Get master and develop in synch

.coveragerc

@@ -0,0 +1,3 @@
+# .coveragerc to control coverage.py
+[run]
+source = .

.github/workflows/python-app.yml

@@ -0,0 +1,56 @@
+# This workflow will install Python dependencies, run tests and lint with a single version of Python
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+
+name: oidcservice
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main, develop ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version:
+          - '3.6'
+          - '3.7'
+          - '3.8'
+          - '3.9'
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v2
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install rustc and cargo
+      run: |
+        sudo apt-get install rustc
+        sudo apt install cargo
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -U wheel --user
+        pip install setuptools-rust
+        python setup.py install
+        python setup.py test
+        pip install flake8
+        pip install pytest
+        pip install pytest-httpserver
+        pip install responses
+    - name: Lint with flake8
+      run: |
+        # stop the build if there are Python syntax errors or undefined names
+        flake8 ./src/oidcservice --count --select=E9,F63,F7,F82 --show-source --statistics
+        # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
+        flake8 ./src/oidcservice --count --exit-zero --statistics
+
+    - name: Unit tests
+      run: |
+        py.test tests/

.travis.yml

@@ -0,0 +1,34 @@
+sudo: false
+language: python
+python:
+- 3.6
+- 3.7
+- 3.8
+- pypy3
+addons:
+  apt:
+    packages:
+    -
+install:
+- pip install codecov
+- pip install tox
+- pip install isort
+- pip install tox-travis
+- pip install responses
+script:
+- codecov --version
+- tox
+- isort --check src tests
+after_success:
+- codecov
+notifications:
+  email: false
+deploy:
+  provider: pypi
+  on:
+    tags: true
+  distributions: bdist_wheel
+  skip_existing: true
+  user: __token__
+  password:
+    secure: AH3jGGXVjV/oOlg4cOnsN7pURlZ7JMcd3Prr69Q++rxfsrmFpxCPtQLpO0LUNPisfyctoImpY64auNMHh20AHdlnvXQu8k/YFZCVcyK6N2d66wgJbO9AOT21N6IkFGyW11K3lYIHzURv9RsTEhzSkOhKmPUack5UhSJ+yAUTZXpt6iZqXBvmxMNzNiCLQdUmTMj4HxxkUVPabpef8PLqyDXvAxJxOCss+QcJVZuWFs85Niw0scTkU4SWz2lhOxeqQNg8s+CEgje2KaIoRy2kETywK53G3RFkSp5ytIJPp8RQK039laeal5yjMsWP4KlbDhHrywyNN7yS69FwPuLC41ppde5G054WcuJTm60Y2uckGu6L3oTBMHsAtSfZuEym/qfDngxYADA+xrATJQF5XSrCz13IiBnoz8Y9zI7t9s66PZSBHg99L85jM45M2kJYCDKxNPffJ/JzCnAMTP0yiBMEQ/UfguMDfJMw+6oSPzGcZHuQVzjLO5mUni71X528Psd/iEYCyN+Vi1QbvDZjbNo/oOLtvegOcnu/H1tGWkH4uEXsg2giqkld2hrZi6K3KfcpPtltuP66Z6ohMqcLegqGUNr8mPMP2I58p7if/6xLEu1e7MNZuoV459bnWepoNMMug2NLq/WIPCiGLNCyV4tdbzqcZQLNwjc5ruFLoz8=

Makefile

@@ -5,7 +5,7 @@ SPHINXBUILD   = sphinx-build
 SPHINXABUILD  = sphinx-autobuild
 BUILDDIR      = doc/_build
 DOCDIR        = doc/
-OIDCDIR        = src/oidcmsg
+OIDCDIR        = src/oidcservice
 TESTDIR       = tests
 
 help:
@@ -40,10 +40,10 @@ test:
 .PHONY: test
 
 isort:
-	@pipenv run isort --recursive $(OIDCDIR) $(TESTDIR)
+	@pipenv run isort $(OIDCDIR) $(TESTDIR)
 
 check-isort:
-	@pipenv run isort --recursive --diff --check-only $(OIDCDIR) $(TESTDIR)
+	@pipenv run isort --diff --check-only $(OIDCDIR) $(TESTDIR)
 .PHONY: isort check-isort
 
 check-pylama:

README.md

@@ -1,3 +1,8 @@
+# Archived !!
+
+The functionality in this package has been included in the IdentityPython/JWTConnect-Python-OidcRP package.
+This package is therefor redundant and has been archived.
+
 # oidcservice
 #### Implementation of OIDC/OAuth2 services
 

setup.py

@@ -23,19 +23,19 @@
 __author__ = 'Roland Hedberg'
 
 
-class PyTest(TestCommand):
-    def finalize_options(self):
-        TestCommand.finalize_options(self)
-        self.test_args = []
-        self.test_suite = True
-
-    def run_tests(self):
-        # import here, cause outside the eggs aren't loaded
-        import pytest
-
-        errno = pytest.main(self.test_args)
-        sys.exit(errno)
-
+# class PyTest(TestCommand):
+#     def finalize_options(self):
+#         TestCommand.finalize_options(self)
+#         self.test_args = []
+#         self.test_suite = True
+#
+#     def run_tests(self):
+#         # import here, cause outside the eggs aren't loaded
+#         import pytest
+#
+#         errno = pytest.main(self.test_args)
+#         sys.exit(errno)
+#
 
 # Python 2.7 and later ship with importlib and argparse
 if sys.version_info[0] == 2 and sys.version_info[1] == 6:
@@ -62,19 +62,20 @@ def run_tests(self):
     classifiers=[
         "Development Status :: 4 - Beta",
         "License :: OSI Approved :: Apache Software License",
-        "Programming Language :: Python :: 3.5",
         "Programming Language :: Python :: 3.6",
         "Programming Language :: Python :: 3.7",
+        "Programming Language :: Python :: 3.8",
+        "Programming Language :: Python :: 3.9",
         "Topic :: Software Development :: Libraries :: Python Modules"],
     install_requires=[
         "pyyaml>=5.1.0",
         'oidcmsg>=1.1.0',
+        'requests'
     ],
     tests_require=[
         "responses",
         "testfixtures",
         "pytest-localserver"
     ],
-    zip_safe=False,
-    cmdclass={'test': PyTest},
+    zip_safe=False
 )

src/oidcservice/__init__.py

@@ -3,14 +3,12 @@
 
 # Since SystemRandom is not available on all systems
 try:
-    import random.SystemRandom as rnd
+    import SystemRandom as rnd
 except ImportError:
     import random as rnd
 
-
 __author__ = 'Roland Hedberg'
-__version__ = '1.1.0'
-
+__version__ = '1.1.1'
 
 OIDCONF_PATTERN = "{}/.well-known/openid-configuration"
 CC_METHOD = {
@@ -31,6 +29,8 @@
 JWT_BEARER = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
 SAML2_BEARER_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:saml2-bearer"
 
+BASECHR = string.ascii_letters + string.digits
+
 
 def rndstr(size=16):
     """
@@ -39,8 +39,7 @@ def rndstr(size=16):
     :param size: The length of the string
     :return: string
     """
-    _basech = string.ascii_letters + string.digits
-    return "".join([rnd.choice(_basech) for _ in range(size)])
+    return "".join([rnd.choice(BASECHR) for _ in range(size)])
 
 
 BASECH = string.ascii_letters + string.digits + '-._~'

src/oidcservice/client_auth.py

@@ -4,17 +4,14 @@
 from urllib.parse import quote_plus
 
 from cryptojwt.exception import MissingKey
+from cryptojwt.jws.jws import SIGNER_ALGS
 from cryptojwt.jws.utils import alg2keytype
 from oidcmsg.message import VREQUIRED
-from oidcmsg.oauth2 import AccessTokenRequest
-from oidcmsg.oauth2 import SINGLE_OPTIONAL_STRING
+from oidcmsg.oauth2 import SINGLE_OPTIONAL_STRING, AccessTokenRequest
 from oidcmsg.oidc import AuthnToken
 from oidcmsg.time_util import utc_time_sans_frac
 
-from oidcservice import DEF_SIGN_ALG
-from oidcservice import JWT_BEARER
-from oidcservice import rndstr
-from oidcservice import sanitize
+from oidcservice import DEF_SIGN_ALG, JWT_BEARER, rndstr, sanitize
 
 LOGGER = logging.getLogger(__name__)
 
@@ -128,7 +125,7 @@ def _with_or_without_client_id(request, service):
         :param service: A :py:class:`oidcservice.service.Service` instance
         """
         if isinstance(request, AccessTokenRequest) and request[
-                'grant_type'] == 'authorization_code':
+            'grant_type'] == 'authorization_code':
             if 'client_id' not in request:
                 try:
                     request['client_id'] = service.service_context.get('client_id')
@@ -315,6 +312,7 @@ def construct(self, request=None, service=None, http_args=None,
 
 class BearerBody(ClientAuthnMethod):
     """The bearer body authentication method."""
+
     def modify_request(self, request, service, **kwargs):
         """
         Modify the request if necessary.
@@ -450,11 +448,24 @@ def _get_audience_and_algorithm(self, context, **kwargs):
         # audience for the signed JWT depends on which endpoint
         # we're talking to.
         if 'authn_endpoint' in kwargs and kwargs['authn_endpoint'] in ['token_endpoint']:
-            try:
-                algorithm = context.behaviour[
-                    'token_endpoint_auth_signing_alg']
-            except (KeyError, AttributeError):
-                pass
+            reg_resp = context.get("registration_response")
+            if reg_resp:
+                algorithm = reg_resp.get("token_endpoint_auth_signing_alg")
+            else:
+                algorithm = context.client_preferences.get("token_endpoint_auth_signing_alg")
+                if algorithm is None:
+                    _pi = context.get("provider_info")
+                    try:
+                        algs = _pi["token_endpoint_auth_signing_alg_values_supported"]
+                    except KeyError:
+                        algorithm = "RS256"  # default
+                    else:
+                        for alg in algs:  # pick the first one I support and have keys for
+                            if alg in SIGNER_ALGS and self.get_signing_key_from_keyjar(alg,
+                                                                                       context):
+                                algorithm = alg
+                                break
+
             audience = context.get('provider_info')['token_endpoint']
         else:
             audience = context.get('provider_info')['issuer']

src/oidcservice/oauth2/authorization.py

@@ -6,12 +6,10 @@
 from oidcmsg.oauth2 import ResponseMessage
 from oidcmsg.time_util import time_sans_frac
 
-from oidcservice.oauth2.utils import get_state_parameter
-from oidcservice.oauth2.utils import pick_redirect_uris
-from oidcservice.oauth2.utils import set_state_parameter
+from oidcservice.oauth2.utils import (get_state_parameter, pick_redirect_uris,
+                                      set_state_parameter)
 from oidcservice.service import Service
 
-
 LOGGER = logging.getLogger(__name__)
 
 

src/oidcservice/oauth2/provider_info_discovery.py

@@ -2,7 +2,6 @@
 import logging
 
 from cryptojwt.key_jar import KeyJar
-
 from oidcmsg import oauth2
 from oidcmsg.oauth2 import ResponseMessage
 

src/oidcservice/oauth2/refresh_access_token.py

@@ -8,7 +8,6 @@
 from oidcservice.oauth2.utils import get_state_parameter
 from oidcservice.service import Service
 
-
 LOGGER = logging.getLogger(__name__)
 
 

src/oidcservice/oidc/access_token.py

@@ -4,8 +4,8 @@
 from oidcmsg.oidc import verified_claim_name
 from oidcmsg.time_util import time_sans_frac
 
-from oidcservice.oauth2 import access_token
 from oidcservice.exception import ParameterError
+from oidcservice.oauth2 import access_token
 from oidcservice.oidc import IDT2REG
 
 __author__ = 'Roland Hedberg'

src/oidcservice/oidc/add_on/pkce.py

@@ -3,8 +3,7 @@
 from cryptojwt.utils import b64e
 from oidcmsg.message import Message
 
-from oidcservice import CC_METHOD
-from oidcservice import unreserved
+from oidcservice import CC_METHOD, unreserved
 from oidcservice.exception import Unsupported
 from oidcservice.oauth2.utils import get_state_parameter
 

src/oidcservice/oidc/add_on/pushed_authorization.py

@@ -1,10 +1,11 @@
 import logging
 
-import requests
 from cryptojwt import JWT
 from oidcmsg.message import Message
 from oidcmsg.oauth2 import JWTSecuredAuthorizationRequest
 
+import requests
+
 logger = logging.getLogger(__name__)
 
 
@@ -49,11 +50,14 @@ def push_authorization(request_args, service, **kwargs):
     return request_args
 
 
-def add_pushed_authorization_support(services, body_format="jws", signing_algorthm="RS256",
+def add_pushed_authorization_support(services, body_format="jws", signing_algorithm="RS256",
                                      http_client=None, merge_rule="strict"):
     """
     Add the necessary pieces to make pushed authorization happen.
 
+    :param merge_rule:
+    :param http_client:
+    :param signing_algorithm:
     :param services: A dictionary with all the services the client has access to.
     :param body_format: jws or urlencoded
     """
@@ -64,7 +68,7 @@ def add_pushed_authorization_support(services, body_format="jws", signing_algort
     _service = services["authorization"]
     _service.service_context.add_on['pushed_authorization'] = {
         "body_format": body_format,
-        "signing_algorithm": signing_algorthm,
+        "signing_algorithm": signing_algorithm,
         "http_client": http_client,
         "merge_rule": merge_rule
     }