Merge branch 'develop' into session_params

Author: peppelinux

doc/source/contents/conf.rst

@@ -8,12 +8,6 @@ issuer
 
 The issuer ID of the OP, a unique value in URI format.
 
-----
-seed
-----
-
-Used in dynamic client registration endpoint when creating a new client_secret.
-If unset it will be random.
 
 --------------
 session params
@@ -52,25 +46,6 @@ salt
 
 Salt, value or filename, used in sub_funcs (pairwise, public) for creating the opaque hash of *sub* claim.
 
-
-sub_funcs
-#########
-
-Functions involved in subject creation (jwt token sub claim).
-
-
------------
-session_key
------------
-
-An example::
-
-    "session_key": {
-        "filename": "private/session_jwk.json",
-        "type": "OCT",
-        "use": "sig"
-      },
-
 ------
 add_on
 ------
@@ -240,8 +215,14 @@ An example::
           "path": "registration",
           "class": "oidcop.oidc.registration.Registration",
           "kwargs": {
-            "client_authn_method": null,
-            "client_secret_expiration_time": 432000
+            "client_authn_method": None,
+            "client_secret_expiration_time": 432000,
+            "client_id_generator": {
+               "class": 'oidcop.oidc.registration.random_client_id',
+               "kwargs": {
+                    "seed": "that-optional-random-value"
+               }
+           }
           }
         },
         "registration_api": {

example/flask_op/config.json

@@ -293,11 +293,6 @@
           }
         }
       },
-      "session_key": {
-        "filename": "private/session_jwk.json",
-        "type": "OCT",
-        "use": "sig"
-      },
       "template_dir": "templates",
       "token_handler_args": {
         "jwks_file": "private/token_jwks.json",

example/flask_op/config.yaml

@@ -43,10 +43,6 @@ op:
     issuer: *base_url
     httpc_params:
       verify: False
-    session_key:
-      filename: private/session_jwk.json
-      type: OCT
-      use: sig
     capabilities:
       subject_types_supported:
         - public

src/oidcop/configure.py

@@ -67,7 +67,6 @@
     },
     "httpc_params": {"verify": False},
     "issuer": "https://{domain}:{port}",
-    "session_key": {"filename": "private/session_jwk.json", "type": "OCT", "use": "sig", },
     "template_dir": "templates",
     "token_handler_args": {
         "jwks_file": "private/token_jwks.json",
@@ -216,7 +215,6 @@ def __init__(
         self.httpc_params = {}
         self.issuer = ""
         self.keys = None
-        self.session_key = None
         self.template_dir = None
         self.token_handler_args = {}
         self.userinfo = None
@@ -516,7 +514,6 @@ def __init__(
             "scheme_map": {"email": ["urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword"]}
         },
     },
-    "session_key": {"filename": "private/session_jwk.json", "type": "OCT", "use": "sig", },
     "template_dir": "templates",
     "token_handler_args": {
         "jwks_def": {

src/oidcop/endpoint_context.py

@@ -6,7 +6,6 @@
 
 import requests
 from cryptojwt import KeyJar
-from cryptojwt.utils import as_bytes
 from jinja2 import Environment
 from jinja2 import FileSystemLoader
 from oidcmsg.context import OidcContext
@@ -111,7 +110,6 @@ class EndpointContext(OidcContext):
         "provider_info": {},
         "registration_access_token": {},
         "scope2claims": {},
-        "seed": "",
         # "session_db": {},
         "session_manager": SessionManager,
         "sso_ttl": None,
@@ -139,12 +137,6 @@ def __init__(
 
         self.cwd = cwd
 
-        # Those that use seed wants bytes but I can only store str.
-        try:
-            self.seed = as_bytes(conf["seed"])
-        except KeyError:
-            self.seed = as_bytes(rndstr(32))
-
         # Default values, to be changed below depending on configuration
         # arguments for endpoints add-ons
         self.args = {}

src/oidcop/oidc/registration.py

@@ -99,8 +99,14 @@ def comb_uri(args):
         val = []
         for base, query_dict in args[param]:
             if query_dict:
-                query_string = urlencode([(key, v) for key in query_dict for v in query_dict[key]])
-                val.append("%s?%s" % (base, query_string))
+                query_string = urlencode(
+                    [
+                        (key, v)
+                        for key in query_dict
+                        for v in query_dict[key]
+                    ]
+                )
+                val.append("{base}?{query_string}")
             else:
                 val.append(base)
 
@@ -139,6 +145,14 @@ class Registration(Endpoint):
     # default
     # response_placement = 'body'
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        # Those that use seed wants bytes but I can only store str.
+        # seed
+        _seed = kwargs.get("seed") or rndstr(32)
+        self.seed = as_bytes(_seed)
+
     def match_client_request(self, request):
         _context = self.server_get("endpoint_context")
         for _pref, _prov in PREFERENCE2PROVIDER.items():
@@ -358,7 +372,7 @@ def client_secret_expiration_time(self):
         return utc_time_sans_frac() + _expiration_time
 
     def add_client_secret(self, cinfo, client_id, context):
-        client_secret = secret(context.seed, client_id)
+        client_secret = secret(self.seed, client_id)
         cinfo["client_secret"] = client_secret
         _eat = self.client_secret_expiration_time()
         if _eat:

tests/op_config.json

@@ -268,11 +268,6 @@
       }
     }
   },
-  "session_key": {
-    "filename": "private/session_jwk.json",
-    "type": "OCT",
-    "use": "sig"
-  },
   "session_params": {
       "password": "__password_used_to_encrypt_access_token_sid_value",
       "salt": "salt involved in session sub hash ",

tests/srv_config.yaml

@@ -51,10 +51,6 @@ op:
     issuer: *base_url
     httpc_params:
       verify: False
-    session_key:
-      filename: private/session_jwk.json
-      type: OCT
-      use: sig
     capabilities:
       subject_types_supported:
         - public