diff --git a/example/flask_op/private/cookie_jwks.json b/example/flask_op/private/cookie_jwks.json index 3e1dc32f..3aafdf12 100644 --- a/example/flask_op/private/cookie_jwks.json +++ b/example/flask_op/private/cookie_jwks.json @@ -1 +1 @@ -{"keys": [{"kty": "oct", "use": "enc", "kid": "enc", "k": "Nlrhp24ih_-bYrpOHfpWnfSDlCrFsfKl"}, {"kty": "oct", "use": "sig", "kid": "sig", "k": "Wfiff4_r1z-8QUbZ2GFayeVhdw_jGjHz"}]} \ No newline at end of file +{"keys": [{"kty": "oct", "use": "enc", "kid": "enc", "k": "gVdGvOn9TFG38gzqs2uO-pQB40qxJbfm"}, {"kty": "oct", "use": "sig", "kid": "sig", "k": "HlW_dFC6aquKPZ6zGtq2dZEBcntP9uHd"}]} \ No newline at end of file diff --git a/example/flask_op/static/jwks.json b/example/flask_op/static/jwks.json index 2ac9940a..e6dc3e44 100644 --- a/example/flask_op/static/jwks.json +++ b/example/flask_op/static/jwks.json @@ -1 +1 @@ -{"keys": [{"kty": "RSA", "use": "sig", "kid": "bXNmZXROQ3N2dDI2SWY5VlNWTG5yOXZqYlpLenVsalhwUWR5RW9BMHNCaw", "e": "AQAB", "n": "uGVI-b6qr-OTc2knp7bpmDtiCQoWFXZ8mUV-SX0rCMtcc_IRmc_J7AfNEfnYk3dv0cKQK_Dgv3vicoeuf4KQ9ZZY-xI3bnRl9_HnhRpz_cJScDirkNKlsv8aQuYBO_gIiHp8B32YC0nx3BUQV5I6QGEiyG-lZT9PmXsUO1uKPPhny_vtQ6cUpvtuLySBu2ZYpaTDQqCv5Y6EKC49NYWhBB4B6f6TNKCoQTaxA8ZoM3lh7kFbu5DPEXKFAtuNiOtUNP7Ei9KfBtyBYSaZQBY8VkwAm1yKCA2sfv1mBwx0dT53MPJlNkoltf89mv1NM2OJPQAgGE6ygwGS2fyBLAn_bQ"}, {"kty": "EC", "use": "sig", "kid": "U0pLNmFBRE4waDYyZG9ZdjNPb2pTZXAwZzdrbmpZdG0ya3lpaFJwZU9ncw", "crv": "P-256", "x": "DYUyBfiD53SEtUuKLjFCFpIkqyhbmBppAMjOat9qiY0", "y": "-SUSvVeOv7EA84qHLLEkDP24iZree-fomICuA4baeeA"}]} \ No newline at end of file +{"keys": [{"kty": "RSA", "use": "sig", "kid": "bXNmZXROQ3N2dDI2SWY5VlNWTG5yOXZqYlpLenVsalhwUWR5RW9BMHNCaw", "n": "uGVI-b6qr-OTc2knp7bpmDtiCQoWFXZ8mUV-SX0rCMtcc_IRmc_J7AfNEfnYk3dv0cKQK_Dgv3vicoeuf4KQ9ZZY-xI3bnRl9_HnhRpz_cJScDirkNKlsv8aQuYBO_gIiHp8B32YC0nx3BUQV5I6QGEiyG-lZT9PmXsUO1uKPPhny_vtQ6cUpvtuLySBu2ZYpaTDQqCv5Y6EKC49NYWhBB4B6f6TNKCoQTaxA8ZoM3lh7kFbu5DPEXKFAtuNiOtUNP7Ei9KfBtyBYSaZQBY8VkwAm1yKCA2sfv1mBwx0dT53MPJlNkoltf89mv1NM2OJPQAgGE6ygwGS2fyBLAn_bQ", "e": "AQAB"}, {"kty": "EC", "use": "sig", "kid": "U0pLNmFBRE4waDYyZG9ZdjNPb2pTZXAwZzdrbmpZdG0ya3lpaFJwZU9ncw", "crv": "P-256", "x": "DYUyBfiD53SEtUuKLjFCFpIkqyhbmBppAMjOat9qiY0", "y": "-SUSvVeOv7EA84qHLLEkDP24iZree-fomICuA4baeeA"}]} \ No newline at end of file diff --git a/example/flask_rp/conf.json b/example/flask_rp/conf.json deleted file mode 100644 index 9e71f050..00000000 --- a/example/flask_rp/conf.json +++ /dev/null @@ -1,339 +0,0 @@ -{ - "logging": { - "version": 1, - "disable_existing_loggers": false, - "root": { - "handlers": [ - "console", - "file" - ], - "level": "DEBUG" - }, - "loggers": { - "idp": { - "level": "DEBUG" - } - }, - "handlers": { - "console": { - "class": "logging.StreamHandler", - "stream": "ext://sys.stdout", - "formatter": "default" - }, - "file": { - "class": "logging.FileHandler", - "filename": "debug.log", - "formatter": "default" - } - }, - "formatters": { - "default": { - "format": "%(asctime)s %(name)s %(levelname)s %(message)s" - } - } - }, - "port": 8090, - "domain": "127.0.0.1", - "base_url": "https://{domain}:{port}", - "httpc_params": { - "verify": false - }, - "rp_keys": { - "private_path": "private/jwks.json", - "key_defs": [ - { - "type": "RSA", - "key": "", - "use": [ - "sig" - ] - }, - { - "type": "EC", - "crv": "P-256", - "use": [ - "sig" - ] - } - ], - "public_path": "static/jwks.json", - "read_only": false - }, - "services": { - "discovery": { - "class": "idpyoidc.client.oidc.provider_info_discovery.ProviderInfoDiscovery", - "kwargs": {} - }, - "registration": { - "class": "idpyoidc.client.oidc.registration.Registration", - "kwargs": {} - }, - "authorization": { - "class": "idpyoidc.client.oidc.authorization.Authorization", - "kwargs": {} - }, - "accesstoken": { - "class": "idpyoidc.client.oidc.access_token.AccessToken", - "kwargs": {} - }, - "userinfo": { - "class": "idpyoidc.client.oidc.userinfo.UserInfo", - "kwargs": {} - }, - "end_session": { - "class": "idpyoidc.client.oidc.end_session.EndSession", - "kwargs": {} - } - }, - "clients": { - "": { - "client_preferences": { - "application_name": "rphandler", - "application_type": "web", - "contacts": [ - "ops@example.com" - ], - "response_types": [ - "code" - ], - "scope": [ - "openid", - "profile", - "email", - "address", - "phone" - ], - "token_endpoint_auth_method": [ - "client_secret_basic", - "client_secret_post" - ] - }, - "redirect_uris": [], - "services": { - "discovery": { - "class": "idpyoidc.client.oidc.provider_info_discovery.ProviderInfoDiscovery", - "kwargs": {} - }, - "registration": { - "class": "idpyoidc.client.oidc.registration.Registration", - "kwargs": {} - }, - "authorization": { - "class": "idpyoidc.client.oidc.authorization.Authorization", - "kwargs": {} - }, - "accesstoken": { - "class": "idpyoidc.client.oidc.access_token.AccessToken", - "kwargs": {} - }, - "userinfo": { - "class": "idpyoidc.client.oidc.userinfo.UserInfo", - "kwargs": {} - }, - "end_session": { - "class": "idpyoidc.client.oidc.end_session.EndSession", - "kwargs": {} - } - } - }, - "flask_provider": { - "client_preferences": { - "application_name": "rphandler", - "application_type": "web", - "contacts": [ - "ops@example.com" - ], - "response_types": [ - "code" - ], - "scope": [ - "openid", - "profile", - "email", - "address", - "phone" - ], - "token_endpoint_auth_method": [ - "client_secret_basic", - "client_secret_post" - ] - }, - "issuer": "https://127.0.0.1:5000/", - "redirect_uris": [ - "https://{domain}:{port}/authz_cb/local" - ], - "post_logout_redirect_uri": "https://{domain}:{port}/session_logout/local", - "frontchannel_logout_uri": "https://{domain}:{port}/fc_logout/local", - "frontchannel_logout_session_required": true, - "backchannel_logout_uri": "https://{domain}:{port}/bc_logout/local", - "backchannel_logout_session_required": true, - "services": { - "discovery": { - "class": "idpyoidc.client.oidc.provider_info_discovery.ProviderInfoDiscovery", - "kwargs": {} - }, - "registration": { - "class": "idpyoidc.client.oidc.registration.Registration", - "kwargs": {} - }, - "authorization": { - "class": "idpyoidc.client.oidc.authorization.Authorization", - "kwargs": {} - }, - "accesstoken": { - "class": "idpyoidc.client.oidc.access_token.AccessToken", - "kwargs": {} - }, - "userinfo": { - "class": "idpyoidc.client.oidc.userinfo.UserInfo", - "kwargs": {} - }, - "end_session": { - "class": "idpyoidc.client.oidc.end_session.EndSession", - "kwargs": {} - } - }, - "add_ons": { - "pkce": { - "function": "idpyoidc.client.oauth2.add_on.pkce.add_support", - "kwargs": { - "code_challenge_length": 64, - "code_challenge_method": "S256" - } - } - } - }, - "django_provider": { - "client_preferences": { - "application_name": "rphandler", - "application_type": "web", - "contacts": [ - "ops@example.com" - ], - "response_types": [ - "code" - ], - "scope": [ - "openid", - "profile", - "email", - "address", - "phone" - ], - "token_endpoint_auth_method": [ - "client_secret_basic", - "client_secret_post" - ] - }, - "issuer": "https://127.0.0.1:8000/", - "redirect_uris": [ - "https://{domain}:{port}/authz_cb/django" - ], - "post_logout_redirect_uris": "https://{domain}:{port}/session_logout/django", - "frontchannel_logout_uri": "https://{domain}:{port}/fc_logout/django", - "frontchannel_logout_session_required": true, - "backchannel_logout_uri": "https://{domain}:{port}/bc_logout/django", - "backchannel_logout_session_required": true, - "services": { - "discovery": { - "class": "idpyoidc.client.oidc.provider_info_discovery.ProviderInfoDiscovery", - "kwargs": {} - }, - "registration": { - "class": "idpyoidc.client.oidc.registration.Registration", - "kwargs": {} - }, - "authorization": { - "class": "idpyoidc.client.oidc.authorization.Authorization", - "kwargs": {} - }, - "accesstoken": { - "class": "idpyoidc.client.oidc.access_token.AccessToken", - "kwargs": {} - }, - "userinfo": { - "class": "idpyoidc.client.oidc.userinfo.UserInfo", - "kwargs": {} - }, - "end_session": { - "class": "idpyoidc.client.oidc.end_session.EndSession", - "kwargs": {} - } - }, - "add_ons": { - "pkce": { - "function": "idpyoidc.client.oauth2.add_on.pkce.add_support", - "kwargs": { - "code_challenge_length": 64, - "code_challenge_method": "S256" - } - } - } - }, - "bobcat": { - "client_id": "client3", - "client_secret": "abcdefghijklmnop", - "issuer": "http://127.0.0.1:8080/", - "behaviour": { - "application_name": "rphandler", - "application_type": "web", - "contacts": [ - "ops@example.com" - ], - "response_types": [ - "code" - ], - "scope": [ - "openid", - "profile", - "email", - "address", - "phone" - ], - "token_endpoint_auth_method": [ - "client_secret_basic", - "client_secret_post" - ] - }, - "redirect_uris": [ - "https://{domain}:{port}/authz_cb/bobcat" - ], - "post_logout_redirect_uri": "https://{domain}:{port}/session_logout/bobcat", - "frontchannel_logout_uri": "https://{domain}:{port}/fc_logout/bobcat", - "frontchannel_logout_session_required": true - }, - "local": { - "issuer": "https://127.0.0.1:5000/", - "client_preferences": { - "application_name": "rphandler", - "application_type": "web", - "contacts": [ - "ops@example.com" - ], - "response_types": [ - "code" - ], - "scope": [ - "openid", - "profile", - "email", - "address", - "phone" - ] - }, - "redirect_uris": [ - "https://{domain}:{port}/authz_cb/local" - ], - "post_logout_redirect_uri": "https://{domain}:{port}/session_logout/local", - "frontchannel_logout_uri": "https://{domain}:{port}/fc_logout/local", - "frontchannel_logout_session_required": true - } - }, - "webserver": { - "port": 8090, - "domain": "127.0.0.1", - "server_cert": "certs/cert.pem", - "server_key": "certs/key.pem", - "debug": true - } -} diff --git a/example/flask_rp/conf_new.json b/example/flask_rp/config.json similarity index 100% rename from example/flask_rp/conf_new.json rename to example/flask_rp/config.json diff --git a/example/flask_rp/run.sh b/example/flask_rp/run.sh index 6ecdd297..30f0ca29 100755 --- a/example/flask_rp/run.sh +++ b/example/flask_rp/run.sh @@ -1,3 +1,3 @@ #!/usr/bin/env bash -./wsgi.py conf.json \ No newline at end of file +./wsgi.py config.json \ No newline at end of file diff --git a/example/flask_rp/views.py b/example/flask_rp/views.py index b9fa37e1..c5ede9d5 100644 --- a/example/flask_rp/views.py +++ b/example/flask_rp/views.py @@ -157,9 +157,8 @@ def finalize(op_identifier, request_args): def get_op_identifier_by_cb_uri(url: str): uri = splitquery(url)[0] for k, v in current_app.rph.issuer2rp.items(): - _cntx = v.get_service_context() for endpoint in v.get_callback_uris(): - _endps = _cntx.get_metadata(endpoint) + _endps = v.get_metadata_value(endpoint) if _endps is None: continue elif isinstance(_endps,str): diff --git a/src/idpyoidc/client/configure.py b/src/idpyoidc/client/configure.py index 2717ed02..cfdd30f0 100755 --- a/src/idpyoidc/client/configure.py +++ b/src/idpyoidc/client/configure.py @@ -110,7 +110,7 @@ def __init__( _del_key = [] for attr, val in self.conf.items(): - if attr in ["issuer", "base_url", "key_conf"]: + if attr in ["issuer", "key_conf"]: setattr(self, attr, val) _del_key.append(attr) diff --git a/src/idpyoidc/client/oidc/end_session.py b/src/idpyoidc/client/oidc/end_session.py index 3138f51e..59bf4ee6 100644 --- a/src/idpyoidc/client/oidc/end_session.py +++ b/src/idpyoidc/client/oidc/end_session.py @@ -87,11 +87,12 @@ def get_id_token_hint(self, request_args=None, **kwargs): def add_post_logout_redirect_uri(self, request_args=None, **kwargs): if "post_logout_redirect_uri" not in request_args: - _uri = self.metadata["post_logout_redirect_uris"] - if isinstance(_uri, str): - request_args["post_logout_redirect_uri"] = _uri - else: # assume list - request_args["post_logout_redirect_uri"] = _uri[0] + _uri = self.metadata.get("post_logout_redirect_uris", '') + if _uri: + if isinstance(_uri, str): + request_args["post_logout_redirect_uri"] = _uri + else: # assume list + request_args["post_logout_redirect_uri"] = _uri[0] return request_args, {} diff --git a/src/idpyoidc/server/scopes.py b/src/idpyoidc/server/scopes.py index 8c147b7c..0c239c71 100644 --- a/src/idpyoidc/server/scopes.py +++ b/src/idpyoidc/server/scopes.py @@ -67,11 +67,7 @@ def get_allowed_scopes(self, client_id=None): if client_id: client = self.server_get("endpoint_context").cdb.get(client_id) if client is not None: - try: - client_scopes = client["allowed_scopes"] - except: - raise ConfigurationError("No `allowed_scopes` are defined for client: %s" % client_id) - allowed_scopes = client_scopes + allowed_scopes = client.get("allowed_scopes", allowed_scopes) return allowed_scopes def get_scopes_mapping(self, client_id=None):