From a6f664b0a5fd5d543cf0c31a6176e17350748bef Mon Sep 17 00:00:00 2001 From: peterbolha Date: Wed, 11 Oct 2023 12:06:01 +0200 Subject: [PATCH 1/3] Method for optional enforcement of resource attribute --- src/idpyoidc/server/oauth2/authorization.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/idpyoidc/server/oauth2/authorization.py b/src/idpyoidc/server/oauth2/authorization.py index 58cad0ff..76928912 100755 --- a/src/idpyoidc/server/oauth2/authorization.py +++ b/src/idpyoidc/server/oauth2/authorization.py @@ -339,6 +339,11 @@ def validate_resource_indicators_policy(request, context, **kwargs): request["scope"] = scopes return request +def optional_validate_resource_indicators_policy(request, context, **kwargs): + if "resource" not in request: + return request + + return validate_resource_indicators_policy(request, context, **kwargs) class Authorization(Endpoint): request_cls = oauth2.AuthorizationRequest From c4a1d9eee1bc60edd79c9ca56b0fd8c73f31da80 Mon Sep 17 00:00:00 2001 From: peterbolha Date: Tue, 24 Oct 2023 11:09:55 +0200 Subject: [PATCH 2/3] Replace wrapper with direct check in validator --- src/idpyoidc/server/oauth2/authorization.py | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/src/idpyoidc/server/oauth2/authorization.py b/src/idpyoidc/server/oauth2/authorization.py index 76928912..17e2aede 100755 --- a/src/idpyoidc/server/oauth2/authorization.py +++ b/src/idpyoidc/server/oauth2/authorization.py @@ -292,10 +292,7 @@ def check_unknown_scopes_policy(request_info, client_id, context): def validate_resource_indicators_policy(request, context, **kwargs): if "resource" not in request: - return oauth2.AuthorizationErrorResponse( - error="invalid_target", - error_description="Missing resource parameter", - ) + return request resource_servers_per_client = kwargs["resource_servers_per_client"] client_id = request["client_id"] @@ -339,11 +336,6 @@ def validate_resource_indicators_policy(request, context, **kwargs): request["scope"] = scopes return request -def optional_validate_resource_indicators_policy(request, context, **kwargs): - if "resource" not in request: - return request - - return validate_resource_indicators_policy(request, context, **kwargs) class Authorization(Endpoint): request_cls = oauth2.AuthorizationRequest From 9cdf4ae6305d5f9ee58409242cb5f31cb4d30fff Mon Sep 17 00:00:00 2001 From: peterbolha Date: Tue, 24 Oct 2023 12:38:41 +0200 Subject: [PATCH 3/3] Fix test_server_24 --- tests/test_server_24_oauth2_resource_indicators.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/test_server_24_oauth2_resource_indicators.py b/tests/test_server_24_oauth2_resource_indicators.py index 4df18ea3..14e6a032 100644 --- a/tests/test_server_24_oauth2_resource_indicators.py +++ b/tests/test_server_24_oauth2_resource_indicators.py @@ -522,8 +522,11 @@ def test_authorization_code_req_no_resource(self, create_endpoint_ri_enabled): ) msg = self.endpoint._post_parse_request(request, "client_1", endpoint_context) - assert "error" in msg - assert msg["error_description"] == "Missing resource parameter" + + assert "error" not in msg + assert isinstance(msg, AuthorizationRequest) + for key, _ in request.items(): + assert msg[key] == request[key] def test_authorization_code_req_no_resource_indicators_disabled( self, create_endpoint_ri_disabled