Added 2 new parameters to gather_verify_arguments. Allows for extended functionality.

Author: rohe

src/oidcrp/oidc/access_token.py

@@ -1,7 +1,9 @@
 import logging
 from typing import Optional
+from typing import Union
 
 from oidcmsg import oidc
+from oidcmsg.message import Message
 from oidcmsg.oidc import verified_claim_name
 from oidcmsg.time_util import time_sans_frac
 
@@ -26,7 +28,9 @@ def __init__(self,
         access_token.AccessToken.__init__(self, client_get,
                                           client_authn_factory=client_authn_factory, conf=conf)
 
-    def gather_verify_arguments(self):
+    def gather_verify_arguments(self,
+                                response: Optional[Union[dict, Message]] = None,
+                                behaviour_args: Optional[dict] = None):
         """
         Need to add some information before running verify()
 

src/oidcrp/oidc/authorization.py

@@ -1,14 +1,16 @@
 import logging
+from typing import Optional
+from typing import Union
 
 from oidcmsg import oauth2
 from oidcmsg import oidc
 from oidcmsg.exception import MissingRequiredAttribute
+from oidcmsg.message import Message
 from oidcmsg.oidc import make_openid_request
 from oidcmsg.oidc import verified_claim_name
 from oidcmsg.time_util import time_sans_frac
 from oidcmsg.time_util import utc_time_sans_frac
 
-from oidcrp.exception import ParameterError
 from oidcrp.oauth2 import authorization
 from oidcrp.oauth2.utils import pre_construct_pick_redirect_uri
 from oidcrp.oidc import IDT2REG
@@ -239,34 +241,9 @@ def oidc_post_construct(self, req, **kwargs):
 
         return req
 
-    # def post_parse_response(self, response, **kwargs):
-    #     """
-    #     Add scope claim to response, from the request, if not present in the
-    #     response
-    #
-    #     :param response: The response
-    #     :param kwargs: Extra Keyword arguments
-    #     :return: A possibly augmented response
-    #     """
-    #
-    #     authorization.Authorization.parse_response(self, response, **kwargs)
-    #
-    #     if "id_token" not in response:
-    #         try:
-    #             _key = kwargs['state']
-    #         except KeyError:
-    #             pass
-    #         else:
-    #             if _key:
-    #                 item = self.client_get("service_context").state.get_item(oauth2.AuthorizationRequest,
-    #                                                                  'auth_request', _key)
-    #                 try:
-    #                     response["scope"] = item["scope"]
-    #                 except KeyError:
-    #                     pass
-    #     return response
-
-    def gather_verify_arguments(self):
+    def gather_verify_arguments(self,
+                                response: Optional[Union[dict, Message]] = None,
+                                behaviour_args: Optional[dict] = None):
         """
         Need to add some information before running verify()
 

src/oidcrp/oidc/userinfo.py

@@ -1,4 +1,6 @@
 import logging
+from typing import Optional
+from typing import Union
 
 from oidcmsg import oidc
 from oidcmsg.exception import MissingSigningKey
@@ -112,7 +114,9 @@ def post_parse_response(self, response, **kwargs):
         _state_interface.store_item(response, 'user_info', kwargs['state'])
         return response
 
-    def gather_verify_arguments(self):
+    def gather_verify_arguments(self,
+                                response: Optional[Union[dict, Message]] = None,
+                                behaviour_args: Optional[dict] = None):
         """
         Need to add some information before running verify()
 

src/oidcrp/service.py

@@ -90,7 +90,7 @@ def __init__(self,
         self.construct_extra_headers = []
         self.post_parse_process = []
 
-    def gather_request_args(self, **kwargs):
+    def gather_request_args(self,**kwargs):
         """
         Go through the attributes that the message class can contain and
         add values if they are missing but exists in the client info or
@@ -444,7 +444,9 @@ def post_parse_response(self, response, **kwargs):
         """
         return response
 
-    def gather_verify_arguments(self):
+    def gather_verify_arguments(self,
+                                response: Optional[Union[dict, Message]] = None,
+                                behaviour_args: Optional[dict] = None):
         """
         Need to add some information before running verify()
 
@@ -501,7 +503,11 @@ def _do_response(self, info, sformat, **kwargs):
                 raise
         return resp
 
-    def parse_response(self, info, sformat="", state="", **kwargs):
+    def parse_response(self, info,
+                       sformat: Optional[str] = "",
+                       state: Optional[str] = "",
+                       behaviour_args: Optional[dict] = None,
+                       **kwargs):
         """
         This the start of a pipeline that will:
 
@@ -513,8 +519,8 @@ def parse_response(self, info, sformat="", state="", **kwargs):
             3 runs the do_post_parse_response method iff the response was not
               an error response.
 
-        :param info: The response, can be either in a JSON or an urlencoded
-            format
+        :param behaviour_args:
+        :param info: The response, can be either in a JSON or an urlencoded format
         :param sformat: Which serialization that was used
         :param state: The state
         :param kwargs: Extra key word arguments
@@ -554,7 +560,7 @@ def parse_response(self, info, sformat="", state="", **kwargs):
         if is_error_message(resp):
             LOGGER.debug('Error response: %s', resp)
         else:
-            vargs = self.gather_verify_arguments()
+            vargs = self.gather_verify_arguments(response=resp, behaviour_args=behaviour_args)
             LOGGER.debug("Verify response with %s", vargs)
             try:
                 # verify the message. If something is wrong an exception is thrown

tests/pub_client.jwks

@@ -1 +1 @@
-{"keys": [{"kty": "RSA", "use": "sig", "kid": "SUswNi1MRFlDT0Y2YjU1Z1RfQlo2S3dEa3FTTkV3LThFcnhDTHF5elk2VQ", "e": "AQAB", "n": "0UkUx2ewKyc-XJ1o0ToyGjws_JybAMZj2oYjsPyyvQ_T5dhZ2VmRRRkhsaVJ2xE_GGc7mSG0IjmGFyXp5y0w4mJBcsAEE5-8eBTvQdYIryjW74r3jt6Fi4Hlm1yFMTie3apv8mw79BUj-jT0kh3_m-FiKKUvLsq45DcLtTJ4cx7Ize37dl1sFSpQcoYMk7eiUEM8fiNboiVwvBYNAWVMkUM-LnVUPm3UjvKp0LihYEkZFWOxmuQmj2x25SFUkjus38ERrRqJQBZduxdBHFrWtWg8yOA53BkMU0FFg_r0H3ctl-5GaKw-BWlogU4qXnsq85xy0EoenRk7FPV8g_ulJw"}, {"kty": "EC", "use": "sig", "kid": "NC1pdGRQN002bWM3bk1xX2R0SktscElqbFdtN29ITDV2WVd2b0hOYzREVQ", "crv": "P-256", "x": "kK7Qp1woSerI7rUOAwW_4sU6ZmwV3wwXKX3VU-v2fMI", "y": "iPWd_Pjq6EjxYy08KNFZ3PxhEwgWHgAQTTknlKMKJA0"}]}
+{"keys": [{"kty": "RSA", "use": "sig", "kid": "SUswNi1MRFlDT0Y2YjU1Z1RfQlo2S3dEa3FTTkV3LThFcnhDTHF5elk2VQ", "n": "0UkUx2ewKyc-XJ1o0ToyGjws_JybAMZj2oYjsPyyvQ_T5dhZ2VmRRRkhsaVJ2xE_GGc7mSG0IjmGFyXp5y0w4mJBcsAEE5-8eBTvQdYIryjW74r3jt6Fi4Hlm1yFMTie3apv8mw79BUj-jT0kh3_m-FiKKUvLsq45DcLtTJ4cx7Ize37dl1sFSpQcoYMk7eiUEM8fiNboiVwvBYNAWVMkUM-LnVUPm3UjvKp0LihYEkZFWOxmuQmj2x25SFUkjus38ERrRqJQBZduxdBHFrWtWg8yOA53BkMU0FFg_r0H3ctl-5GaKw-BWlogU4qXnsq85xy0EoenRk7FPV8g_ulJw", "e": "AQAB"}, {"kty": "EC", "use": "sig", "kid": "NC1pdGRQN002bWM3bk1xX2R0SktscElqbFdtN29ITDV2WVd2b0hOYzREVQ", "crv": "P-256", "x": "kK7Qp1woSerI7rUOAwW_4sU6ZmwV3wwXKX3VU-v2fMI", "y": "iPWd_Pjq6EjxYy08KNFZ3PxhEwgWHgAQTTknlKMKJA0"}]}

tests/request123456.jwt

@@ -1 +1 @@
-eyJhbGciOiJSUzI1NiIsImtpZCI6IlNVc3dOaTFNUkZsRFQwWTJZalUxWjFSZlFsbzJTM2RFYTNGVFRrVjNMVGhGY25oRFRIRjVlbGsyVlEifQ.eyJyZXNwb25zZV90eXBlIjogImNvZGUiLCAic3RhdGUiOiAic3RhdGUiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vZXhhbXBsZS5jb20vY2xpL2F1dGh6X2NiIiwgInNjb3BlIjogIm9wZW5pZCIsICJub25jZSI6ICJCZ25yS0daMHZNQ3lFRlU1U0d5ekZmVlNkVGxHZmhIaSIsICJjbGllbnRfaWQiOiAiY2xpZW50X2lkIiwgImlzcyI6ICJjbGllbnRfaWQiLCAiaWF0IjogMTYzMzU5MjI4OCwgImF1ZCI6IFsiaHR0cHM6Ly9leGFtcGxlLmNvbSJdfQ.xYAc40jcNNioyQ_FbbhrBectUkhxX62rPmf8whkH-7FBkrzAdjYIM7PmyDfJXRmXz0mw54EOriq3aXS-CPZqcSfRAYf7e-Shw2Ve1-138o307l6x7LmvLpK8EnUealcO5fEs-aLEwVre1ZOXNHchWKt-Lj_eL5cVA-FNQj09IzKTlDv_1gh_bSJJKELW0BsK9f3JYf-pM4EoCqoajbt_jw2WakzF0Phg2mc_wolpUPPZigjgQj8AGeAcDVf6y74E9j9csSVpB8YlnFwyUyJ0Yh-zRnIK0EInufdHu7qo1rJS6UpcTb2eS354Zm3cd1YDcfvPfsT__YV8Rb32Uo2_WQ
+eyJhbGciOiJSUzI1NiIsImtpZCI6IlNVc3dOaTFNUkZsRFQwWTJZalUxWjFSZlFsbzJTM2RFYTNGVFRrVjNMVGhGY25oRFRIRjVlbGsyVlEifQ.eyJyZXNwb25zZV90eXBlIjogImNvZGUiLCAic3RhdGUiOiAic3RhdGUiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vZXhhbXBsZS5jb20vY2xpL2F1dGh6X2NiIiwgInNjb3BlIjogIm9wZW5pZCIsICJub25jZSI6ICJvWkpBNTRnZTVaUndNalkwOVVLVnpwYkx5MEdNUEwwaCIsICJjbGllbnRfaWQiOiAiY2xpZW50X2lkIiwgImlzcyI6ICJjbGllbnRfaWQiLCAiaWF0IjogMTYzMzU5NTc4OSwgImF1ZCI6IFsiaHR0cHM6Ly9leGFtcGxlLmNvbSJdfQ.KVMPK6leJ5pEXnJ0jXiXu21U176IU9iwkT4FkQV_33jGYTsgdqCqXw5XHR1ciixdcH2cWf0SzTPOgIzGsI4NJiPNdR9xOusYRyYKZciXHq85nrM7fr7dEPaVntWCU6uadH0MNHWCcq2FyBdz2YYDuiFPUXoxkFbfWZoo_jVMAWLxGQtGEitniI49qo0zbeSFck4hBmEtQTUOrGQvg_CjkSZb5oNb5rt_X5T-ZSK9y3AeKru4HLSQRkWj-oD-Fgd60Sm3XqfLQXrx26lk4a8ORah01BMmMsi5jeIUbOTthhhglZhMwoI9xCZ57I4SF7870-PrinIByW8d2keA1-LipQ