Entity_id and client_id might not be the same.

More log info.
IdentityPython · May 24, 2024 · 9af1a1e · 9af1a1e
1 parent 142fb8b
commit 9af1a1e
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 1 deletion.
diff --git a/example/flask_op/config.json b/example/flask_op/config.json
@@ -260,6 +260,7 @@
         "verify": false
       },
       "issuer": "https://{domain}:{port}",
+      "entity_id": "https://{domain}:{port}",
       "keys": {
         "private_path": "private/jwks.json",
         "key_defs": [

diff --git a/src/idpyoidc/server/__init__.py b/src/idpyoidc/server/__init__.py
@@ -46,7 +46,11 @@ def __init__(
             entity_id: Optional[str] = "",
             key_conf: Optional[dict] = None,
     ):
-        self.entity_id = entity_id or conf.get("entity_id")
+        self.entity_id = entity_id or conf.get("entity_id", None)
+        if not self.entity_id:
+            _conf = conf.get("conf", None)
+            if _conf:
+                self.entity_id = _conf.get("entity_id", "")
         self.issuer = conf.get("issuer", self.entity_id)
         self.persistence = None
 
@@ -80,6 +84,7 @@ def __init__(
             cwd=cwd,
             cookie_handler=cookie_handler,
             keyjar=self.keyjar,
+            entity_id=self.entity_id
         )
 
         # Need to have context in place before doing this

diff --git a/src/idpyoidc/server/client_authn.py b/src/idpyoidc/server/client_authn.py
@@ -490,11 +490,13 @@ def verify_client(
 
     _method = None
     _cdb = _cinfo = None
+    _tested = []
     for _method in (methods[meth] for meth in allowed_methods):
         if not _method.is_usable(request=request, authorization_token=authorization_token):
             continue
         try:
             logger.info(f"Verifying client authentication using {_method.tag}")
+            _tested.append(_method.tag)
             auth_info = _method.verify(
                 keyjar=endpoint.upstream_get("attribute", "keyjar"),
                 request=request,
@@ -557,6 +559,7 @@ def verify_client(
         break
 
     logger.debug(f"Authn methods applied")
+    logger.debug(f"Method tested: {_tested}")
 
     # store what authn method was used
     if "method" in auth_info and client_id and _cdb: