Merge pull request #31 from nsklikas/minor-fixes

Minor fixes

Author: rohe

src/oidcop/oauth2/introspection.py

@@ -86,9 +86,8 @@ def process_request(self, request=None, release: Optional[list] = None, **kwargs
         except UnknownToken:
             return {"response_args": _resp}
 
-        _token = _context.session_manager.find_token(
-            _session_info["session_id"], request_token
-        )
+        grant = _session_info["grant"]
+        _token = grant.get_token(request_token)
 
         _info = self._introspect(
             _token, _session_info["client_id"], _session_info["grant"]
@@ -106,7 +105,9 @@ def process_request(self, request=None, release: Optional[list] = None, **kwargs
         _resp.update(_info)
         _resp.weed()
 
-        _claims_restriction = _session_info["grant"].claims.get("introspection")
+        _claims_restriction = grant.claims.get(
+            "introspection"
+        )
         if _claims_restriction:
             user_info = _context.claims_interface.get_user_claims(
                 _session_info["user_id"], _claims_restriction

src/oidcop/oidc/add_on/pkce.py

@@ -3,7 +3,9 @@
 from typing import Dict
 
 from cryptojwt.utils import b64e
-from oidcmsg.oauth2 import AuthorizationErrorResponse
+from oidcmsg.oauth2 import (
+    AuthorizationErrorResponse, RefreshAccessTokenRequest, TokenExchangeRequest
+)
 from oidcmsg.oidc import TokenErrorResponse
 
 from oidcop.endpoint import Endpoint
@@ -84,7 +86,10 @@ def post_token_parse(request, client_id, endpoint_context, **kwargs):
     :param token_request:
     :return:
     """
-    if isinstance(request, AuthorizationErrorResponse):
+    if isinstance(
+        request,
+        (AuthorizationErrorResponse, RefreshAccessTokenRequest, TokenExchangeRequest),
+    ):
         return request
 
     try:

src/oidcop/oidc/token.py

@@ -227,7 +227,8 @@ def post_parse_request(
                 error="invalid_grant", error_description="Unknown code"
             )
 
-        code = _mngr.find_token(_session_info["session_id"], request["code"])
+        grant = _session_info["grant"]
+        code = grant.get_token(request["code"])
         if not isinstance(code, AuthorizationCode):
             return self.error_cls(
                 error="invalid_request", error_description="Wrong token type"
@@ -238,7 +239,7 @@ def post_parse_request(
                 error="invalid_request", error_description="Code inactive"
             )
 
-        _auth_req = _session_info["grant"].authorization_request
+        _auth_req = grant.authorization_request
 
         if "client_id" not in request:  # Optional for access token request
             request["client_id"] = _auth_req["client_id"]
@@ -259,10 +260,12 @@ def process_request(self, req: Union[Message, dict], **kwargs):
             )
 
         token_value = req["refresh_token"]
-        _session_info = _mngr.get_session_info_by_token(token_value, grant=True)
-        token = _mngr.find_token(_session_info["session_id"], token_value)
+        _session_info = _mngr.get_session_info_by_token(
+            token_value, grant=True
+        )
 
         _grant = _session_info["grant"]
+        token = _grant.get_token(token_value)
         access_token = self._mint_token(
             type="access_token",
             grant=_grant,
@@ -337,12 +340,14 @@ def post_parse_request(
 
         _mngr = _context.session_manager
         try:
-            _session_info = _mngr.get_session_info_by_token(request["refresh_token"])
+            _session_info = _mngr.get_session_info_by_token(
+                request["refresh_token"], grant=True
+            )
         except KeyError:
             logger.error("Access Code invalid")
             return self.error_cls(error="invalid_grant")
 
-        token = _mngr.find_token(_session_info["session_id"], request["refresh_token"])
+        token = _session_info["grant"].get_token(request["refresh_token"])
 
         if not isinstance(token, RefreshToken):
             return self.error_cls(