Encrypting request parameter turned off by default but if turned on should actually work.

rohe · rohe · commit 3269e08d8ef1 · 2023-02-13T16:57:14.000+01:00
diff --git a/src/idpyoidc/client/oauth2/authorization.py b/src/idpyoidc/client/oauth2/authorization.py
@@ -32,9 +32,11 @@ class Authorization(Service):
     _supports = {
         "response_types_supported": ["code", 'token'],
         "response_modes_supported": ['query', 'fragment'],
-        "request_object_signing_alg_values_supported": claims.get_signing_algs,
-        "request_object_encryption_alg_values_supported": claims.get_encryption_algs,
-        "request_object_encryption_enc_values_supported": claims.get_encryption_encs,
+        # Below not OAuth2 functionality
+        # "request_object_signing_alg_values_supported": claims.get_signing_algs,
+        # "request_object_encryption_alg_values_supported": claims.get_encryption_algs,
+        # "request_object_encryption_enc_values_supported": claims.get_encryption_encs,
+        # "encrypt_request_object_supported": False,
     }
 
     _callback_path = {
diff --git a/src/idpyoidc/client/oidc/authorization.py b/src/idpyoidc/client/oidc/authorization.py
@@ -257,6 +257,9 @@ def construct_request_parameter(
 
         _req_jwt = make_openid_request(req, **_mor_args)
 
+        if 'target' not in kwargs:
+            kwargs['target'] = _context.provider_info["issuer"]
+
         # Should the request be encrypted
         _req_jwte = request_object_encryption(_req_jwt, _context,
                                               self.upstream_get('attribute', 'keyjar'),
@@ -300,7 +303,7 @@ def oidc_post_construct(self, req, **kwargs):
             _req = self.construct_request_parameter(req, _request_param, **kwargs)
             req["request_uri"] = self.store_request_on_file(_req, **kwargs)
         elif _request_param == "request":
-            _req = self.construct_request_parameter(req, _request_param)
+            _req = self.construct_request_parameter(req, _request_param, **kwargs)
             req["request"] = _req
 
         if _req:
diff --git a/src/idpyoidc/client/oidc/utils.py b/src/idpyoidc/client/oidc/utils.py
@@ -46,14 +46,15 @@ def request_object_encryption(msg, service_context, keyjar, **kwargs):
     except KeyError:
         _kid = ""
 
-    if "target" not in kwargs:
+    _target = kwargs.get('target', kwargs.get('recv', None))
+    if _target is None:
         raise MissingRequiredAttribute("No target specified")
 
     if _kid:
-        _keys = keyjar.get_encrypt_key(_kty, issuer_id=kwargs["target"], kid=_kid)
+        _keys = keyjar.get_encrypt_key(_kty, issuer_id=_target, kid=_kid)
         _jwe["kid"] = _kid
     else:
-        _keys = keyjar.get_encrypt_key(_kty, issuer_id=kwargs["target"])
+        _keys = keyjar.get_encrypt_key(_kty, issuer_id=_target)
 
     return _jwe.encrypt(_keys)
 
diff --git a/src/idpyoidc/server/oidc/authorization.py b/src/idpyoidc/server/oidc/authorization.py
@@ -78,7 +78,7 @@ class Authorization(authorization.Authorization):
 
     _supports = {
         "claims_parameter_supported": True,
-        "encrypt_request_object_supported": True,
+        "encrypt_request_object_supported": False,
         "request_object_signing_alg_values_supported": claims.get_signing_algs,
         "request_object_encryption_alg_values_supported": claims.get_encryption_algs,
         "request_object_encryption_enc_values_supported": claims.get_encryption_encs,
