A default key_conf will only be applied if the Server is not part of a combo.

Added more resilience.
Wrong method was used for the pushed auth test.

Author: rohe

src/idpyoidc/client/client_auth.py

@@ -29,6 +29,7 @@
 
 __author__ = "roland hedberg"
 
+DEFAULT_ACCESS_TOKEN_TYPE = "Bearer"
 
 class AuthnFailure(Exception):
     """Unspecified Authentication failure"""
@@ -296,11 +297,14 @@ def find_token_info(request: Union[Message, dict], token_type: str, service, **k
             del request[token_type]
             # Required under certain circumstances :-) not under other
             request.c_param[token_type] = SINGLE_OPTIONAL_STRING
-            return {token_type: _token, "token_type": "Bearer"}
+            return {token_type: _token, "token_type": DEFAULT_ACCESS_TOKEN_TYPE}
 
     _state = kwargs.get("state", kwargs.get("key"))
-    _token_info = service.upstream_get("context").cstate.get_set(_state, claim=[token_type,
-                                                                                "token_type"])
+    if _state:
+        _token_info = service.upstream_get("context").cstate.get_set(
+            _state, claim=[token_type, "token_type"])
+    else:
+        _token_info = {"token_type": DEFAULT_ACCESS_TOKEN_TYPE}
 
     _token = kwargs.get("access_token", None)
     if _token:

src/idpyoidc/server/__init__.py

@@ -7,15 +7,14 @@
 
 from cryptojwt import KeyJar
 
+from idpyoidc.client.defaults import DEFAULT_KEY_DEFS
 from idpyoidc.node import Unit
-
 # from idpyoidc.server import authz
 # from idpyoidc.server.client_authn import client_auth_setup
 from idpyoidc.server.configure import ASConfiguration
 from idpyoidc.server.configure import OPConfiguration
 from idpyoidc.server.endpoint import Endpoint
 from idpyoidc.server.endpoint_context import EndpointContext
-
 # from idpyoidc.server.session.manager import create_session_manager
 # from idpyoidc.server.user_authn.authn_context import populate_authn_broker
 from idpyoidc.server.util import allow_refresh_token
@@ -36,20 +35,26 @@ class Server(Unit):
     parameter = {"endpoint": [Endpoint], "context": EndpointContext}
 
     def __init__(
-        self,
-        conf: Union[dict, OPConfiguration, ASConfiguration],
-        keyjar: Optional[KeyJar] = None,
-        cwd: Optional[str] = "",
-        cookie_handler: Optional[Any] = None,
-        httpc: Optional[Callable] = None,
-        upstream_get: Optional[Callable] = None,
-        httpc_params: Optional[dict] = None,
-        entity_id: Optional[str] = "",
-        key_conf: Optional[dict] = None,
+            self,
+            conf: Union[dict, OPConfiguration, ASConfiguration],
+            keyjar: Optional[KeyJar] = None,
+            cwd: Optional[str] = "",
+            cookie_handler: Optional[Any] = None,
+            httpc: Optional[Callable] = None,
+            upstream_get: Optional[Callable] = None,
+            httpc_params: Optional[dict] = None,
+            entity_id: Optional[str] = "",
+            key_conf: Optional[dict] = None,
     ):
         self.entity_id = entity_id or conf.get("entity_id")
         self.issuer = conf.get("issuer", self.entity_id)
 
+        if upstream_get is None:
+            if key_conf is None:
+                _conf = conf.get("key_conf")
+                if _conf is None:
+                    key_conf = {"key_defs": DEFAULT_KEY_DEFS}
+
         Unit.__init__(
             self,
             config=conf,

tests/test_client_29_pushed_auth.py

@@ -57,7 +57,7 @@ def test_authorization(self):
         with responses.RequestsMock() as rsps:
             _resp = {"request_uri": "urn:example:bwc4JK-ESC0w8acc191e-Y1LTC2", "expires_in": 3600}
             rsps.add(
-                "GET",
+                "POST",
                 auth_service.upstream_get("context").provider_info[
                     "pushed_authorization_request_endpoint"
                 ],

tests/test_client_30_rph_defaults.py

@@ -52,7 +52,7 @@ def test_init_client(self):
         _keyjar = client.get_attribute("keyjar")
         assert list(_keyjar.owners()) == ["", BASE_URL]
         keys = _keyjar.get_issuer_keys("")
-        assert len(keys) == 4
+        assert len(keys) == 2
 
         assert _context.base_url == BASE_URL