Merge pull request #83 from IdentityPython/ia0

Identity Assurance support has been out in the cold. Time to bring it in again.

Author: rohe

demo/oauth2_add_on_dpop.py

@@ -5,7 +5,7 @@
 from common import KEYDEFS
 from common import full_path
 from flow import Flow
-from idpyoidc.claims import get_signing_algs
+from idpyoidc.metadata import get_signing_algs
 from idpyoidc.client.oauth2 import Client
 from idpyoidc.server import Server
 from idpyoidc.server.configure import ASConfiguration

demo/oidc_add_on_dpop.py

@@ -5,7 +5,7 @@
 from common import KEYDEFS
 from common import full_path
 from flow import Flow
-from idpyoidc.claims import get_signing_algs
+from idpyoidc.metadata import get_signing_algs
 from idpyoidc.client.oauth2 import Client
 from idpyoidc.server import Server
 from idpyoidc.server.configure import ASConfiguration

example/flask_op/config.json

@@ -39,7 +39,7 @@
     "server_info": {
       "add_on": {
         "pkce": {
-          "function": "idpyoidc.server.oidc.add_on.pkce.add_pkce_support",
+          "function": "idpyoidc.server.oauth2.add_on.pkce.add_support",
           "kwargs": {
             "essential": false,
             "code_challenge_method": "S256 S384 S512"

src/idpyoidc/__init__.py

@@ -1,5 +1,5 @@
 __author__ = "Roland Hedberg"
-__version__ = "2.1.0"
+__version__ = "2.2.0"
 
 VERIFIED_CLAIM_PREFIX = "__verified"
 

src/idpyoidc/claims.py

@@ -1,10 +1,7 @@
-from functools import cmp_to_key
 from typing import Callable
 from typing import Optional
 
 from cryptojwt import KeyJar
-from cryptojwt.jwe import SUPPORTED
-from cryptojwt.jws.jws import SIGNER_ALGS
 from cryptojwt.key_jar import init_key_jar
 from cryptojwt.utils import importer
 
@@ -215,42 +212,3 @@ def get_claim(self, key, default=None):
             return default
         else:
             return _val
-
-
-SIGNING_ALGORITHM_SORT_ORDER = ["RS", "ES", "PS", "HS"]
-
-
-def cmp(a, b):
-    return (a > b) - (a < b)
-
-
-def alg_cmp(a, b):
-    if a == "none":
-        return 1
-    elif b == "none":
-        return -1
-
-    _pos1 = SIGNING_ALGORITHM_SORT_ORDER.index(a[0:2])
-    _pos2 = SIGNING_ALGORITHM_SORT_ORDER.index(b[0:2])
-    if _pos1 == _pos2:
-        return (a > b) - (a < b)
-    elif _pos1 > _pos2:
-        return 1
-    else:
-        return -1
-
-
-def get_signing_algs():
-    # Assumes Cryptojwt
-    _list = list(SIGNER_ALGS.keys())
-    # know how to do none but should not
-    _list.remove("none")
-    return sorted(_list, key=cmp_to_key(alg_cmp))
-
-
-def get_encryption_algs():
-    return SUPPORTED["alg"]
-
-
-def get_encryption_encs():
-    return SUPPORTED["enc"]

src/idpyoidc/client/claims/oidc.py

@@ -2,7 +2,7 @@
 import os
 from typing import Optional
 
-from idpyoidc import claims
+from idpyoidc import metadata
 from idpyoidc.client import claims as client_claims
 from idpyoidc.client.claims.transform import create_registration_request
 from idpyoidc.message.oidc import RegistrationRequest
@@ -75,9 +75,9 @@ class Claims(client_claims.Claims):
         "encrypt_id_token_supported": None,
         # "grant_types_supported": ["authorization_code", "refresh_token"],
         "logo_uri": None,
-        "id_token_signing_alg_values_supported": claims.get_signing_algs,
-        "id_token_encryption_alg_values_supported": claims.get_encryption_algs,
-        "id_token_encryption_enc_values_supported": claims.get_encryption_encs,
+        "id_token_signing_alg_values_supported": metadata.get_signing_algs,
+        "id_token_encryption_alg_values_supported": metadata.get_encryption_algs,
+        "id_token_encryption_enc_values_supported": metadata.get_encryption_encs,
         "initiate_login_uri": None,
         "jwks": None,
         "jwks_uri": None,

src/idpyoidc/client/client_auth.py

@@ -12,14 +12,15 @@
 
 from idpyoidc.defaults import DEF_SIGN_ALG
 from idpyoidc.defaults import JWT_BEARER
-from idpyoidc.message.oauth2 import AccessTokenRequest
 from idpyoidc.message.oauth2 import SINGLE_OPTIONAL_STRING
+from idpyoidc.message.oauth2 import AccessTokenRequest
 from idpyoidc.message.oidc import AuthnToken
 from idpyoidc.time_util import utc_time_sans_frac
 from idpyoidc.util import rndstr
-from .util import sanitize
+
 from ..message import VREQUIRED
 from ..util import instantiate
+from .util import sanitize
 
 # from idpyoidc.oidc.backchannel_authentication import ClientNotificationAuthn
 

src/idpyoidc/client/configure.py

@@ -7,6 +7,7 @@
 
 from idpyoidc.configure import Base
 from idpyoidc.logging import configure_logging
+
 from .util import lower_or_upper
 
 try:

src/idpyoidc/client/entity.py

@@ -141,6 +141,7 @@ def __init__(
                 keyjar=self.keyjar,
                 upstream_get=self.unit_get,
                 client_type=client_type,
+                entity_id=self.entity_id,
             )
 
         self.setup_client_authn_methods(config)

src/idpyoidc/client/http.py

@@ -4,10 +4,10 @@
 from http.cookies import CookieError
 from http.cookies import SimpleCookie
 
-from requests import request
 from idpyoidc.client.exception import NonFatalException
 from idpyoidc.client.util import sanitize
 from idpyoidc.client.util import set_cookie
+from requests import request
 
 __author__ = "roland"