Merge pull request #87 from IdentityPython/id_assurance

Id assurance

Author: rohe

example/flask_op/config.json

@@ -208,13 +208,8 @@
             "request_uri_parameter_supported": true,
             "response_types_supported": [
               "code",
-              "token",
               "id_token",
-              "code token",
-              "code id_token",
-              "id_token token",
-              "code id_token token",
-              "none"
+              "code id_token"
             ],
             "response_modes_supported": [
               "query",

example/flask_op/private/cookie_jwks.json

@@ -1 +1 @@
-{"keys": [{"kty": "oct", "use": "enc", "kid": "enc", "k": "gVdGvOn9TFG38gzqs2uO-pQB40qxJbfm"}, {"kty": "oct", "use": "sig", "kid": "sig", "k": "HlW_dFC6aquKPZ6zGtq2dZEBcntP9uHd"}]}
+{"keys": [{"kty": "oct", "use": "enc", "kid": "enc", "k": "GCizp3ewVRV0VZEef3VQwFve7n2QwAFI"}, {"kty": "oct", "use": "sig", "kid": "sig", "k": "QC2JxpVJXPDMpYv_h76jIrt_lA1P4KSu"}]}

example/flask_rp/application.py

@@ -16,7 +16,7 @@ def init_oidc_rp_handler(app):
     if _rp_conf.key_conf:
         _kj = init_key_jar(**_rp_conf.key_conf)
         _path = _rp_conf.key_conf['public_path']
-        # removes ./ and / from the begin of the string
+        # removes ./ and / from the begining of the string
         _path = re.sub('^(.)/', '', _path)
     else:
         _kj = KeyJar()

example/flask_rp/config.json

@@ -87,26 +87,26 @@
   },
   "clients": {
     "": {
-      "client_preferences": {
+      "httpc_params": {
+        "verify": false
+      },
+      "client_type": "oidc",
+      "capabilities": {
         "application_name": "rphandler",
-        "metadata": {
-          "application_type": "web",
-          "contacts": [
-            "[email protected]"
-          ],
-          "response_types": [
-            "code"
-          ]
-        },
-        "usage": {
-          "scope": [
-            "openid",
-            "profile",
-            "email",
-            "address",
-            "phone"
-          ]
-        },
+        "application_type": "web",
+        "contacts": [
+          "[email protected]"
+        ],
+        "response_types_supported": [
+          "code"
+        ],
+        "scopes_supported": [
+          "openid",
+          "profile",
+          "email",
+          "address",
+          "phone"
+        ],
         "token_endpoint_auth_methods": [
           "client_secret_basic",
           "client_secret_post"

example/flask_rp/templates/opbyuid.html

@@ -19,7 +19,7 @@ <h3>By entering your unique identifier:</h3>
   <input type="text" id="uid" name="uid" class="form-control" placeholder="UID" autofocus>
     <h3>an issuer ID</h3>
     <input type="text" id="dyn_iss" name="dyn_iss" class="form-control">
-  <h3><em>Or</em> you can chose one of the preconfigured OpenID Connect Providers</h3>
+  <h3><em>Or</em> you can choose one of the preconfigured OpenID Connect Providers</h3>
   <select name="static_iss">
   <option value=""></option>
       {% for op in providers %}

example/flask_rp/views.py

@@ -67,7 +67,7 @@ def rp():
         except Exception as err:
             return make_response('Something went wrong:{}'.format(err), 400)
         else:
-            response = redirect(result['url'], 303)
+            response = redirect(result, 303)
             return response
     else:
         _providers = current_app.rp_config.clients.keys()
@@ -106,7 +106,7 @@ def finalize(op_identifier, request_args):
     session['state'] = request_args.get('state')
 
     if session['state']:
-        iss = _context.state.get_iss(session['state'])
+        iss = _context.cstate.get_set(session['state'], claim=["iss"])['iss']
     else:
         return make_response('Unknown state', 400)
 
@@ -158,14 +158,9 @@ def get_op_identifier_by_cb_uri(url: str):
     uri = splitquery(url)[0]
     for k, v in current_app.rph.issuer2rp.items():
         for endpoint in v.get_callback_uris():
-            _endps = v.get_metadata_value(endpoint)
-            if _endps is None:
-                continue
-            elif isinstance(_endps,str):
-                if _endps == uri:
+            for val in v.context.claims.get_preference(endpoint):
+                if val == uri:
                     return k
-            elif uri in _endps:
-                return k
     return None
 
 @oidc_rp_views.route('/authz_cb/<op_identifier>')

pyproject.toml

@@ -7,13 +7,13 @@ build-backend = "setuptools.build_meta"
 
 [metadata]
 name = "idpyoidc"
-version = "2.1.0"
+version = "3.0.0"
 author = "Roland Hedberg"
 author_email = "[email protected]"
 description = "Everything OAuth2 and OIDC"
 long_description = "file: README.md"
 long_description_content_type = "text/markdown"
-url = "https://github.com/IdentityPython/oidc-op"
+url = "https://github.com/IdentityPython/idpy-oidc"
 license = "Apache-2.0"
 classifiers =[
     "Programming Language :: Python :: 3",
@@ -31,7 +31,7 @@ line-length = 100
 
 [tool.isort]
 force_single_line = true
-known_first_party = "oidcop"
+known_first_party = "idpyoidc"
 include_trailing_comma = true
 force_grid_wrap = 0
 use_parentheses = true

setup.py

@@ -70,7 +70,7 @@ def run_tests(self):
         "Programming Language :: Python :: 3.11",
         "Topic :: Software Development :: Libraries :: Python Modules"],
     install_requires=[
-        "cryptojwt>=1.8.1",
+        "cryptojwt>=1.8.3",
         "pyOpenSSL",
         "filelock>=3.0.12",
         'pyyaml>=5.1.2',

src/idpyoidc/__init__.py

@@ -1,5 +1,5 @@
 __author__ = "Roland Hedberg"
-__version__ = "2.2.0"
+__version__ = "3.0.0"
 
 VERIFIED_CLAIM_PREFIX = "__verified"
 

src/idpyoidc/claims.py

@@ -132,7 +132,7 @@ def add_extra_keys(self, keyjar, id):
         return None
 
     def get_jwks(self, keyjar):
-        return None
+        return keyjar.export_jwks()
 
     def handle_keys(self, configuration: dict, keyjar: Optional[KeyJar] = None):
         _jwks = _jwks_uri = None