django-oauth · n2ygk · Mar 28, 2022 · Mar 26, 2022 · Mar 26, 2022 · Mar 26, 2022
diff --git a/AUTHORS b/AUTHORS
@@ -23,6 +23,7 @@ Bart Merenda
 Bas van Oostveen
 Brian Helba
 Carl Schwan
+Daniel 'Vector' Kerr
 Dave Burkholder
 David Fischer
 David Smith

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -32,9 +32,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   If you've [customized OIDC responses](https://django-oauth-toolkit.readthedocs.io/en/latest/oidc.html#customizing-the-oidc-responses)
   and want to retain the pre-2.x behavior, set `oidc_claim_scope = None` in your subclass of `OAuth2Validator`.
 * #1108 OIDC: Make the `access_token` available to `get_oidc_claims` when called from `get_userinfo_claims`.
+* #1132: Added `--algorithm` argument to `createapplication` management command
 
 ### Fixed
 * #1108 OIDC: Fix `validate_bearer_token()` to properly set `request.scopes` to the list of granted scopes.
+* #1132: Fixed help text for `--skip-authorization` argument of the `createapplication` management command
 
 ### Removed
 * #1124 (**Breaking**, **Security**) Removes support for insecure `urn:ietf:wg:oauth:2.0:oob` and `urn:ietf:wg:oauth:2.0:oob:auto` which are replaced

diff --git a/docs/management_commands.rst b/docs/management_commands.rst
@@ -4,6 +4,8 @@ Management commands
 Django OAuth Toolkit exposes some useful management commands that can be run via shell or by other means (eg: cron)
 
 .. _cleartokens:
+.. _createapplication:
+
 
 cleartokens
 ~~~~~~~~~~~
@@ -21,3 +23,39 @@ To prevent the CPU and RAM high peaks during deletion process use ``CLEAR_EXPIRE
 
 Note: Refresh tokens need to expire before AccessTokens can be removed from the
 database. Using ``cleartokens`` without ``REFRESH_TOKEN_EXPIRE_SECONDS`` has limited effect.
+
+
+
+createapplication
+~~~~~~~~~~~~~~~~~
+
+The ``createapplication`` management command provides a shortcut to create a new application in a programmatic way.
+
+This command is used like this:
+
+.. code-block:: sh
+
+    python3 manage.py createapplication [arguments] <client_type> <authorization_grant_type>
+
+
+This command provides the following arguments:
+
++----------------------------+------+-------------------------------------------------------------------------------------------------+
+|          Argument          | type |                                           Description                                           |
++============================+======+=================================================================================================+
+| `--client_id`              | str  | The ID of the new application                                                                   |
++----------------------------+------+-------------------------------------------------------------------------------------------------+
+| `--user`                   | int  | The ID of the user that the application belongs to                                              |
++----------------------------+------+-------------------------------------------------------------------------------------------------+
+| `--redirect-uris`          | str  | The redirect URIs. This must be a space-separated string (e.g., `"https://uri1/ https://uri2"`) |
++----------------------------+------+-------------------------------------------------------------------------------------------------+
+| `--name`                   | str  | The name of this application                                                                    |
++----------------------------+------+-------------------------------------------------------------------------------------------------+
+| `--skip-authorization`     | flag | If set, completely bypass the authorization form, even on the first use of the application      |
++----------------------------+------+-------------------------------------------------------------------------------------------------+
+| `--algorithm`              | str  | The OIDC token signing algorithm for this application (e.g., `RS256` or `HS256`)                |
++----------------------------+------+-------------------------------------------------------------------------------------------------+
+| `client_type`              | str  | The client type, can be `confidential` or `public`                                              |
++----------------------------+------+-------------------------------------------------------------------------------------------------+
+| `authorization_grant_type` | str  | The type of authorization grant to be used                                                      |
++----------------------------+------+-------------------------------------------------------------------------------------------------+
diff --git a/oauth2_provider/management/commands/createapplication.py b/oauth2_provider/management/commands/createapplication.py
@@ -49,7 +49,12 @@ def add_arguments(self, parser):
         parser.add_argument(
             "--skip-authorization",
             action="store_true",
-            help="The ID of the new application",
+            help="If set, completely bypass the authorization form, even on the first use of the application",
+        )
+        parser.add_argument(
+            "--algorithm",
+            type=str,
+            help="The OIDC token signing algorithm for this application (e.g., 'RS256' or 'HS256')",
         )
 
     def handle(self, *args, **options):

diff --git a/tests/test_commands.py b/tests/test_commands.py
@@ -1,5 +1,6 @@
 from io import StringIO
 
+import pytest
 from django.contrib.auth import get_user_model
 from django.contrib.auth.hashers import check_password
 from django.core.management import call_command
@@ -8,6 +9,8 @@
 
 from oauth2_provider.models import get_application_model
 
+from . import presets
+
 
 Application = get_application_model()
 
@@ -112,6 +115,20 @@ def test_application_created_with_user(self):
 
         self.assertEqual(app.user, user)
 
+    @pytest.mark.usefixtures("oauth2_settings")
+    @pytest.mark.oauth2_settings(presets.OIDC_SETTINGS_RW)
+    def test_application_created_with_algorithm(self):
+        call_command(
+            "createapplication",
+            "confidential",
+            "authorization-code",
+            "--redirect-uris=http://example.com http://example2.com",
+            "--algorithm=RS256",
+        )
+        app = Application.objects.get()
+
+        self.assertEqual(app.algorithm, "RS256")
+
     def test_validation_failed_message(self):
         output = StringIO()
         call_command(