django-oauth · n2ygk · Mar 28, 2022 · Mar 26, 2022 · Mar 26, 2022 · Mar 26, 2022
diff --git a/AUTHORS b/AUTHORS
@@ -23,6 +23,7 @@ Bart Merenda
 Bas van Oostveen
 Brian Helba
 Carl Schwan
+Daniel 'Vector' Kerr
 Dave Burkholder
 David Fischer
 David Smith

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -32,9 +32,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   If you've [customized OIDC responses](https://django-oauth-toolkit.readthedocs.io/en/latest/oidc.html#customizing-the-oidc-responses)
   and want to retain the pre-2.x behavior, set `oidc_claim_scope = None` in your subclass of `OAuth2Validator`.
 * #1108 OIDC: Make the `access_token` available to `get_oidc_claims` when called from `get_userinfo_claims`.
+* #1132: Added `--algorithm` argument to `createapplication` management command
 
 ### Fixed
 * #1108 OIDC: Fix `validate_bearer_token()` to properly set `request.scopes` to the list of granted scopes.
+* #1132: Fixed help text for `--skip-authorization` argument of the `createapplication` management command
 
 ### Removed
 * #1124 (**Breaking**, **Security**) Removes support for insecure `urn:ietf:wg:oauth:2.0:oob` and `urn:ietf:wg:oauth:2.0:oob:auto` which are replaced

diff --git a/docs/management_commands.rst b/docs/management_commands.rst
@@ -4,6 +4,8 @@ Management commands
 Django OAuth Toolkit exposes some useful management commands that can be run via shell or by other means (eg: cron)
 
 .. _cleartokens:
+.. _createapplication:
+
 
 cleartokens
 ~~~~~~~~~~~
@@ -21,3 +23,43 @@ To prevent the CPU and RAM high peaks during deletion process use ``CLEAR_EXPIRE
 
 Note: Refresh tokens need to expire before AccessTokens can be removed from the
 database. Using ``cleartokens`` without ``REFRESH_TOKEN_EXPIRE_SECONDS`` has limited effect.
+
+
+
+createapplication
+~~~~~~~~~~~~~~~~~
+
+The ``createapplication`` management command provides a shortcut to create a new application in a programmatic way.
+
+This command is used like this:
+
+.. code-block:: sh
+
+    python3 manage.py createapplication [arguments] <client_type> <authorization_grant_type>
+
+
+usage: manage.py createapplication [-h] [--client-id CLIENT_ID] [--user USER] [--redirect-uris REDIRECT_URIS]
+                                   [--client-secret CLIENT_SECRET] [--name NAME] [--skip-authorization] [--version] [-v {0,1,2,3}]
+                                   [--settings SETTINGS] [--pythonpath PYTHONPATH] [--traceback] [--no-color] [--force-color]
+                                   [--skip-checks]
+                                   client_type authorization_grant_type
+
+Shortcut to create a new application in a programmatic way
+
+positional arguments:
+  client_type           The client type, can be confidential or public
+  authorization_grant_type
+                        The type of authorization grant to be used
+
+optional arguments:
+  -h, --help            show this help message and exit
+  --client-id CLIENT_ID
+                        The ID of the new application
+  --user USER           The user the application belongs to
+  --redirect-uris REDIRECT_URIS
+                        The redirect URIs, this must be a space separated string e.g 'URI1 URI2'
+  --client-secret CLIENT_SECRET
+                        The secret for this application
+  --name NAME           The name this application
+  --skip-authorization  The ID of the new application
+  ...
diff --git a/oauth2_provider/management/commands/createapplication.py b/oauth2_provider/management/commands/createapplication.py
@@ -49,7 +49,12 @@ def add_arguments(self, parser):
         parser.add_argument(
             "--skip-authorization",
             action="store_true",
-            help="The ID of the new application",
+            help="If set, completely bypass the authorization form, even on the first use of the application",
+        )
+        parser.add_argument(
+            "--algorithm",
+            type=str,
+            help="The OIDC token signing algorithm for this application (e.g., 'RS256' or 'HS256')",
         )
 
     def handle(self, *args, **options):

diff --git a/tests/test_commands.py b/tests/test_commands.py
@@ -1,5 +1,6 @@
 from io import StringIO
 
+import pytest
 from django.contrib.auth import get_user_model
 from django.contrib.auth.hashers import check_password
 from django.core.management import call_command
@@ -8,6 +9,8 @@
 
 from oauth2_provider.models import get_application_model
 
+from . import presets
+
 
 Application = get_application_model()
 
@@ -112,6 +115,20 @@ def test_application_created_with_user(self):
 
         self.assertEqual(app.user, user)
 
+    @pytest.mark.usefixtures("oauth2_settings")
+    @pytest.mark.oauth2_settings(presets.OIDC_SETTINGS_RW)
+    def test_application_created_with_algorithm(self):
+        call_command(
+            "createapplication",
+            "confidential",
+            "authorization-code",
+            "--redirect-uris=http://example.com http://example2.com",
+            "--algorithm=RS256",
+        )
+        app = Application.objects.get()
+
+        self.assertEqual(app.algorithm, "RS256")
+
     def test_validation_failed_message(self):
         output = StringIO()
         call_command(