Sformat needed to be carried.

rohe · rohe · commit 711c799fc249 · 2021-09-25T09:28:39.000+02:00
diff --git a/src/oidcmsg/message.py b/src/oidcmsg/message.py
@@ -314,10 +314,10 @@ def from_dict(self, dictionary, **kwargs):
                             self._dict[key] = val
                             continue
 
-            self._add_value(skey, vtyp, key, val, _deser, null_allowed)
+            self._add_value(skey, vtyp, key, val, _deser, null_allowed, sformat="dict")
         return self
 
-    def _add_value(self, skey, vtyp, key, val, _deser, null_allowed):
+    def _add_value(self, skey, vtyp, key, val, _deser, null_allowed, sformat="urlencoded"):
         """
         Main method for adding a value to the instance. Does all the
         checking on type of value and if among allowed values.
@@ -350,7 +350,7 @@ def _add_value(self, skey, vtyp, key, val, _deser, null_allowed):
                     self._dict[skey] = [val]
                 elif _deser:
                     try:
-                        self._dict[skey] = _deser(val, sformat="urlencoded")
+                        self._dict[skey] = _deser(val, sformat=sformat)
                     except Exception as exc:
                         raise DecodeError(ERRTXT % (key, exc))
                 else:
@@ -402,16 +402,6 @@ def _add_value(self, skey, vtyp, key, val, _deser, null_allowed):
                     except Exception as exc:
                         raise DecodeError(ERRTXT % (key, exc))
                     else:
-                        # if isinstance(val, str):
-                        #     self._dict[skey] = val
-                        # elif isinstance(val, list):
-                        #     if len(val) == 1:
-                        #         self._dict[skey] = val[0]
-                        #     elif not len(val):
-                        #         pass
-                        #     else:
-                        #         raise TooManyValues(key)
-                        # else:
                         self._dict[skey] = val
                 elif vtyp is int:
                     try:
@@ -863,8 +853,12 @@ def add_non_standard(msg1, msg2):
 
 
 def list_serializer(vals, sformat="urlencoded", lev=0):
-    if isinstance(vals, str) or not isinstance(vals, list):
+    if isinstance(vals, str) and sformat == "dict":
+        return [vals]
+
+    if not isinstance(vals, list):
         raise ValueError("Expected list: %s" % vals)
+
     if sformat == "urlencoded":
         return " ".join(vals)
     else:
diff --git a/src/oidcmsg/oidc/__init__.py b/src/oidcmsg/oidc/__init__.py
@@ -797,7 +797,7 @@ def verify(self, **kwargs):
                 # check that I'm among the recipients
                 if kwargs["client_id"] not in self["aud"]:
                     raise NotForMe(
-                        "{} not in aud:{}".format(kwargs["client_id"], self["aud"]), self
+                        '"{}" not in {}'.format(kwargs["client_id"], self["aud"]), self
                     )
 
             # Then azp has to be present and be one of the aud values
diff --git a/tests/test_06_oidc.py b/tests/test_06_oidc.py
@@ -6,24 +6,23 @@
 from urllib.parse import parse_qs
 from urllib.parse import urlencode
 
-import pytest
 from cryptojwt.exception import BadSignature
 from cryptojwt.exception import UnsupportedAlgorithm
 from cryptojwt.jws.exception import SignerAlgError
 from cryptojwt.jws.utils import left_hash
 from cryptojwt.jwt import JWT
 from cryptojwt.key_bundle import KeyBundle
 from cryptojwt.key_jar import KeyJar
+import pytest
 
 from oidcmsg import proper_path
 from oidcmsg import time_util
 from oidcmsg.exception import MessageException
 from oidcmsg.exception import MissingRequiredAttribute
 from oidcmsg.exception import NotAllowedValue
 from oidcmsg.exception import OidcMsgError
-from oidcmsg.oauth2 import ResponseMessage
 from oidcmsg.oauth2 import ROPCAccessTokenRequest
-from oidcmsg.oidc import JRD
+from oidcmsg.oauth2 import ResponseMessage
 from oidcmsg.oidc import AccessTokenRequest
 from oidcmsg.oidc import AccessTokenResponse
 from oidcmsg.oidc import AddressClaim
@@ -38,6 +37,7 @@
 from oidcmsg.oidc import EXPError
 from oidcmsg.oidc import IATError
 from oidcmsg.oidc import IdToken
+from oidcmsg.oidc import JRD
 from oidcmsg.oidc import Link
 from oidcmsg.oidc import OpenIDSchema
 from oidcmsg.oidc import ProviderConfigurationResponse
@@ -661,7 +661,7 @@ def test_deserialize(self):
             "client_secret_expires_at": 1577858400,
             "registration_access_token": "this.is.an.access.token.value.ffx83",
             "registration_client_uri": "https://server.example.com/connect/register?client_id"
-            "=s6BhdRkqt3",
+                                       "=s6BhdRkqt3",
             "token_endpoint_auth_method": "client_secret_basic",
             "application_type": "web",
             "redirect_uris": [
@@ -1601,3 +1601,17 @@ def test_correct_sign_alg():
         client_id="554295ce3770612820620000",
         allowed_sign_alg="HS256",
     )
+
+
+def test_ID_Token_space_in_id():
+    idt = IdToken(**{
+        "at_hash": "buCCujNN632UIV8-VbKhgw",
+        "sub": "user-subject-1234531",
+        "aud": "client_ifCttPphtLxtPWd20602 ^.+/",
+        "iss": "https://www.certification.openid.net/test/a/idpy/",
+        "exp": 1632495959,
+        "nonce": "B88En9UpdHkQZMQXK9U3KHzV",
+        "iat": 1632495659
+    })
+
+    assert idt["aud"] == "client_ifCttPphtLxtPWd20602 ^.+/"

Original file line number	Diff line number	Diff line change
`@@ -797,7 +797,7 @@ def verify(self, **kwargs):`
`797`	`797`	`# check that I'm among the recipients`
`798`	`798`	`if kwargs["client_id"] not in self["aud"]:`
`799`	`799`	`raise NotForMe(`
`800`		`- "{} not in aud:{}".format(kwargs["client_id"], self["aud"]), self`
	`800`	`+ '"{}" not in {}'.format(kwargs["client_id"], self["aud"]), self`
`801`	`801`	`)`
`802`	`802`
`803`	`803`	`# Then azp has to be present and be one of the aud values`