Optional()],`
			`render_kw={"placeholder": ""},`
			`)`
Variable renaming 2022-10-17 15:49:52 +00:00			`jwks_uri = wtforms.URLField(`
Fixed form translations. Closes #19 2020-10-28 14:49:14 +00:00			`_("JKW URI"),`
Client forms 2020-08-17 13:49:48 +00:00			`validators=[wtforms.validators.Optional()],`
			`render_kw={"placeholder": ""},`
			`)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`preconsent = wtforms.BooleanField(`
Implemented client pre-authorization 2021-10-20 10:05:08 +00:00			`_("Pre-consent"),`
			`validators=[wtforms.validators.Optional()],`
			`default=False,`
			`)`
Client forms 2020-08-17 13:49:48 +00:00

			`@bp.route("/add", methods=["GET", "POST"])`
Permissions overhaul 2021-12-02 17:23:14 +00:00			`@permissions_needed("manage_oidc")`
admin_needed passes the user 2020-10-29 10:09:31 +00:00			`def add(user):`
Client forms 2020-08-17 13:49:48 +00:00			`form = ClientAdd(request.form or None)`

			`if not request.form:`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`return render_template(`
			`"oidc/admin/client_add.html", form=form, menuitem="admin"`
			`)`
Client forms 2020-08-17 13:49:48 +00:00
			`if not form.validate():`
			`flash(`
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`_("The client has not been added. Please check your information."),`
			`"error",`
Client forms 2020-08-17 13:49:48 +00:00			`)`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`return render_template(`
			`"oidc/admin/client_add.html", form=form, menuitem="admin"`
			`)`
Client forms 2020-08-17 13:49:48 +00:00
			`client_id = gen_salt(24)`
python to ldap two-ways serialization 2021-12-08 14:53:20 +00:00			`client_id_issued_at = datetime.datetime.now()`
Client forms 2020-08-17 13:49:48 +00:00			`client = Client(`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`client_id=client_id,`
Variable renaming 2022-10-17 15:49:52 +00:00			`client_id_issued_at=client_id_issued_at,`
			`client_name=form["client_name"].data,`
			`contacts=[form["contacts"].data],`
			`client_uri=form["client_uri"].data,`
			`grant_types=form["grant_types"].data,`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`redirect_uris=[form["redirect_uris"].data],`
Implemented RP-initiated logout 2022-05-20 12:07:56 +00:00			`post_logout_redirect_uris=[form["post_logout_redirect_uris"].data],`
Variable renaming 2022-10-17 15:49:52 +00:00			`response_types=form["response_types"].data,`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`scope=form["scope"].data.split(" "),`
			`token_endpoint_auth_method=form["token_endpoint_auth_method"].data,`
			`logo_uri=form["logo_uri"].data,`
			`tos_uri=form["tos_uri"].data,`
			`policy_uri=form["policy_uri"].data,`
			`software_id=form["software_id"].data,`
			`software_version=form["software_version"].data,`
			`jwk=form["jwk"].data,`
Variable renaming 2022-10-17 15:49:52 +00:00			`jwks_uri=form["jwks_uri"].data,`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`preconsent=form["preconsent"].data,`
Variable renaming 2022-10-17 15:49:52 +00:00			`client_secret=""`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`if form["token_endpoint_auth_method"].data == "none"`
Client forms 2020-08-17 13:49:48 +00:00			`else gen_salt(48),`
			`)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`client.audience = [client.dn]`
Client forms 2020-08-17 13:49:48 +00:00			`client.save()`
			`flash(`
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`_("The client has been created."),`
			`"success",`
Client forms 2020-08-17 13:49:48 +00:00			`)`

split oidc code from the rest 2022-01-11 18:49:06 +00:00			`return redirect(url_for("oidc.clients.edit", client_id=client_id))`
Client forms 2020-08-17 13:49:48 +00:00

			`@bp.route("/edit/<client_id>", methods=["GET", "POST"])`
Permissions overhaul 2021-12-02 17:23:14 +00:00			`@permissions_needed("manage_oidc")`
admin_needed passes the user 2020-10-29 10:09:31 +00:00			`def edit(user, client_id):`
Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00			`if request.method == "GET" or request.form.get("action") == "edit":`
			`return client_edit(client_id)`

			`if request.form.get("action") == "delete":`
			`return client_delete(client_id)`

			`abort(400)`


			`def client_edit(client_id):`
for better readability, set the flask aborts in their own conditionnal block 2022-04-04 15:49:50 +00:00			`client = Client.get(client_id)`

			`if not client:`
			`abort(404)`

Client forms 2020-08-17 13:49:48 +00:00			`data = dict(client)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`data["scope"] = " ".join(data["scope"])`
			`data["redirect_uris"] = data["redirect_uris"][0]`
Fixed a bug on the contacts field in the admin client form following the LDAP schema update of 0.0.12 2022-10-26 15:44:50 +00:00			`data["contacts"] = data["contacts"][0]`
Implemented RP-initiated logout 2022-05-20 12:07:56 +00:00			`data["post_logout_redirect_uris"] = (`
			`data["post_logout_redirect_uris"][0]`
			`if data["post_logout_redirect_uris"]`
			`else ""`
			`)`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`data["preconsent"] = client.preconsent`
Client forms 2020-08-17 13:49:48 +00:00			`form = ClientAdd(request.form or None, data=data, client=client)`

			`if not request.form:`
Menu items activity 2020-10-21 10:14:35 +00:00			`return render_template(`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`"oidc/admin/client_edit.html", form=form, client=client, menuitem="admin"`
Menu items activity 2020-10-21 10:14:35 +00:00			`)`
Client forms 2020-08-17 13:49:48 +00:00
			`if not form.validate():`
			`flash(`
Fixed form translations. Closes #19 2020-10-28 14:49:14 +00:00			`_("The client has not been edited. Please check your information."),`
Client forms 2020-08-17 13:49:48 +00:00			`"error",`
			`)`

			`else:`
			`client.update(`
Variable renaming 2022-10-17 15:49:52 +00:00			`client_name=form["client_name"].data,`
			`contacts=[form["contacts"].data],`
			`client_uri=form["client_uri"].data,`
			`grant_types=form["grant_types"].data,`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`redirect_uris=[form["redirect_uris"].data],`
Implemented RP-initiated logout 2022-05-20 12:07:56 +00:00			`post_logout_redirect_uris=[form["post_logout_redirect_uris"].data],`
Variable renaming 2022-10-17 15:49:52 +00:00			`response_types=form["response_types"].data,`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`scope=form["scope"].data.split(" "),`
			`token_endpoint_auth_method=form["token_endpoint_auth_method"].data,`
			`logo_uri=form["logo_uri"].data,`
			`tos_uri=form["tos_uri"].data,`
			`policy_uri=form["policy_uri"].data,`
			`software_id=form["software_id"].data,`
			`software_version=form["software_version"].data,`
			`jwk=form["jwk"].data,`
Variable renaming 2022-10-17 15:49:52 +00:00			`jwks_uri=form["jwks_uri"].data,`
LdapObject an have attribute name different than the schema 2022-01-11 16:57:58 +00:00			`audience=form["audience"].data,`
			`preconsent=form["preconsent"].data,`
Client forms 2020-08-17 13:49:48 +00:00			`)`
			`client.save()`
			`flash(`
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`_("The client has been edited."),`
			`"success",`
Client forms 2020-08-17 13:49:48 +00:00			`)`

Menu items activity 2020-10-21 10:14:35 +00:00			`return render_template(`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`"oidc/admin/client_edit.html", form=form, client=client, menuitem="admin"`
Menu items activity 2020-10-21 10:14:35 +00:00			`)`
Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00

			`def client_delete(client_id):`
for better readability, set the flask aborts in their own conditionnal block 2022-04-04 15:49:50 +00:00			`client = Client.get(client_id)`

			`if not client:`
			`abort(404)`

Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00			`flash(`
tokens can have multiple audiences 2021-10-13 09:52:02 +00:00			`_("The client has been deleted."),`
			`"success",`
Admins can remove clients. Fixes #45 2020-11-23 16:32:40 +00:00			`)`
			`client.delete()`
split oidc code from the rest 2022-01-11 18:49:06 +00:00			`return redirect(url_for("oidc.clients.index"))`