Skip to content

Commit aca1857

Browse files
roherohe
committed
Implement default configuration.
1 parent 7569430 commit aca1857

File tree

7 files changed

+1897
-48
lines changed

7 files changed

+1897
-48
lines changed

src/idpyoidc/node.py

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,10 @@
33
from typing import Union
44

55
from cryptojwt import KeyJar
6+
from cryptojwt.key_jar import build_keyjar
67
from cryptojwt.key_jar import init_key_jar
78

9+
from idpyoidc.client.defaults import DEFAULT_KEY_DEFS
810
from idpyoidc.configure import Configuration
911
from idpyoidc.impexp import ImpExp
1012
from idpyoidc.util import instantiate
@@ -101,9 +103,9 @@ def __init__(
101103
key_conf = key_conf or config.get("key_conf", config.get("keys"))
102104

103105
if not keyjar and not key_conf:
106+
keyjar = KeyJar()
104107
_jwks = config.get("jwks")
105108
if _jwks:
106-
keyjar = KeyJar()
107109
keyjar.import_jwks_as_json(_jwks, client_id)
108110

109111
if keyjar or key_conf:
@@ -123,7 +125,9 @@ def __init__(
123125
self.keyjar.add_symmetric(client_id, _key)
124126
self.keyjar.add_symmetric("", _key)
125127
else:
126-
self.keyjar = None
128+
self.keyjar = build_keyjar(DEFAULT_KEY_DEFS)
129+
if issuer_id:
130+
self.keyjar.import_jwks(self.keyjar.export_jwks(private=True), issuer_id)
127131

128132
self.httpc_params = httpc_params or config.get("httpc_params", {})
129133

src/idpyoidc/server/configure.py

Lines changed: 114 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -7,16 +7,14 @@
77
from typing import List
88
from typing import Optional
99

10+
from idpyoidc.client.defaults import OAUTH2_SERVER_METADATA_URL
1011
from idpyoidc.configure import Base
1112
from idpyoidc.server.client_configure import verify_oidc_client_information
1213
from idpyoidc.server.scopes import SCOPE2CLAIMS
1314

1415
logger = logging.getLogger(__name__)
1516

16-
OP_DEFAULT_CONFIG = {
17-
"preference": {
18-
"subject_types_supported": ["public", "pairwise"],
19-
},
17+
_DEFAULT_CONFIG = {
2018
"cookie_handler": {
2119
"class": "idpyoidc.server.cookie_handler.CookieHandler",
2220
"kwargs": {
@@ -39,7 +37,83 @@
3937
},
4038
},
4139
},
42-
"claims_interface": {"class": "idpyoidc.server.session.claims.ClaimsInterface", "kwargs": {}},
40+
"claims_interface": {
41+
"class": "idpyoidc.server.session.claims.ClaimsInterface",
42+
"kwargs": {}
43+
},
44+
"httpc_params": {"verify": False, "timeout": 4},
45+
"issuer": "https://{domain}:{port}",
46+
"template_dir": "templates"
47+
}
48+
49+
AS_DEFAULT_CONFIG = copy.deepcopy(_DEFAULT_CONFIG)
50+
_C = {
51+
"authz": {
52+
"class": "idpyoidc.server.authz.AuthzHandling",
53+
"kwargs": {
54+
"grant_config": {
55+
"usage_rules": {
56+
"authorization_code": {
57+
"supports_minting": ["access_token", "refresh_token"],
58+
"max_usage": 1,
59+
"expires_in": 120 # 2 minutes
60+
},
61+
"access_token": {"expires_in": 3600}, # An hour
62+
"refresh_token": {
63+
"supports_minting": ["access_token", "refresh_token"],
64+
"expires_in": 86400, # One day
65+
},
66+
},
67+
"expires_in": 2592000, # a month, 30 days
68+
}
69+
}
70+
},
71+
"claims_interface": {
72+
"class": "idpyoidc.server.session.claims.ClaimsInterface",
73+
"kwargs": {
74+
"claims_release_points": ["introspection", "access_token"]
75+
}
76+
},
77+
"endpoint": {
78+
"provider_info": {
79+
"path": OAUTH2_SERVER_METADATA_URL[3:],
80+
"class": "idpyoidc.server.oauth2.server_metadata.ServerMetadata",
81+
"kwargs": {"client_authn_method": None},
82+
},
83+
"authorization": {
84+
"path": "authorization",
85+
"class": "idpyoidc.server.oauth2.authorization.Authorization",
86+
"kwargs": {
87+
"client_authn_method": None,
88+
"claims_parameter_supported": True,
89+
"request_parameter_supported": True,
90+
"request_uri_parameter_supported": True,
91+
"response_types_supported": ["code"],
92+
"response_modes_supported": ["query", "fragment", "form_post"],
93+
},
94+
},
95+
"token": {
96+
"path": "token",
97+
"class": "idpyoidc.server.oauth2.token.Token",
98+
"kwargs": {
99+
"client_authn_method": [
100+
"client_secret_post",
101+
"client_secret_basic",
102+
"client_secret_jwt",
103+
"private_key_jwt",
104+
]
105+
}
106+
}
107+
}
108+
}
109+
110+
AS_DEFAULT_CONFIG.update(_C)
111+
112+
OP_DEFAULT_CONFIG = copy.deepcopy(_DEFAULT_CONFIG)
113+
OP_DEFAULT_CONFIG.update({
114+
"preference": {
115+
"subject_types_supported": ["public", "pairwise"],
116+
},
43117
"authz": {
44118
"class": "idpyoidc.server.authz.AuthzHandling",
45119
"kwargs": {
@@ -52,18 +126,22 @@
52126
"id_token",
53127
],
54128
"max_usage": 1,
129+
'expires_in': 120 # 2 minutes
55130
},
56-
"access_token": {},
131+
"access_token": {'expires_in': 3600}, # An hour
57132
"refresh_token": {
58-
"supports_minting": ["access_token", "refresh_token"],
59-
"expires_in": -1,
133+
"supports_minting": ["access_token", "refresh_token", "id_token"],
134+
"expires_in": 86400, # One day
60135
},
61136
},
62-
"expires_in": 43200,
137+
"expires_in": 2592000, # a month, 30 days
63138
}
64139
},
65140
},
66-
"httpc_params": {"verify": False, "timeout": 4},
141+
"claims_interface": {
142+
"class": "idpyoidc.server.session.claims.ClaimsInterface",
143+
"kwargs": {}
144+
},
67145
"endpoint": {
68146
"provider_info": {
69147
"path": ".well-known/openid-configuration",
@@ -109,8 +187,6 @@
109187
"kwargs": {"claim_types_supported": ["normal", "aggregated", "distributed"]},
110188
},
111189
},
112-
"issuer": "https://{domain}:{port}",
113-
"template_dir": "templates",
114190
"token_handler_args": {
115191
"jwks_file": "private/token_jwks.json",
116192
"code": {"kwargs": {"lifetime": 600}},
@@ -125,13 +201,8 @@
125201
"id_token": {"class": "idpyoidc.server.token.id_token.IDToken", "kwargs": {}},
126202
},
127203
"scopes_to_claims": SCOPE2CLAIMS,
128-
}
204+
})
129205

130-
AS_DEFAULT_CONFIG = copy.deepcopy(OP_DEFAULT_CONFIG)
131-
AS_DEFAULT_CONFIG["claims_interface"] = {
132-
"class": "idpyoidc.server.session.claims.OAuth2ClaimsInterface",
133-
"kwargs": {},
134-
}
135206

136207

137208
class EntityConfiguration(Base):
@@ -160,15 +231,15 @@ class EntityConfiguration(Base):
160231
}
161232

162233
def __init__(
163-
self,
164-
conf: Dict,
165-
base_path: Optional[str] = "",
166-
entity_conf: Optional[List[dict]] = None,
167-
domain: Optional[str] = "",
168-
port: Optional[int] = 0,
169-
file_attributes: Optional[List[str]] = None,
170-
dir_attributes: Optional[List[str]] = None,
171-
upstream_get: Optional[Callable] = None,
234+
self,
235+
conf: Dict,
236+
base_path: Optional[str] = "",
237+
entity_conf: Optional[List[dict]] = None,
238+
domain: Optional[str] = "",
239+
port: Optional[int] = 0,
240+
file_attributes: Optional[List[str]] = None,
241+
dir_attributes: Optional[List[str]] = None,
242+
upstream_get: Optional[Callable] = None,
172243
):
173244

174245
conf = copy.deepcopy(conf)
@@ -232,14 +303,14 @@ class OPConfiguration(EntityConfiguration):
232303
)
233304

234305
def __init__(
235-
self,
236-
conf: Dict,
237-
base_path: Optional[str] = "",
238-
entity_conf: Optional[List[dict]] = None,
239-
domain: Optional[str] = "",
240-
port: Optional[int] = 0,
241-
file_attributes: Optional[List[str]] = None,
242-
dir_attributes: Optional[List[str]] = None,
306+
self,
307+
conf: Dict,
308+
base_path: Optional[str] = "",
309+
entity_conf: Optional[List[dict]] = None,
310+
domain: Optional[str] = "",
311+
port: Optional[int] = 0,
312+
file_attributes: Optional[List[str]] = None,
313+
dir_attributes: Optional[List[str]] = None,
243314
):
244315
super().__init__(
245316
conf=conf,
@@ -256,14 +327,14 @@ class ASConfiguration(EntityConfiguration):
256327
"Authorization server configuration"
257328

258329
def __init__(
259-
self,
260-
conf: Dict,
261-
base_path: Optional[str] = "",
262-
entity_conf: Optional[List[dict]] = None,
263-
domain: Optional[str] = "",
264-
port: Optional[int] = 0,
265-
file_attributes: Optional[List[str]] = None,
266-
dir_attributes: Optional[List[str]] = None,
330+
self,
331+
conf: Dict,
332+
base_path: Optional[str] = "",
333+
entity_conf: Optional[List[dict]] = None,
334+
domain: Optional[str] = "",
335+
port: Optional[int] = 0,
336+
file_attributes: Optional[List[str]] = None,
337+
dir_attributes: Optional[List[str]] = None,
267338
):
268339
EntityConfiguration.__init__(
269340
self,

src/idpyoidc/server/session/claims.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
import logging
2+
from typing import List
23
from typing import Optional
34
from typing import Union
45

@@ -26,8 +27,10 @@ class ClaimsInterface:
2627
init_args = {"add_claims_by_scope": False, "enable_claims_per_client": False}
2728
claims_release_points = ["userinfo", "introspection", "id_token", "access_token"]
2829

29-
def __init__(self, upstream_get):
30+
def __init__(self, upstream_get, claims_release_points:List[str] = None):
3031
self.upstream_get = upstream_get
32+
if claims_release_points:
33+
self.claims_release_points = claims_release_points
3134

3235
def authorization_request_claims(
3336
self,

tests/private/token_jwks.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
{"keys": [{"kty": "oct", "use": "enc", "kid": "code", "k": "vSHDkLBHhDStkR0NWu8519rmV5zmnm5_"}, {"kty": "oct", "use": "enc", "kid": "refresh", "k": "vqIt8YWhzwe9_Ws49kIJVoW3-Y60T_z_"}]}
1+
{"keys": [{"kty": "oct", "use": "enc", "kid": "code", "k": "vSHDkLBHhDStkR0NWu8519rmV5zmnm5_"}]}

tests/static/jwks.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
{"keys": [{"kty": "RSA", "use": "sig", "kid": "YnNESFhyQjloMnYzV2VqRGR2a3VCblFLX2h4VGl3TDVlY3FUNkViUE90bw", "e": "AQAB", "n": "2iMaDALTQolz4UaT--GhjriLMyNbrDGlIXxSmgRh17Cm3cuHiyPOIQv1pjZVg4ATU1aafxmFyTfrmtf56tPuJ8yqcNNZC8XadYPAw7PTW9g8GJgLtC8GURJ9GQZD6FYIE6YCou8fYo6yd4b99y2y_vsl06cm9xQnstfp6eyMkcgQyrmdmlbyeuXwvcxsxtGX61MTJtCp4VELmDctJiYP_bD7HNRPV7uqXDMNmWSY0TYL-tg0As4y8-w3wSwmtcfWhnQEraFT0-m4hBpEWHlouuFNXRQIrXbamKxeh6kJNO0wJN8fZ4Ovygf8sE4kEwBPfWO59wxDF7camTpDUqg29Q"}, {"kty": "EC", "use": "sig", "kid": "aWhtalRSTDZmNmRTd1ZDNWZmY3ZGMTNqM1dnLVA2RjQyMi1CNGdOSUNKVQ", "crv": "P-256", "x": "Ww5XVT3CxYN88BpJDZGodRiar0qr8UvPFaRoqzyD1Io", "y": "w23EDFAvwe03NjL5NKtUXwxuVMFmEn3ecJOPbljiDkg"}]}
1+
{"keys": [{"kty": "RSA", "use": "sig", "kid": "YnNESFhyQjloMnYzV2VqRGR2a3VCblFLX2h4VGl3TDVlY3FUNkViUE90bw", "n": "2iMaDALTQolz4UaT--GhjriLMyNbrDGlIXxSmgRh17Cm3cuHiyPOIQv1pjZVg4ATU1aafxmFyTfrmtf56tPuJ8yqcNNZC8XadYPAw7PTW9g8GJgLtC8GURJ9GQZD6FYIE6YCou8fYo6yd4b99y2y_vsl06cm9xQnstfp6eyMkcgQyrmdmlbyeuXwvcxsxtGX61MTJtCp4VELmDctJiYP_bD7HNRPV7uqXDMNmWSY0TYL-tg0As4y8-w3wSwmtcfWhnQEraFT0-m4hBpEWHlouuFNXRQIrXbamKxeh6kJNO0wJN8fZ4Ovygf8sE4kEwBPfWO59wxDF7camTpDUqg29Q", "e": "AQAB"}, {"kty": "EC", "use": "sig", "kid": "aWhtalRSTDZmNmRTd1ZDNWZmY3ZGMTNqM1dnLVA2RjQyMi1CNGdOSUNKVQ", "crv": "P-256", "x": "Ww5XVT3CxYN88BpJDZGodRiar0qr8UvPFaRoqzyD1Io", "y": "w23EDFAvwe03NjL5NKtUXwxuVMFmEn3ecJOPbljiDkg"}]}

0 commit comments

Comments
 (0)