BREAKAGE: seed param moved from global configuration to registration endpoint

Author: peppelinux

doc/source/contents/conf.rst

@@ -8,12 +8,6 @@ issuer
 
 The issuer ID of the OP, a unique value in URI format.
 
-----
-seed
-----
-
-Used in dynamic client registration endpoint when creating a new client_secret.
-If unset it will be random.
 
 --------
 password
@@ -209,8 +203,14 @@ An example::
           "path": "registration",
           "class": "oidcop.oidc.registration.Registration",
           "kwargs": {
-            "client_authn_method": null,
-            "client_secret_expiration_time": 432000
+            "client_authn_method": None,
+            "client_secret_expiration_time": 432000,
+            "client_id_generator": {
+               "class": 'oidcop.oidc.registration.random_client_id',
+               "kwargs": {
+                    "seed": "that-optional-random-value"
+               }
+           }
           }
         },
         "registration_api": {

src/oidcop/configure.py

@@ -221,7 +221,6 @@ def __init__(
         self.token_handler_args = {}
         self.userinfo = None
         self.password = None
-        self.salt = None
 
         if file_attributes is None:
             file_attributes = DEFAULT_FILE_ATTRIBUTE_NAMES

src/oidcop/endpoint_context.py

@@ -6,7 +6,6 @@
 
 import requests
 from cryptojwt import KeyJar
-from cryptojwt.utils import as_bytes
 from jinja2 import Environment
 from jinja2 import FileSystemLoader
 from oidcmsg.context import OidcContext
@@ -111,7 +110,6 @@ class EndpointContext(OidcContext):
         "provider_info": {},
         "registration_access_token": {},
         "scope2claims": {},
-        "seed": "",
         # "session_db": {},
         "session_manager": SessionManager,
         "sso_ttl": None,
@@ -139,12 +137,6 @@ def __init__(
 
         self.cwd = cwd
 
-        # Those that use seed wants bytes but I can only store str.
-        try:
-            self.seed = as_bytes(conf["seed"])
-        except KeyError:
-            self.seed = as_bytes(rndstr(32))
-
         # Default values, to be changed below depending on configuration
         # arguments for endpoints add-ons
         self.args = {}

src/oidcop/oidc/registration.py

@@ -99,8 +99,14 @@ def comb_uri(args):
         val = []
         for base, query_dict in args[param]:
             if query_dict:
-                query_string = urlencode([(key, v) for key in query_dict for v in query_dict[key]])
-                val.append("%s?%s" % (base, query_string))
+                query_string = urlencode(
+                    [
+                        (key, v)
+                        for key in query_dict
+                        for v in query_dict[key]
+                    ]
+                )
+                val.append("{base}?{query_string}")
             else:
                 val.append(base)
 
@@ -139,6 +145,14 @@ class Registration(Endpoint):
     # default
     # response_placement = 'body'
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        # Those that use seed wants bytes but I can only store str.
+        # seed
+        _seed = kwargs.get("seed") or rndstr(32)
+        self.seed = as_bytes(_seed)
+
     def match_client_request(self, request):
         _context = self.server_get("endpoint_context")
         for _pref, _prov in PREFERENCE2PROVIDER.items():
@@ -358,7 +372,7 @@ def client_secret_expiration_time(self):
         return utc_time_sans_frac() + _expiration_time
 
     def add_client_secret(self, cinfo, client_id, context):
-        client_secret = secret(context.seed, client_id)
+        client_secret = secret(self.seed, client_id)
         cinfo["client_secret"] = client_secret
         _eat = self.client_secret_expiration_time()
         if _eat: