Skip to content

Commit

Permalink
Grant_types should follow response_types in a client registration req… (
Browse files Browse the repository at this point in the history
#493)

* grant_types should follow response_types in a client registration request.
  • Loading branch information
rohe authored and tpazderka committed Feb 17, 2018
1 parent 2feb099 commit 23efe6d
Show file tree
Hide file tree
Showing 3 changed files with 50 additions and 0 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ The format is based on the [KeepAChangeLog] project.
## 0.13.0 [Unreleased]

### Added
- [#493] grant_types specification should follow the response_types specification in a client registration request.
- [#469] Allow endpoints to have query parts
- [#443] Ability to specify additional supported claims for oic.Provider
- [#134] Added method kwarg to registration_endpoint that enables the client to read/modify registration
Expand Down Expand Up @@ -45,6 +46,7 @@ The format is based on the [KeepAChangeLog] project.
### Security
- [#486] SystemRandom is not imported correctly, so various secrets get initialized with bad randomness

[#493]: https://github.com/OpenIDC/pyoidc/pull/493
[#430]: https://github.com/OpenIDC/pyoidc/pull/430
[#427]: https://github.com/OpenIDC/pyoidc/pull/427
[#399]: https://github.com/OpenIDC/pyoidc/issues/399
Expand Down
30 changes: 30 additions & 0 deletions src/oic/oic/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -257,6 +257,32 @@ def add_token(self, resp):
"enc": "%s_encrypted_response_enc",
}

rt2gt = {
'code': ['authorization_code'],
'id_token': ['implicit'],
'id_token token': ['implicit'],
'code id_token': ['authorization_code', 'implicit'],
'code token': ['authorization_code', 'implicit'],
'code id_token token': ['authorization_code', 'implicit']
}


def response_types_to_grant_types(response_types):
_res = set()

for response_type in response_types:
_rt = response_type.split(' ')
_rt.sort()
try:
_gt = rt2gt[" ".join(_rt)]
except KeyError:
raise ValueError(
'No such response type combination: {}'.format(response_types))
else:
_res.update(set(_gt))

return list(_res)


def claims_match(value, claimspec):
"""
Expand Down Expand Up @@ -1319,6 +1345,10 @@ def create_registration_request(self, **kwargs):
except KeyError:
pass

if 'response_types' in req:
req['grant_types'] = response_types_to_grant_types(
req['response_types'])

return req

def register(self, url, **kwargs):
Expand Down
18 changes: 18 additions & 0 deletions tests/test_oic_consumer.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
from oic.oauth2.message import MissingSigningKey
from oic.oic import DEF_SIGN_ALG
from oic.oic import Server
from oic.oic import response_types_to_grant_types
from oic.oic.consumer import IGNORE
from oic.oic.consumer import Consumer
from oic.oic.consumer import clean_response
Expand Down Expand Up @@ -70,6 +71,23 @@ def _eq(l1, l2):
return set(l1) == set(l2)


def test_response_types_to_grant_types():
req_args = ['code']
assert set(
response_types_to_grant_types(req_args)) == {'authorization_code'}
req_args = ['code', 'code id_token']
assert set(
response_types_to_grant_types(req_args)) == {'authorization_code',
'implicit'}
req_args = ['code', 'id_token code', 'code token id_token']
assert set(
response_types_to_grant_types(req_args)) == {'authorization_code',
'implicit'}

with pytest.raises(ValueError):
response_types_to_grant_types(['foobar openid'])


def test_clean_response():
atr = AccessTokenResponse(access_token="access_token",
token_type="bearer", expires_in=600,
Expand Down

0 comments on commit 23efe6d

Please sign in to comment.