Add DPoP key support to AuthorizationRequestSerializer (#119)

snarfed · snarfed · commit 56b93c9679dd · 2025-02-12T15:26:02.000-08:00
diff --git a/requests_oauth2client/authorization_request.py b/requests_oauth2client/authorization_request.py
@@ -940,6 +940,8 @@ def default_dumper(azr: AuthorizationRequest) -> str:
 
         """
         d = asdict(azr)
+        if azr.dpop_key:
+            d["dpop_key"]["private_key"] = azr.dpop_key.private_key.to_pem()
         d.update(**d.pop("kwargs", {}))
         return BinaPy.serialize_to("json", d).to("deflate").to("b64u").ascii()
 
@@ -961,6 +963,14 @@ def default_loader(
 
         """
         args = BinaPy(serialized).decode_from("b64u").decode_from("deflate").parse_from("json")
+
+        if dpop_key := args.get("dpop_key"):
+            dpop_key["private_key"] = Jwk.from_pem(dpop_key["private_key"])
+            dpop_key.pop("jti_generator", None)
+            dpop_key.pop("iat_generator", None)
+            dpop_key.pop("dpop_token_class", None)
+            args["dpop_key"] = DPoPKey(**dpop_key)
+
         return azr_class(**args)
 
     def dumps(self, azr: AuthorizationRequest) -> str:
diff --git a/tests/unit_tests/test_authorization_request.py b/tests/unit_tests/test_authorization_request.py
@@ -12,6 +12,7 @@
     AuthorizationRequestSerializer,
     AuthorizationResponse,
     AuthorizationResponseError,
+    DPoPKey,
     InvalidMaxAgeParam,
     MismatchingIssuer,
     MismatchingState,
@@ -193,6 +194,23 @@ def test_authorization_request_serializer(authorization_request: AuthorizationRe
     assert serializer.loads(serialized) == authorization_request
 
 
+def test_authorization_request_serializer_with_dpop_key() -> None:
+    dpop_key = DPoPKey.generate()
+    authorization_request = AuthorizationRequest(
+        "https://as.local/authorize",
+        client_id="foo",
+        redirect_uri="http://localhost/local",
+        scope="openid",
+        dpop_key=dpop_key,
+    )
+
+    serialized = AuthorizationRequestSerializer.default_dumper(authorization_request)
+    deserialized_request = AuthorizationRequestSerializer.default_loader(serialized)
+
+    assert isinstance(deserialized_request.dpop_key, DPoPKey)
+    assert deserialized_request.dpop_key.private_key == dpop_key.private_key
+
+
 def test_request_acr_values() -> None:
     # you may provide acr_values as a space separated list or as a real list
     assert AuthorizationRequest(
