fix: [RP] BCP in the request jwt

Author: peppelinux

spid_cie_oidc/__init__.py

@@ -1 +1 @@
-__version__ = "0.8.0"
+__version__ = "0.8.1"

spid_cie_oidc/relying_party/settings.py

@@ -116,3 +116,4 @@
 }
 
 RP_DEFAULT_PROVIDER_PROFILES = getattr(settings, "RP_DEFAULT_PROVIDER_PROFILES", "spid")
+RP_REQUEST_EXP = getattr(settings, "RP_REQUEST_EXP", 60)

spid_cie_oidc/relying_party/views/rp_begin.py

@@ -1,5 +1,6 @@
 import json
 import logging
+import uuid
 from copy import deepcopy
 
 from djagger.decorators import schema
@@ -18,7 +19,8 @@
 from ..models import OidcAuthentication
 from ..settings import (
     RP_PKCE_CONF,
-    RP_REQUEST_CLAIM_BY_PROFILE
+    RP_REQUEST_CLAIM_BY_PROFILE,
+    RP_REQUEST_EXP
 )
 from ..utils import (
     http_dict_to_redirect_uri_path,
@@ -134,7 +136,9 @@ def get(self, request, *args, **kwargs):
             )
             redirect_uri = client_conf["redirect_uris"][0]
         _profile = request.GET.get("profile", "spid")
+        _timestamp_now = int(timezone.localtime().timestamp())
         authz_data = dict(
+            iss=client_conf["client_id"],
             scope= request.GET.get("scope", None) or "openid",
             redirect_uri=redirect_uri,
             response_type=client_conf["response_types"][0],
@@ -143,7 +147,9 @@ def get(self, request, *args, **kwargs):
             client_id=client_conf["client_id"],
             endpoint=authz_endpoint,
             acr_values= OIDCFED_ACR_PROFILES,
-            iat=int(timezone.localtime().timestamp()),
+            iat=_timestamp_now,
+            exp=_timestamp_now+RP_REQUEST_EXP,
+            jti = str(uuid.uuid4()),
             aud=[tc.sub, authz_endpoint],
             claims=RP_REQUEST_CLAIM_BY_PROFILE[_profile],
         )