Allowed response type in the client information can appear both under…

… response_types and response_types_supported. The latter mostly/solely(?) in testing.

src/idpyoidc/server/oauth2/authorization.py

@@ -387,7 +387,8 @@ def authentication_error_response(self, request, error, error_description, **kwa
 
     def verify_response_type(self, request: Union[Message, dict], cinfo: dict) -> bool:
         # Checking response types
-        _registered = [set(rt.split(" ")) for rt in cinfo.get("response_types", [])]
+        _rts = cinfo.get("response_types", cinfo.get("response_types_supported",[]))
+        _registered = [set(rt.split(" ")) for rt in _rts]
         if not _registered:
             # If no response_type is registered by the client then we'll use code.
             _registered = [{"code"}]

tests/test_server_24_oauth2_authorization_endpoint.py

@@ -785,7 +785,7 @@ def test_audience_id_token(self):
             audience="https://aud.exmple.org"
         )
         _context = self.endpoint.upstream_get("context")
-        _context.cdb["client_1"]["response_types_supported"] = ["code", "token", "id_token"]
+        _context.cdb["client_1"]["response_types"] = ["code", "token", "id_token"]
         _pr_resp = self.endpoint.parse_request(request)
         _resp = self.endpoint.process_request(_pr_resp)
         _jws = factory(_resp["response_args"]["id_token"])

tests/test_server_24_oauth2_token_endpoint.py

@@ -805,8 +805,9 @@ def test_audience(self):
         _resp = self.token_endpoint.process_request(request=_req)
 
         _jws = factory(_resp["response_args"]["access_token"])
-        assert "aud" in _jws.jwt.payload()
-        assert _jws.jwt.payload()["aud"] == ['https://foobar.example.org']
+        _payload = _jws.jwt.payload()
+        assert "aud" in _payload
+        assert _payload["aud"] == ['https://foobar.example.org']
 
 
 DEFAULT_TOKEN_HANDLER_ARGS = {