Put more into service context.

Use set/get on dynamic attributes.

Author: rohe

exampel/conversation.py

@@ -96,9 +96,7 @@
     }
 )
 
-service = build_services(service_spec, factory,
-                         state_db=InMemoryStateDataBase(),
-                         service_context=service_context)
+service = build_services(service_spec, factory, service_context=service_context)
 
 service_context.service = service
 

setup.py

@@ -68,7 +68,7 @@ def run_tests(self):
         "Topic :: Software Development :: Libraries :: Python Modules"],
     install_requires=[
         "pyyaml>=5.1.0",
-        'oidcmsg>=0.6.10',
+        'oidcmsg>=1.0.0',
     ],
     tests_require=[
         "responses",

src/oidcservice/__init__.py

@@ -9,7 +9,7 @@
 
 
 __author__ = 'Roland Hedberg'
-__version__ = '0.6.10'
+__version__ = '1.0.0'
 
 
 OIDCONF_PATTERN = "{}/.well-known/openid-configuration"

src/oidcservice/client_auth.py

@@ -90,15 +90,15 @@ def _get_passwd(request, service, **kwargs):
             try:
                 passwd = request["client_secret"]
             except KeyError:
-                passwd = service.service_context.client_secret
+                passwd = service.service_context.get('client_secret')
         return passwd
 
     @staticmethod
     def _get_user(service, **kwargs):
         try:
             user = kwargs["user"]
         except KeyError:
-            user = service.service_context.client_id
+            user = service.service_context.get('client_id')
         return user
 
     def _get_authentication_token(self, request, service, **kwargs):
@@ -131,7 +131,7 @@ def _with_or_without_client_id(request, service):
                 'grant_type'] == 'authorization_code':
             if 'client_id' not in request:
                 try:
-                    request['client_id'] = service.service_context.client_id
+                    request['client_id'] = service.service_context.get('client_id')
                 except AttributeError:
                     pass
         else:
@@ -213,13 +213,13 @@ def modify_request(self, request, service, **kwargs):
             try:
                 request["client_secret"] = kwargs["client_secret"]
             except (KeyError, TypeError):
-                if _context.client_secret:
-                    request["client_secret"] = _context.client_secret
+                if _context.get('client_secret'):
+                    request["client_secret"] = _context.get('client_secret')
                 else:
                     raise AuthnFailure("Missing client secret")
 
         # Add the client_id to the request
-        request["client_id"] = _context.client_id
+        request["client_id"] = _context.get('client_id')
 
     def construct(self, request, service=None, http_args=None, **kwargs):
         """
@@ -455,9 +455,9 @@ def _get_audience_and_algorithm(self, context, **kwargs):
                     'token_endpoint_auth_signing_alg']
             except (KeyError, AttributeError):
                 pass
-            audience = context.provider_info['token_endpoint']
+            audience = context.get('provider_info')['token_endpoint']
         else:
-            audience = context.provider_info['issuer']
+            audience = context.get('provider_info')['issuer']
 
         if not algorithm:
             algorithm = self.choose_algorithm(**kwargs)
@@ -480,7 +480,7 @@ def _construct_client_assertion(self, service, **kwargs):
 
         # construct the signed JWT with the assertions and add
         # it as value to the 'client_assertion' claim of the request
-        return assertion_jwt(_context.client_id, signing_key, audience, algorithm, **_args)
+        return assertion_jwt(_context.get('client_id'), signing_key, audience, algorithm, **_args)
 
     def modify_request(self, request, service, **kwargs):
         """
@@ -582,7 +582,7 @@ def valid_service_context(service_context, when=0):
     :param when: A time stamp against which the expiration time is to be checked
     :return: True if the client_secret is still valid
     """
-    eta = getattr(service_context, 'client_secret_expires_at', 0)
+    eta = service_context.get('client_secret_expires_at', 0)
     now = when or utc_time_sans_frac()
     if eta != 0 and eta < now:
         return False

src/oidcservice/oauth2/access_token.py

@@ -8,7 +8,6 @@
 from oidcservice.oauth2.utils import get_state_parameter
 from oidcservice.service import Service
 
-
 LOGGER = logging.getLogger(__name__)
 
 
@@ -25,10 +24,9 @@ class AccessToken(Service):
     request_body_type = 'urlencoded'
     response_body_type = 'json'
 
-    def __init__(self, service_context, state_db, client_authn_factory=None,
-                 conf=None):
-        Service.__init__(self, service_context, state_db,
-                         client_authn_factory=client_authn_factory, conf=conf)
+    def __init__(self, service_context, client_authn_factory=None, conf=None):
+        Service.__init__(self, service_context, client_authn_factory=client_authn_factory,
+                         conf=conf)
         self.pre_construct.append(self.oauth_pre_construct)
 
     def update_service_context(self, resp, key='', **kwargs):

src/oidcservice/oauth2/authorization.py

@@ -25,10 +25,9 @@ class Authorization(Service):
     service_name = 'authorization'
     response_body_type = 'urlencoded'
 
-    def __init__(self, service_context, state_db,
-                 client_authn_factory=None, conf=None):
-        Service.__init__(self, service_context, state_db=state_db,
-                         client_authn_factory=client_authn_factory, conf=conf)
+    def __init__(self, service_context, client_authn_factory=None, conf=None):
+        Service.__init__(self, service_context, client_authn_factory=client_authn_factory,
+                         conf=conf)
         self.pre_construct.extend([pick_redirect_uris, set_state_parameter])
         self.post_construct.append(self.store_auth_request)
 
@@ -48,7 +47,7 @@ def gather_request_args(self, **kwargs):
 
         if 'redirect_uri' not in ar_args:
             try:
-                ar_args['redirect_uri'] = self.service_context.redirect_uris[0]
+                ar_args['redirect_uri'] = self.service_context.get('redirect_uris')[0]
             except (KeyError, AttributeError):
                 raise MissingParameter('redirect_uri')
 

src/oidcservice/oauth2/client_credentials/cc_access_token.py

@@ -17,9 +17,8 @@ class CCAccessToken(Service):
     request_body_type = 'urlencoded'
     response_body_type = 'json'
 
-    def __init__(self, service_context, state_db, client_authn_factory=None,
-                 conf=None):
-        Service.__init__(self, service_context, state_db,
+    def __init__(self, service_context, client_authn_factory=None, conf=None):
+        Service.__init__(self, service_context,
                          client_authn_factory=client_authn_factory, conf=conf)
 
     def update_service_context(self, resp, key='cc', **kwargs):

src/oidcservice/oauth2/client_credentials/cc_refresh_access_token.py

@@ -15,9 +15,8 @@ class CCRefreshAccessToken(Service):
     default_authn_method = 'bearer_header'
     http_method = 'POST'
 
-    def __init__(self, service_context, state_db, client_authn_factory=None,
-                 conf=None):
-        Service.__init__(self, service_context, state_db,
+    def __init__(self, service_context, client_authn_factory=None, conf=None):
+        Service.__init__(self, service_context,
                          client_authn_factory=client_authn_factory, conf=conf)
         self.pre_construct.append(self.cc_pre_construct)
         self.post_construct.append(self.cc_post_construct)

src/oidcservice/oauth2/provider_info_discovery.py

@@ -22,10 +22,9 @@ class ProviderInfoDiscovery(Service):
     service_name = 'provider_info'
     http_method = 'GET'
 
-    def __init__(self, service_context, state_db, client_authn_factory=None,
-                 conf=None):
-        Service.__init__(self, service_context, state_db,
-                         client_authn_factory=client_authn_factory, conf=conf)
+    def __init__(self, service_context, client_authn_factory=None, conf=None):
+        Service.__init__(self, service_context, client_authn_factory=client_authn_factory,
+                         conf=conf)
 
     def get_endpoint(self):
         """
@@ -34,7 +33,7 @@ def get_endpoint(self):
         :return: Service endpoint
         """
         try:
-            _iss = self.service_context.issuer
+            _iss = self.service_context.get('issuer')
         except AttributeError:
             _iss = self.endpoint
 
@@ -116,12 +115,13 @@ def _update_service_context(self, resp):
         # Verify that the issuer value received is the same as the
         # url that was used as service endpoint (without the .well-known part)
         if "issuer" in resp:
-            _pcr_issuer = self._verify_issuer(resp, self.service_context.issuer)
+            _pcr_issuer = self._verify_issuer(resp,
+                                              self.service_context.get('issuer'))
         else:  # No prior knowledge
-            _pcr_issuer = self.service_context.issuer
+            _pcr_issuer = self.service_context.get('issuer')
 
-        self.service_context.issuer = _pcr_issuer
-        self.service_context.provider_info = resp
+        self.service_context.set('issuer', _pcr_issuer)
+        self.service_context.set('provider_info', resp)
 
         self._set_endpoints(resp)
 

src/oidcservice/oauth2/refresh_access_token.py

@@ -23,10 +23,9 @@ class RefreshAccessToken(Service):
     default_authn_method = 'bearer_header'
     http_method = 'POST'
 
-    def __init__(self, service_context, state_db, client_authn_factory=None,
-                 conf=None):
-        Service.__init__(self, service_context, state_db,
-                         client_authn_factory=client_authn_factory, conf=conf)
+    def __init__(self, service_context, client_authn_factory=None, conf=None):
+        Service.__init__(self, service_context, client_authn_factory=client_authn_factory,
+                         conf=conf)
         self.pre_construct.append(self.oauth_pre_construct)
 
     def update_service_context(self, resp, key='', **kwargs):