Adapter#

class allauth.idp.oidc.adapter.DefaultOIDCAdapter(request: HttpRequest | None = None)#

The adapter class allows you to override various functionality of the allauth.idp.oidc app. To do so, point settings.IDP_OIDC_ADAPTER to your own class that derives from DefaultOIDCAdapter and override the behavior by altering the implementation of the methods according to your own needs.

generate_client_id() → str#: The client ID to use for newly created clients.

generate_client_secret() → str#: The client secret to use for newly created clients.

get_claims(purpose: Literal['id_token', 'userinfo'], user: AbstractBaseUser, client: Client, scopes: Iterable[str], email: str | None = None, **kwargs: Any) → dict[str, Any]#: Return the claims to be included in the ID token or userinfo response.

get_issuer() → str#: Returns the URL of the issuer.

get_user_by_sub(client: Client, sub: str) → AbstractBaseUser | None#: Looks up a user, given its subject identifier. Returns None if no such user was found.

get_user_sub(client: Client, user: AbstractBaseUser) → str#: Returns the “sub” (subject identifier) for the given user.

hash_token(token: str) → str#: We don’t store tokens directly, only the hash of the token. This methods generates that hash.

populate_access_token(access_token: dict[str, Any], *, client: Client, scopes: Iterable[str], user: AbstractBaseUser, **kwargs: Any) → None#: This method can be used to alter the JWT access token payload. It is already populated with basic values.

populate_id_token(id_token: dict[str, Any], client: Client, scopes: Iterable[str], **kwargs: Any) → None#: This method can be used to alter the ID token payload. It is already populated with basic values. Depending on the client and requested scopes, you can expose additional information here.

populate_server_metadata(data: dict[str, str | list[str]]) → None#: Allows for customizing the /.well-known/openid-configuration payload, as specified in RFC 8414 (OAuth 2.0 Authorization Server Metadata).

validate_client_registration(*, client: Client, client_metadata: dict[str, Any], token: Token | None, bearer_token: str | None, **kwargs: Any) → None#

This method is called after all builtin validation was successful, and just before the actual client is being created. To intervene, raise a ValidationError or an ImmediateHttpResponse.

client: The Client instance that is about to be saved. client_metadata: The raw JSON payload from the DCR request. token: The Token instance corresponding to the initial access

token, or None if no token was provided.

bearer_token: The raw bearer token string from the Authorization: header, or None if no token was provided.

validate_resource_uris(*, uris: list[str], **kwargs: Any) → None#: Allows for custom validation of resource URIs (RFC 8707). Throw a ValidationError to reject the resource.