Generalized the configuration handling.

Author: rohe

example/flask_rp/wsgi.py

@@ -21,7 +21,7 @@
     template_dir = os.path.join(dir_path, 'templates')
 
     _config = create_from_config_file(Configuration,
-                                      entity_conf_class=RPConfiguration,
+                                      entity_conf=[{"class": RPConfiguration, "attr": "rp"}],
                                       filename=conf)
 
     app = application.oidc_provider_init_app(_config.rp, name, template_folder=template_dir)

src/oidcrp/configure.py

@@ -3,14 +3,14 @@
 import json
 import logging
 import os
+from typing import Any
 from typing import Dict
 from typing import List
 from typing import Optional
 
 from oidcrp.logging import configure_logging
 from oidcrp.util import load_yaml_config
 from oidcrp.util import lower_or_upper
-from oidcrp.util import replace
 
 try:
     from secrets import token_urlsafe as rnd_token
@@ -87,6 +87,7 @@ class RPConfiguration(Base):
     def __init__(self,
                  conf: Dict,
                  base_path: Optional[str] = '',
+                 entity_conf: Optional[List[dict]] = None,
                  domain: Optional[str] = "127.0.0.1",
                  port: Optional[int] = 80,
                  file_attributes: Optional[List[str]] = None,
@@ -100,19 +101,14 @@ def __init__(self,
 
         self.keys = _keys_conf
 
+        if not domain:
+            domain = conf.get("domain", "127.0.0.1")
+
+        if not port:
+            port = conf.get("port", 80)
+
         conf = set_domain_and_port(conf, URIS, domain, port)
         self.clients = lower_or_upper(conf, "clients")
-        # if _clients:
-        #     format_args = {"domain": domain, "port": port}
-        #     for key, spec in _clients.items():
-        #         if key == "":
-        #             continue
-        #
-        #         for uri in ['redirect_uris', 'post_logout_redirect_uris', 'frontchannel_logout_uri',
-        #                     'backchannel_logout_uri', 'issuer']:
-        #             replace(spec, uri, **format_args)
-        #
-        #     self.clients = _clients
 
         hash_seed = lower_or_upper(conf, 'hash_seed')
         if not hash_seed:
@@ -129,13 +125,13 @@ class Configuration(Base):
 
     def __init__(self,
                  conf: Dict,
-                 entity_conf_class,
                  base_path: str = '',
+                 entity_conf: Optional[List[dict]] = None,
                  file_attributes: Optional[List[str]] = None,
                  domain: Optional[str] = "",
                  port: Optional[int] = 0,
                  ):
-        Base.__init__(self, conf, base_path, file_attributes)
+        Base.__init__(self, conf, base_path=base_path, file_attributes=file_attributes)
 
         log_conf = conf.get('logging')
         if log_conf:
@@ -152,37 +148,42 @@ def __init__(self,
         if not port:
             port = conf.get("port", 80)
 
-        self.rp = entity_conf_class(conf, base_path=base_path, file_attributes=file_attributes,
-                                        domain=domain, port=port)
+        if entity_conf:
+            for econf in entity_conf:
+                _path = econf.get("path")
+                _cnf = conf
+                if _path:
+                    for step in _path:
+                        _cnf = _cnf[step]
+                _attr = econf["attr"]
+                _cls = econf["class"]
+                setattr(self, _attr,
+                        _cls(_cnf, base_path=base_path, file_attributes=file_attributes,
+                             domain=domain, port=port))
 
 
 def create_from_config_file(cls,
-                            entity_conf_class,
                             filename: str,
-                            base_path: str = '',
+                            base_path: Optional[str] = '',
+                            entity_conf: Optional[List[dict]] = None,
                             file_attributes: Optional[List[str]] = None,
                             domain: Optional[str] = "",
                             port: Optional[int] = 0):
     if filename.endswith(".yaml"):
         """Load configuration as YAML"""
-        return cls(load_yaml_config(filename),
-                   entity_conf_class=entity_conf_class,
-                   base_path=base_path, file_attributes=file_attributes,
-                   domain=domain, port=port)
+        _cnf = load_yaml_config(filename)
     elif filename.endswith(".json"):
         _str = open(filename).read()
-        return cls(json.loads(_str),
-                   entity_conf_class=entity_conf_class,
-                   base_path=base_path, file_attributes=file_attributes, domain=domain, port=port)
+        _cnf = json.loads(_str)
     elif filename.endswith(".py"):
         head, tail = os.path.split(filename)
         tail = tail[:-3]
         module = importlib.import_module(tail)
         _cnf = getattr(module, "CONFIG")
+    else:
+        raise ValueError("Unknown file type")
 
-        # _str = open(filename).read()
-        # _cnf = ast.literal_eval(_str)
-        return cls(_cnf,
-                   entity_conf_class=entity_conf_class,
-                   base_path=base_path, file_attributes=file_attributes,
-                   domain=domain, port=port)
+    return cls(_cnf,
+               entity_conf=entity_conf,
+               base_path=base_path, file_attributes=file_attributes,
+               domain=domain, port=port)

tests/rp_conf.yaml

@@ -0,0 +1,112 @@
+port: &port 8090
+domain: &domain 127.0.0.1
+base_url: "https://{domain}:{port}"
+
+httpc_params:
+  # This is just for testing a local usage. In all other cases it MUST be True
+  verify: false
+  # Client side
+  #client_cert: "certs/client.crt"
+  #client_key: "certs/client.key"
+
+keydefs: &keydef
+  - "type": "RSA"
+    "key": ''
+    "use": ["sig"]
+  - "type": "EC"
+    "crv": "P-256"
+    "use": ["sig"]
+
+rp_keys:
+  'private_path': 'private/jwks.json'
+  'key_defs': *keydef
+  'public_path': 'static/jwks.json'
+  # this will create the jwks files if they are absent
+  'read_only': False
+
+client_preferences: &id001
+  application_name: rphandler
+  application_type: web
+  contacts:
+    - ops@example.com
+  response_types:
+    - code
+  scope:
+    - openid
+    - profile
+    - email
+    - address
+    - phone
+  token_endpoint_auth_method:
+    - client_secret_basic
+    - client_secret_post
+
+services: &id002
+  discovery: &disc
+    class: oidcservice.oidc.provider_info_discovery.ProviderInfoDiscovery
+    kwargs: {}
+  registration: &regist
+    class: oidcservice.oidc.registration.Registration
+    kwargs: {}
+  authorization: &authz
+    class: oidcservice.oidc.authorization.Authorization
+    kwargs: {}
+  accesstoken: &acctok
+    class: oidcservice.oidc.access_token.AccessToken
+    kwargs: {}
+  userinfo: &userinfo
+    class: oidcservice.oidc.userinfo.UserInfo
+    kwargs: {}
+  end_session: &sess
+    class: oidcservice.oidc.end_session.EndSession
+    kwargs: {}
+
+clients:
+  "":
+    client_preferences: *id001
+    redirect_uris: None
+    services: *id002
+  flop:
+    client_preferences: *id001
+    issuer: https://127.0.0.1:5000/
+    redirect_uris:
+      - 'https://{domain}:{port}/authz_cb/flop'
+    post_logout_redirect_uris:
+      - "https://{domain}:{port}/session_logout/flop"
+    frontchannel_logout_uri: "https://{domain}:{port}/fc_logout/flop"
+    frontchannel_logout_session_required: True
+    backchannel_logout_uri: "https://{domain}:{port}/bc_logout/flop"
+    backchannel_logout_session_required: True
+    services:
+      discovery: *disc
+      registration: *regist
+      authorization: *authz
+      accesstoken: *acctok
+      userinfo: *userinfo
+      end_session: *sess
+    add_ons:
+      pkce:
+        function: oidcservice.oidc.add_on.pkce.add_pkce_support
+        kwargs:
+          code_challenge_length: 64
+          code_challenge_method: S256
+#      status_check:
+#        function: oidcservice.oidc.add_on.status_check.add_status_check_support
+#        kwargs:
+#          rp_iframe_path: "templates/rp_iframe.html"
+  bobcat:
+    client_id: client3
+    client_secret: 'abcdefghijklmnop'
+    client_preferences: *id001
+    issuer: http://127.0.0.1:8080/
+    jwks_uri: 'static/jwks.json'
+    redirect_uris: ['https://{domain}:{port}/authz_cb/bobcat']
+    post_logout_redirect_uris:
+      - "https://{domain}:{port}/session_logout/bobcat"
+    services: *id002
+    request_args:
+      claims:
+        id_token:
+          acr:
+            essential:
+              true

tests/test_22_config.py

@@ -8,15 +8,29 @@
 
 
 def test_yaml_config():
-    c = create_from_config_file(cls=Configuration, entity_conf_class=RPConfiguration,
+    c = create_from_config_file(Configuration,
+                                entity_conf=[{"class": RPConfiguration, "attr": "rp"}],
                                 filename=os.path.join(_dirname, 'conf.yaml'),
                                 base_path=_dirname)
     assert c
     assert set(c.web_conf.keys()) == {'port', 'domain', 'server_cert', 'server_key', 'debug'}
 
-    entity_config = c.entity
-    assert entity_config.base_url == "https://127.0.0.1:8090"
-    assert entity_config.httpc_params == {"verify": False}
-    assert set(entity_config.services.keys()) == {'discovery', 'registration', 'authorization',
+    rp_config = c.rp
+    assert rp_config.base_url == "https://127.0.0.1:8090"
+    assert rp_config.httpc_params == {"verify": False}
+    assert set(rp_config.services.keys()) == {'discovery', 'registration', 'authorization',
+                                              'accesstoken', 'userinfo', 'end_session'}
+    assert set(rp_config.clients.keys()) == {'', 'bobcat', 'flop'}
+
+
+def test_dict():
+    configuration = create_from_config_file(RPConfiguration,
+                                            filename=os.path.join(_dirname, 'rp_conf.yaml'),
+                                            base_path=_dirname)
+    assert configuration
+
+    assert configuration.base_url == "https://127.0.0.1:8090"
+    assert configuration.httpc_params == {"verify": False}
+    assert set(configuration.services.keys()) == {'discovery', 'registration', 'authorization',
                                                   'accesstoken', 'userinfo', 'end_session'}
-    assert set(entity_config.clients.keys()) == {'', 'bobcat', 'flop'}
+    assert set(configuration.clients.keys()) == {'', 'bobcat', 'flop'}