Merge pull request #38 from IdentityPython/pplnx

client cb uris can be randomic now

Author: rohe

example/flask_rp/conf.json

@@ -136,7 +136,7 @@
         }
       }
     },
-    "local": {
+    "flask_provider": {
       "client_preferences": {
         "application_name": "rphandler",
         "application_type": "web",
@@ -204,6 +204,75 @@
           }
         }
       }
+    },
+    "django_provider": {
+      "client_preferences": {
+        "application_name": "rphandler",
+        "application_type": "web",
+        "contacts": [
+          "[email protected]"
+        ],
+        "response_types": [
+          "code"
+        ],
+        "scope": [
+          "openid",
+          "profile",
+          "email",
+          "address",
+          "phone"
+        ],
+        "token_endpoint_auth_method": [
+          "client_secret_basic",
+          "client_secret_post"
+        ]
+      },
+      "issuer": "https://127.0.0.1:8000/",
+      "redirect_uris": [
+        "https://{domain}:{port}/authz_cb/django"
+      ],
+      "post_logout_redirect_uris": [
+        "https://{domain}:{port}/session_logout/django"
+      ],
+      "frontchannel_logout_uri": "https://{domain}:{port}/fc_logout/django",
+      "frontchannel_logout_session_required": true,
+      "backchannel_logout_uri": "https://{domain}:{port}/bc_logout/django",
+      "backchannel_logout_session_required": true,
+      "services": {
+        "discovery": {
+          "class": "oidcrp.oidc.provider_info_discovery.ProviderInfoDiscovery",
+          "kwargs": {}
+        },
+        "registration": {
+          "class": "oidcrp.oidc.registration.Registration",
+          "kwargs": {}
+        },
+        "authorization": {
+          "class": "oidcrp.oidc.authorization.Authorization",
+          "kwargs": {}
+        },
+        "accesstoken": {
+          "class": "oidcrp.oidc.access_token.AccessToken",
+          "kwargs": {}
+        },
+        "userinfo": {
+          "class": "oidcrp.oidc.userinfo.UserInfo",
+          "kwargs": {}
+        },
+        "end_session": {
+          "class": "oidcrp.oidc.end_session.EndSession",
+          "kwargs": {}
+        }
+      },
+      "add_ons": {
+        "pkce": {
+          "function": "oidcrp.oauth2.add_on.pkce.add_support",
+          "kwargs": {
+            "code_challenge_length": 64,
+            "code_challenge_method": "S256"
+          }
+        }
+      }
     }
   },
   "webserver": {

example/flask_rp/views.py

@@ -1,4 +1,5 @@
 import logging
+import urllib
 from urllib.parse import parse_qs
 
 from flask import Blueprint
@@ -149,8 +150,21 @@ def finalize(op_hash, request_args):
         return make_response(res['error'], 400)
 
 
+def get_ophash_by_cb_uri(url:str):
+    uri = urllib.parse.splitquery(request.url)[0]
+    clients = current_app.rp_config.clients
+    for k,v in clients.items():
+        for endpoint in ("redirect_uris",
+                         "post_logout_redirect_uris",
+                         "frontchannel_logout_uri",
+                         "backchannel_logout_uri"):
+            if uri in clients[k].get(endpoint, []):
+                return k
+
+
 @oidc_rp_views.route('/authz_cb/<op_hash>')
 def authz_cb(op_hash):
+    op_hash = get_ophash_by_cb_uri(request.url)
     return finalize(op_hash, request.args)
 
 
@@ -215,6 +229,7 @@ def session_change():
 # post_logout_redirect_uri
 @oidc_rp_views.route('/session_logout/<op_hash>')
 def session_logout(op_hash):
+    op_hash = get_ophash_by_cb_uri(request.url)
     _rp = get_rp(op_hash)
     logger.debug('post_logout')
     return "Post logout from {}".format(_rp.client_get("service_context").issuer)