Merge pull request #61 from IdentityPython/get_client_id

Get client

Author: rohe

.github/workflows/python-app.yml

@@ -18,10 +18,10 @@ jobs:
       fail-fast: false
       matrix:
         python-version:
-          - '3.6'
           - '3.7'
           - '3.8'
           - '3.9'
+          - '3.10'
 
     steps:
     - uses: actions/checkout@v2

setup.py

@@ -68,13 +68,13 @@ def run_tests(self):
     classifiers=[
         "Development Status :: 5 - Production/Stable",
         "License :: OSI Approved :: Apache Software License",
-        "Programming Language :: Python :: 3.6",
         "Programming Language :: Python :: 3.7",
         "Programming Language :: Python :: 3.8",
         "Programming Language :: Python :: 3.9",
+        "Programming Language :: Python :: 3.10",
         "Topic :: Software Development :: Libraries :: Python Modules"],
     install_requires=[
-        'oidcmsg==1.5.4',
+        'oidcmsg==1.6.0',
         'pyyaml>=5.1.2',
         'responses'
     ],

src/oidcrp/__init__.py

@@ -1,7 +1,7 @@
 import logging
 
 __author__ = 'Roland Hedberg'
-__version__ = '2.1.3'
+__version__ = '2.1.4'
 
 logger = logging.getLogger(__name__)
 

src/oidcrp/client_auth.py

@@ -482,7 +482,7 @@ def _get_audience_and_algorithm(self, context, **kwargs):
 
     def _construct_client_assertion(self, service, **kwargs):
         _context = service.client_get("service_context")
-
+        _entity = service.client_get("entity")
         audience, algorithm = self._get_audience_and_algorithm(_context, **kwargs)
 
         if 'kid' in kwargs:
@@ -500,7 +500,7 @@ def _construct_client_assertion(self, service, **kwargs):
 
         # construct the signed JWT with the assertions and add
         # it as value to the 'client_assertion' claim of the request
-        return assertion_jwt(_context.client_id, signing_key, audience, algorithm, **_args)
+        return assertion_jwt(_entity.get_client_id(), signing_key, audience, algorithm, **_args)
 
     def modify_request(self, request, service, **kwargs):
         """

src/oidcrp/entity.py

@@ -42,10 +42,6 @@ def __init__(self,
         self._service_context = ServiceContext(keyjar=keyjar, config=config,
                                                jwks_uri=jwks_uri, httpc_params=self.httpc_params)
 
-        _cid = self._service_context.get('client_id')
-        if _cid:
-            self.client_id = _cid
-
         _cam = client_authn_factory or factory
 
         _srvs = services or DEFAULT_SERVICES
@@ -78,3 +74,9 @@ def get_service_by_endpoint_name(self, endpoint_name, *arg):
                 return service
 
         return None
+
+    def get_entity(self):
+        return self
+
+    def get_client_id(self):
+        return self._service_context.client_id

src/oidcrp/oauth2/__init__.py

@@ -99,7 +99,6 @@ def do_request(self,
                                     state=_state, **_info)
 
     def set_client_id(self, client_id):
-        self.client_id = client_id
         self._service_context.set('client_id', client_id)
 
     def get_response(self,

src/oidcrp/oidc/access_token.py

@@ -37,10 +37,10 @@ def gather_verify_arguments(self,
         :return: dictionary with arguments to the verify call
         """
         _context = self.client_get("service_context")
-        # Default is RS256
+        _entity = self.client_get("entity")
 
         kwargs = {
-            'client_id': _context.client_id,
+            'client_id': _entity.get_client_id(),
             'iss': _context.issuer,
             'keyjar': _context.keyjar,
             'verify': True,

src/oidcrp/rp_handler.py

@@ -277,7 +277,7 @@ def do_client_registration(self, client=None,
         # if _context.callback.get("post_logout_redirect_uri") is None:
         #     _context.callback["post_logout_redirect_uri"] = [self.base_url]
 
-        if not _context.client_id:  # means I have to do dynamic client registration
+        if not client.get_client_id():  # means I have to do dynamic client registration
             if request_args is None:
                 request_args = {}
 
@@ -514,7 +514,7 @@ def get_tokens(self, state, client: Optional[Client] = None):
             'state': state,
             'redirect_uri': authorization_request['redirect_uri'],
             'grant_type': 'authorization_code',
-            'client_id': _context.get('client_id'),
+            'client_id': client.get_client_id(),
             'client_secret': _context.get('client_secret')
         }
         logger.debug('request_args: {}'.format(req_args))
@@ -956,7 +956,7 @@ def backchannel_logout(client, request='', request_args=None):
 
     _context = client.client_get("service_context")
     kwargs = {
-        'aud': _context.get('client_id'),
+        'aud': client.get_client_id(),
         'iss': _context.get('issuer'),
         'keyjar': _context.keyjar,
         'allowed_sign_alg': _context.get('registration_response').get(

src/oidcrp/service.py

@@ -460,9 +460,8 @@ def gather_verify_arguments(self,
             'verify': True
         }
 
-        _client_id = _context.client_id
-        if _client_id:
-            kwargs['client_id'] = _client_id
+        _entity = self.client_get("entity")
+        kwargs['client_id'] = _entity.get_client_id()
 
         if self.service_name == "provider_info":
             if _context.issuer.startswith("http://"):

tests/pub_client.jwks

@@ -1 +1 @@
-{"keys": [{"kty": "RSA", "use": "sig", "kid": "SUswNi1MRFlDT0Y2YjU1Z1RfQlo2S3dEa3FTTkV3LThFcnhDTHF5elk2VQ", "e": "AQAB", "n": "0UkUx2ewKyc-XJ1o0ToyGjws_JybAMZj2oYjsPyyvQ_T5dhZ2VmRRRkhsaVJ2xE_GGc7mSG0IjmGFyXp5y0w4mJBcsAEE5-8eBTvQdYIryjW74r3jt6Fi4Hlm1yFMTie3apv8mw79BUj-jT0kh3_m-FiKKUvLsq45DcLtTJ4cx7Ize37dl1sFSpQcoYMk7eiUEM8fiNboiVwvBYNAWVMkUM-LnVUPm3UjvKp0LihYEkZFWOxmuQmj2x25SFUkjus38ERrRqJQBZduxdBHFrWtWg8yOA53BkMU0FFg_r0H3ctl-5GaKw-BWlogU4qXnsq85xy0EoenRk7FPV8g_ulJw"}, {"kty": "EC", "use": "sig", "kid": "NC1pdGRQN002bWM3bk1xX2R0SktscElqbFdtN29ITDV2WVd2b0hOYzREVQ", "crv": "P-256", "x": "kK7Qp1woSerI7rUOAwW_4sU6ZmwV3wwXKX3VU-v2fMI", "y": "iPWd_Pjq6EjxYy08KNFZ3PxhEwgWHgAQTTknlKMKJA0"}]}
+{"keys": [{"kty": "RSA", "use": "sig", "kid": "SUswNi1MRFlDT0Y2YjU1Z1RfQlo2S3dEa3FTTkV3LThFcnhDTHF5elk2VQ", "n": "0UkUx2ewKyc-XJ1o0ToyGjws_JybAMZj2oYjsPyyvQ_T5dhZ2VmRRRkhsaVJ2xE_GGc7mSG0IjmGFyXp5y0w4mJBcsAEE5-8eBTvQdYIryjW74r3jt6Fi4Hlm1yFMTie3apv8mw79BUj-jT0kh3_m-FiKKUvLsq45DcLtTJ4cx7Ize37dl1sFSpQcoYMk7eiUEM8fiNboiVwvBYNAWVMkUM-LnVUPm3UjvKp0LihYEkZFWOxmuQmj2x25SFUkjus38ERrRqJQBZduxdBHFrWtWg8yOA53BkMU0FFg_r0H3ctl-5GaKw-BWlogU4qXnsq85xy0EoenRk7FPV8g_ulJw", "e": "AQAB"}, {"kty": "EC", "use": "sig", "kid": "NC1pdGRQN002bWM3bk1xX2R0SktscElqbFdtN29ITDV2WVd2b0hOYzREVQ", "crv": "P-256", "x": "kK7Qp1woSerI7rUOAwW_4sU6ZmwV3wwXKX3VU-v2fMI", "y": "iPWd_Pjq6EjxYy08KNFZ3PxhEwgWHgAQTTknlKMKJA0"}]}

tests/test_20_rp_handler_oidc.py

@@ -431,12 +431,13 @@ def test_get_tokens(self):
         client = self.rph.issuer2rp[_session['iss']]
 
         _github_id = iss_id('github')
-        client.client_get("service_context").keyjar.import_jwks(
+        _context = client.client_get("service_context")
+        _context.keyjar.import_jwks(
             GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)
 
         _nonce = _session['auth_request']['nonce']
         _iss = _session['iss']
-        _aud = client.client_id
+        _aud = _context.client_id
         idval = {
             'nonce': _nonce, 'sub': 'EndUserSubject', 'iss': _iss,
             'aud': _aud
@@ -479,16 +480,17 @@ def test_access_and_id_token(self):
         res = self.rph.begin(issuer_id='github')
         _session = self.rph.get_session_information(res['state'])
         client = self.rph.issuer2rp[_session['iss']]
+        _context = client.client_get("service_context")
         _nonce = _session['auth_request']['nonce']
         _iss = _session['iss']
-        _aud = client.client_id
+        _aud = _context.client_id
         idval = {
             'nonce': _nonce, 'sub': 'EndUserSubject', 'iss': _iss,
             'aud': _aud
         }
 
         _github_id = iss_id('github')
-        client.client_get("service_context").keyjar.import_jwks(
+        _context.keyjar.import_jwks(
             GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)
 
         idts = IdToken(**idval)
@@ -520,16 +522,17 @@ def test_access_and_id_token_by_reference(self):
         res = self.rph.begin(issuer_id='github')
         _session = self.rph.get_session_information(res['state'])
         client = self.rph.issuer2rp[_session['iss']]
+        _context = client.client_get("service_context")
         _nonce = _session['auth_request']['nonce']
         _iss = _session['iss']
-        _aud = client.client_id
+        _aud = _context.client_id
         idval = {
             'nonce': _nonce, 'sub': 'EndUserSubject', 'iss': _iss,
             'aud': _aud
         }
 
         _github_id = iss_id('github')
-        client.client_get("service_context").keyjar.import_jwks(
+        _context.keyjar.import_jwks(
             GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)
 
         idts = IdToken(**idval)
@@ -561,16 +564,17 @@ def test_get_user_info(self):
         res = self.rph.begin(issuer_id='github')
         _session = self.rph.get_session_information(res['state'])
         client = self.rph.issuer2rp[_session['iss']]
+        _context = client.client_get("service_context")
         _nonce = _session['auth_request']['nonce']
         _iss = _session['iss']
-        _aud = client.client_id
+        _aud = _context.client_id
         idval = {
             'nonce': _nonce, 'sub': 'EndUserSubject', 'iss': _iss,
             'aud': _aud
         }
 
         _github_id = iss_id('github')
-        client.client_get("service_context").keyjar.import_jwks(
+        _context.keyjar.import_jwks(
             GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)
 
         idts = IdToken(**idval)
@@ -612,9 +616,10 @@ def test_userinfo_in_id_token(self):
         res = self.rph.begin(issuer_id='github')
         _session = self.rph.get_session_information(res['state'])
         client = self.rph.issuer2rp[_session['iss']]
+        _context = client.client_get("service_context")
         _nonce = _session['auth_request']['nonce']
         _iss = _session['iss']
-        _aud = client.client_id
+        _aud = _context.client_id
         idval = {
             'nonce': _nonce, 'sub': 'EndUserSubject', 'iss': _iss,
             'aud': _aud, 'given_name': 'Diana', 'family_name': 'Krall',
@@ -645,16 +650,17 @@ def rphandler_setup(self):
         res = self.rph.begin(issuer_id='github')
         _session = self.rph.get_session_information(res['state'])
         client = self.rph.issuer2rp[_session['iss']]
+        _context = client.client_get("service_context")
         _nonce = _session['auth_request']['nonce']
         _iss = _session['iss']
-        _aud = client.client_id
+        _aud = _context.client_id
         idval = {
             'nonce': _nonce, 'sub': 'EndUserSubject', 'iss': _iss,
             'aud': _aud
         }
 
         _github_id = iss_id('github')
-        client.client_get("service_context").keyjar.import_jwks(
+        _context.keyjar.import_jwks(
             GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)
 
         idts = IdToken(**idval)