Added a parent class exception OidcOPError.

Moved a token error from exception.py to token/exception.py.
Used the umbrella error TokenException.

Author: rohe

src/oidcop/exception.py

@@ -1,4 +1,8 @@
-class OidcEndpointError(Exception):
+class OidcOPError(Exception):
+    pass
+
+
+class OidcEndpointError(OidcOPError):
     pass
 
 
@@ -96,7 +100,3 @@ class CapabilitiesMisMatch(OidcEndpointError):
 
 class MultipleCodeUsage(OidcEndpointError):
     pass
-
-
-class InvalidToken(Exception):
-    pass

src/oidcop/token/exception.py

@@ -1,21 +1,33 @@
-class ExpiredToken(Exception):
+from oidcop.exception import OidcOPError
+
+
+class TokenException(OidcOPError):
+    pass
+
+
+class ExpiredToken(TokenException):
     pass
 
 
-class WrongTokenType(Exception):
+class WrongTokenType(TokenException):
     pass
 
 
-class WrongTokenClass(Exception):
+class WrongTokenClass(TokenException):
     pass
 
-class AccessCodeUsed(Exception):
+
+class AccessCodeUsed(TokenException):
+    pass
+
+
+class UnknownToken(TokenException):
     pass
 
 
-class UnknownToken(Exception):
+class NotAllowed(TokenException):
     pass
 
 
-class NotAllowed(Exception):
+class InvalidToken(TokenException):
     pass

src/oidcop/token/handler.py

@@ -9,11 +9,10 @@
 from oidcmsg.impexp import ImpExp
 from oidcmsg.item import DLDict
 
-from oidcop.exception import InvalidToken
 from oidcop.token import DefaultToken
 from oidcop.token import Token
 from oidcop.token import UnknownToken
-from oidcop.token import WrongTokenType
+from oidcop.token.exception import TokenException
 from oidcop.util import importer
 
 __author__ = "Roland Hedberg"
@@ -25,11 +24,11 @@ class TokenHandler(ImpExp):
     parameter = {"handler": DLDict, "handler_order": [""]}
 
     def __init__(
-        self,
-        access_token: Optional[Token] = None,
-        authorization_code: Optional[Token] = None,
-        refresh_token: Optional[Token] = None,
-        id_token: Optional[Token] = None,
+            self,
+            access_token: Optional[Token] = None,
+            authorization_code: Optional[Token] = None,
+            refresh_token: Optional[Token] = None,
+            id_token: Optional[Token] = None,
     ):
         ImpExp.__init__(self)
         self.handler = {"authorization_code": authorization_code,
@@ -73,7 +72,7 @@ def get_handler(self, token, order=None):
         for typ in order:
             try:
                 res = self.handler[typ].info(token)
-            except (KeyError, WrongTokenType, InvalidToken, UnknownToken, Invalid, AttributeError):
+            except (KeyError, TokenException, Invalid, AttributeError):
                 pass
             else:
                 return self.handler[typ], res
@@ -143,13 +142,13 @@ def default_token(spec):
 
 
 def factory(
-    server_get,
-    code: Optional[dict] = None,
-    token: Optional[dict] = None,
-    refresh: Optional[dict] = None,
-    id_token: Optional[dict] = None,
-    jwks_file: Optional[str] = "",
-    **kwargs
+        server_get,
+        code: Optional[dict] = None,
+        token: Optional[dict] = None,
+        refresh: Optional[dict] = None,
+        id_token: Optional[dict] = None,
+        jwks_file: Optional[str] = "",
+        **kwargs
 ) -> TokenHandler:
     """
     Create a token handler

src/oidcop/token/id_token.py

@@ -11,9 +11,9 @@
 from oidcop.exception import ToOld
 from oidcop.session.claims import claims_match
 from oidcop.token import is_expired
+from oidcop.token.exception import InvalidToken
 from . import Token
 from . import UnknownToken
-from ..exception import InvalidToken
 from ..util import get_logout_id
 
 logger = logging.getLogger(__name__)
@@ -58,7 +58,7 @@ def include_session_id(endpoint_context, client_id, where):
 
 
 def get_sign_and_encrypt_algorithms(
-    endpoint_context, client_info, payload_type, sign=False, encrypt=False
+        endpoint_context, client_info, payload_type, sign=False, encrypt=False
 ):
     args = {"sign": sign, "encrypt": encrypt}
     if sign:
@@ -117,11 +117,11 @@ class IDToken(Token):
     }
 
     def __init__(
-        self,
-        token_class: Optional[str] = "id_token",
-        lifetime: Optional[int] = 300,
-        server_get: Callable = None,
-        **kwargs
+            self,
+            token_class: Optional[str] = "id_token",
+            lifetime: Optional[int] = 300,
+            server_get: Callable = None,
+            **kwargs
     ):
         Token.__init__(self, token_class, **kwargs)
         self.lifetime = lifetime
@@ -131,7 +131,7 @@ def __init__(
         self.provider_info = construct_endpoint_info(self.default_capabilities, **kwargs)
 
     def payload(
-        self, session_id, alg="RS256", code=None, access_token=None, extra_claims=None,
+            self, session_id, alg="RS256", code=None, access_token=None, extra_claims=None,
     ):
         """
 
@@ -200,15 +200,15 @@ def payload(
         return _args
 
     def sign_encrypt(
-        self,
-        session_id,
-        client_id,
-        code=None,
-        access_token=None,
-        sign=True,
-        encrypt=False,
-        lifetime=None,
-        extra_claims=None,
+            self,
+            session_id,
+            client_id,
+            code=None,
+            access_token=None,
+            sign=True,
+            encrypt=False,
+            lifetime=None,
+            extra_claims=None,
     ) -> str:
         """
         Signed and or encrypt a IDToken
@@ -253,7 +253,7 @@ def __call__(self, session_id: Optional[str] = "", ttype: Optional[str] = "", **
 
         # Should I add session ID. This is about Single Logout.
         if include_session_id(_context, client_id, "back") or include_session_id(
-            _context, client_id, "front"
+                _context, client_id, "front"
         ):
 
             xargs = {"sid": get_logout_id(_context, user_id=user_id, client_id=client_id)}