Configure and logging handling.

Author: rohe

flask_rp/conf.yaml

@@ -1,8 +1,10 @@
 logging:
   version: 1
+  disable_existing_loggers: False
   root:
     handlers:
       - console
+      - file
     level: DEBUG
   loggers:
     idp:
@@ -12,6 +14,10 @@ logging:
       class: logging.StreamHandler
       stream: 'ext://sys.stdout'
       formatter: default
+    file:
+      class: logging.FileHandler
+      filename: 'debug.log'
+      formatter: default
   formatters:
     default:
       format: '%(asctime)s %(name)s %(levelname)s %(message)s'
@@ -70,9 +76,6 @@ services: &id002
   accesstoken:
     class: oidcservice.oidc.access_token.AccessToken
     kwargs: {}
-  refresh_accesstoken:
-    class: oidcservice.oidc.refresh_access_token.RefreshAccessToken
-    kwargs: {}
   userinfo:
     class: oidcservice.oidc.userinfo.UserInfo
     kwargs: {}
@@ -97,6 +100,20 @@ clients:
         kwargs:
           code_challenge_length: 64
           code_challenge_method: S256
+  bobcat:
+    client_id: client3
+    client_secret: 2222222222222222222222222222222222222222
+    client_preferences: *id001
+    issuer: http://127.0.0.1:8080/
+    jwks_uri: 'static/jwks.json'
+    redirect_uris: ['https://{domain}:{port}/authz_cb/bobcat']
+    services: *id002
+    request_args:
+      claims:
+        id_token:
+          acr:
+            essential:
+              true
 
 
 webserver:

flask_rp/wsgi.py

@@ -11,21 +11,21 @@
 except ImportError:
     import application
 
-logger = logging.getLogger("")
-RP_LOGFILE_NAME = os.environ.get('RP_LOGFILE_NAME', 'flrp.log')
-
-hdlr = logging.FileHandler(RP_LOGFILE_NAME)
-log_format = ("%(asctime)s %(name)s:%(levelname)s "
-              "%(message)s  [%(name)s.%(funcName)s:%(lineno)s]")
-base_formatter = logging.Formatter(log_format)
-
-hdlr.setFormatter(base_formatter)
-logger.addHandler(hdlr)
-logger.setLevel(logging.DEBUG)
-
-stdout = logging.StreamHandler()
-stdout.setFormatter(base_formatter)
-logger.addHandler(stdout)
+# logger = logging.getLogger("")
+# RP_LOGFILE_NAME = os.environ.get('RP_LOGFILE_NAME', 'flrp.log')
+#
+# hdlr = logging.FileHandler(RP_LOGFILE_NAME)
+# log_format = ("%(asctime)s %(name)s:%(levelname)s "
+#               "%(message)s  [%(name)s.%(funcName)s:%(lineno)s]")
+# base_formatter = logging.Formatter(log_format)
+#
+# hdlr.setFormatter(base_formatter)
+# logger.addHandler(hdlr)
+# logger.setLevel(logging.DEBUG)
+#
+# stdout = logging.StreamHandler()
+# stdout.setFormatter(base_formatter)
+# logger.addHandler(stdout)
 
 dir_path = os.path.dirname(os.path.realpath(__file__))
 

src/oidcrp/__init__.py

@@ -13,6 +13,7 @@
 from oidcmsg.oidc import AccessTokenResponse
 from oidcmsg.oidc import AuthorizationRequest
 from oidcmsg.oidc import AuthorizationResponse
+from oidcmsg.oidc import Claims
 from oidcmsg.oidc import OpenIDSchema
 from oidcmsg.oidc import verified_claim_name
 from oidcmsg.oidc.session import BackChannelLogoutRequest
@@ -329,6 +330,7 @@ def client_setup(self, iss_id='', user=''):
             if not user:
                 raise ValueError('Need issuer or user')
 
+            logger.debug("Connecting to previously unknown OP")
             temporary_client = self.init_client('')
             temporary_client.do_request('webfinger', resource=user)
         else:
@@ -340,10 +342,12 @@ def client_setup(self, iss_id='', user=''):
             if temporary_client:
                 client = temporary_client
             else:
+                logger.debug("Creating new client: %s", iss_id)
                 client = self.init_client(iss_id)
         else:
             return client
 
+        logger.debug("Get provider info")
         issuer = self.do_provider_info(client)
         _sc = client.service_context
         try:
@@ -356,8 +360,16 @@ def client_setup(self, iss_id='', user=''):
 
         if registration_type == 'automatic':
             _sc.client_id = client.client_id = _fe.entity_id
-            _sc.redirect_uris = _sc.behaviour['redirect_uris']
+            _redirect_uris = _sc.behaviour.get("redirect_uris")
+            if _redirect_uris:
+                _sc.redirect_uris = _redirect_uris
+            else:
+                _callbacks = self.create_callbacks(_sc.provider_info['issuer'])
+                _sc.redirect_uris = [
+                    v for k, v in _callbacks.items() if not k.startswith('__')]
+                _sc.callbacks = _callbacks
         else: # explicit
+            logger.debug("Do client registration")
             self.do_client_registration(client, iss_id)
 
         self.issuer2rp[issuer] = client
@@ -411,6 +423,12 @@ def init_authorization(self, client=None, state='', req_args=None):
             'nonce': _nonce
         }
 
+        _req_args = service_context.config.get("request_args")
+        if _req_args:
+            if 'claims' in _req_args:
+                _req_args["claims"] = Claims(**_req_args["claims"])
+            request_args.update(_req_args)
+
         if req_args is not None:
             request_args.update(req_args)
 

src/oidcrp/oauth2/__init__.py

@@ -158,10 +158,10 @@ def service_request(self, service, url, method="GET", body=None,
 
         logger.debug(REQUEST_INFO.format(url, method, body, headers))
 
-        if has_method(service, "get_response"):
-            response = service.get_response(url, method, body, response_body_type, headers,
-                                            **kwargs)
-        else:
+        try:
+            response = service.get_response_ext(url, method, body, response_body_type, headers,
+                                                **kwargs)
+        except AttributeError:
             response = self.get_response(service, url, method, body, response_body_type, headers,
                                          **kwargs)