MAde sure oidcrp works with oidcservice 0.6.4

Author: rohe

flask_rp/application.py

@@ -3,7 +3,6 @@
 from flask.app import Flask
 
 from cryptojwt.key_jar import init_key_jar
-from oidcservice.service_factory import service_factory
 
 from oidcrp import RPHandler
 
@@ -27,8 +26,7 @@ def init_oidc_rp_handler(app):
                     keyjar=_kj, jwks_path=_path,
                     client_configs=app.config.get('CLIENTS'),
                     services=app.config.get('SERVICES'),
-                    verify_ssl=verify_ssl, service_factory=service_factory,
-                    module_dirs=['oidc'])
+                    verify_ssl=verify_ssl)
 
     return rph
 

flask_rp/conf.yaml

@@ -0,0 +1,111 @@
+BASEURL: "https://127.0.0.1:8090"
+
+# If BASE is https these has to be specified
+SERVER_CERT: "certs/cert.pem"
+SERVER_KEY: "certs/key.pem"
+CA_BUNDLE: ''
+
+# This is just for testing an local usage. In all other cases it MUST be True
+VERIFY_SSL: false
+
+KEYDEFS: &keydef
+  -
+    "type": "RSA"
+    "key": ''
+    "use": ["sig"]
+  -
+    "type": "EC"
+    "crv": "P-256"
+    "use": ["sig"]
+
+HTML_HOME: 'html'
+SECRET_KEY: 'secret_key'
+SESSION_COOKIE_NAME: 'rp_session'
+PREFERRED_URL_SCHEME: 'https'
+
+OIDC_KEYS:
+    'private_path': "./priv/jwks.json"
+    'key_defs': *keydef
+    'public_path': './static/jwks.json'
+
+PUBLIC_JWKS_PATH: 'https://127.0.0.1:8090/static/jwks.json'
+
+client_preferences: &id001
+    application_name: rphandler
+    application_type: web
+    contacts: [ops@example.com]
+    response_types: [code]
+    scope: [openid, profile, email, address, phone]
+    token_endpoint_auth_method: [client_secret_basic, client_secret_post]
+
+services: &id002
+  discovery:
+    class: oidcservice.rp.provider_info_discovery.ProviderInfoDiscovery
+    kwargs: {}
+  registration:
+    class: oidcservice.rp.registration.Registration
+    kwargs: {}
+  authorization:
+    class: oidcservice.oidc.authorization.Authorization
+    kwargs: {}
+  accesstoken:
+    class: oidcservice.oidc.accesstoken.Accesstoken
+    kwargs: {}
+  refresh_accesstoken:
+    class: oidcservice.oidc.refresh_access_token.RefreshAccessToken
+    kwargs: {}
+  userinfo:
+    class: oidcservice.oidc.userinfo.UserInfo
+    kwargs: {}
+  end_session:
+    class: oidcservice.oidc.session.EndSession
+    kwargs: {}
+
+
+client:
+  bobcat:
+    client_id: client3
+    client_preferences:
+      response_types: [code]
+      scope: [openid, offline_access]
+      token_endpoint_auth_method: client_secret_basic
+    client_secret: '2222222222222222222222222222222222222222'
+    issuer: https://127.0.0.1:8443/
+    redirect_uris: [['https://127.0.0.1:8090/authz_cb/bobcat', '']]
+    services:
+      authorization:
+        class: oidcservice.oidc.authorization.Authorization
+        kwargs: {}
+      accesstoken:
+        class: oidcservice.oidc.accesstoken.Accesstoken
+        kwargs: {}
+      discovery:
+        class: oidcservice.rp.provider_info_discovery.ProviderInfoDiscovery
+        kwargs: {}
+      refresh_accesstoken:
+        class: oidcservice.oidc.refresh_access_token.RefreshAccessToken
+        kwargs: {}
+  filip:
+    backchannel_logout_uri: https://127.0.0.1:8090/bc_logout
+    client_preferences: *id001
+    issuer: https://guarded-cliffs-8635.herokuapp.com/
+    post_logout_redirect_uris: ['https://127.0.0.1:8090/session_logout']
+    redirect_uris: ['https://127.0.0.1:8090/authz_cb/filip']
+    services: *id002
+  filip_local:
+    backchannel_logout_uri: https://127.0.0.1:8090/bc_logout
+    client_preferences: *id001
+    issuer: http://localhost:3000/
+    post_logout_redirect_uris: ['https://127.0.0.1:8090/session_logout']
+    redirect_uris: ['https://127.0.0.1:8090/authz_cb/filip_local']
+    services: *id002
+  flop:
+    backchannel_logout_uri: https://127.0.0.1:8090/bc_logout/flop
+    client_preferences: *id001
+    issuer: https://127.0.0.1:5000/
+    post_logout_redirect_uris: ['https://127.0.0.1:8090/session_logout']
+    redirect_uris: ['https://127.0.0.1:8090/authz_cb/flop']
+    services: *id002
+
+# Whether an attempt to fetch the userinfo should be made
+USERINFO: true