Distinguish between configuration attributes that points to files and those that points to directories.

Author: rohe

doc/source/add_on/pkce.rst

@@ -8,8 +8,6 @@ Proof Key for Code Exchange
 Introduction
 ------------
 
-
-
 OAuth 2.0 public clients utilizing the Authorization Code Grant are
 susceptible to the authorization code interception attack.  `RFC7636`_
 describes the attack as well as a technique to mitigate

setup.py

@@ -74,7 +74,7 @@ def run_tests(self):
         "Programming Language :: Python :: 3.9",
         "Topic :: Software Development :: Libraries :: Python Modules"],
     install_requires=[
-        'oidcmsg==1.4.1',
+        'oidcmsg==1.5.3',
         'pyyaml>=5.1.2',
         'responses'
     ],

src/oidcrp/configure.py

@@ -58,6 +58,7 @@ def __init__(self,
                  conf: Dict,
                  base_path: str = '',
                  file_attributes: Optional[List[str]] = None,
+                 dir_attributes: Optional[List[str]] = None
                  ):
 
         if file_attributes is None:

src/oidcrp/rp_handler.py

@@ -21,7 +21,7 @@
 from oidcmsg.oidc import OpenIDSchema
 from oidcmsg.oidc import RegistrationRequest
 from oidcmsg.oidc.session import BackChannelLogoutRequest
-from oidcmsg.time_util import time_sans_frac
+from oidcmsg.time_util import utc_time_sans_frac
 
 from . import oidc
 from .defaults import DEFAULT_CLIENT_CONFIGS
@@ -836,7 +836,7 @@ def has_active_authentication(self, state):
             ['auth_response', 'token_response', 'refresh_token_response'])
 
         if _arg:
-            _now = time_sans_frac()
+            _now = utc_time_sans_frac()
             exp = _arg['__verified_id_token']['exp']
             return _now < exp
         else:
@@ -854,7 +854,7 @@ def get_valid_access_token(self, state):
         exp = 0
         token = None
         indefinite = []
-        now = time_sans_frac()
+        now = utc_time_sans_frac()
 
         client = self.get_client_from_session_key(state)
         _context = client.client_get("service_context")

tests/pub_client.jwks

@@ -1 +1 @@
-{"keys": [{"kty": "RSA", "use": "sig", "kid": "SUswNi1MRFlDT0Y2YjU1Z1RfQlo2S3dEa3FTTkV3LThFcnhDTHF5elk2VQ", "e": "AQAB", "n": "0UkUx2ewKyc-XJ1o0ToyGjws_JybAMZj2oYjsPyyvQ_T5dhZ2VmRRRkhsaVJ2xE_GGc7mSG0IjmGFyXp5y0w4mJBcsAEE5-8eBTvQdYIryjW74r3jt6Fi4Hlm1yFMTie3apv8mw79BUj-jT0kh3_m-FiKKUvLsq45DcLtTJ4cx7Ize37dl1sFSpQcoYMk7eiUEM8fiNboiVwvBYNAWVMkUM-LnVUPm3UjvKp0LihYEkZFWOxmuQmj2x25SFUkjus38ERrRqJQBZduxdBHFrWtWg8yOA53BkMU0FFg_r0H3ctl-5GaKw-BWlogU4qXnsq85xy0EoenRk7FPV8g_ulJw"}, {"kty": "EC", "use": "sig", "kid": "NC1pdGRQN002bWM3bk1xX2R0SktscElqbFdtN29ITDV2WVd2b0hOYzREVQ", "crv": "P-256", "x": "kK7Qp1woSerI7rUOAwW_4sU6ZmwV3wwXKX3VU-v2fMI", "y": "iPWd_Pjq6EjxYy08KNFZ3PxhEwgWHgAQTTknlKMKJA0"}]}
+{"keys": [{"kty": "RSA", "use": "sig", "kid": "SUswNi1MRFlDT0Y2YjU1Z1RfQlo2S3dEa3FTTkV3LThFcnhDTHF5elk2VQ", "n": "0UkUx2ewKyc-XJ1o0ToyGjws_JybAMZj2oYjsPyyvQ_T5dhZ2VmRRRkhsaVJ2xE_GGc7mSG0IjmGFyXp5y0w4mJBcsAEE5-8eBTvQdYIryjW74r3jt6Fi4Hlm1yFMTie3apv8mw79BUj-jT0kh3_m-FiKKUvLsq45DcLtTJ4cx7Ize37dl1sFSpQcoYMk7eiUEM8fiNboiVwvBYNAWVMkUM-LnVUPm3UjvKp0LihYEkZFWOxmuQmj2x25SFUkjus38ERrRqJQBZduxdBHFrWtWg8yOA53BkMU0FFg_r0H3ctl-5GaKw-BWlogU4qXnsq85xy0EoenRk7FPV8g_ulJw", "e": "AQAB"}, {"kty": "EC", "use": "sig", "kid": "NC1pdGRQN002bWM3bk1xX2R0SktscElqbFdtN29ITDV2WVd2b0hOYzREVQ", "crv": "P-256", "x": "kK7Qp1woSerI7rUOAwW_4sU6ZmwV3wwXKX3VU-v2fMI", "y": "iPWd_Pjq6EjxYy08KNFZ3PxhEwgWHgAQTTknlKMKJA0"}]}