Merge pull request #43 from IdentityPython/develop

Minor changes

Author: rohe

.github/release-drafter.yml

@@ -0,0 +1,54 @@
+name-template: 'v$RESOLVED_VERSION'
+tag-template: 'v$RESOLVED_VERSION'
+categories:
+-
+  title: 'Features'
+  labels:
+  - 'enhancement'
+  - 'feat'
+  - 'feature'
+-
+  title: 'Bug Fixes'
+  labels:
+  - 'bug'
+  - 'bugfix'
+  - 'fix'
+-
+  title: 'Maintenance'
+  labels:
+  - 'chore'
+  - 'style'
+change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
+change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks.
+version-resolver:
+  major:
+    labels: ['major']
+  minor:
+    labels: ['minor']
+  patch:
+    labels: ['patch']
+  default: patch
+exclude-labels: ['skip']
+autolabeler:
+-
+  label: 'bug'
+  branch:
+  - '/bug\/.+/'
+  - '/bugfix\/.+/'
+  - '/fix\/.+/'
+-
+  label: 'enhancement'
+  branch:
+  - '/dependabot\/.+/'
+  - '/enhancement\/.+/'
+  - '/feat\/.+/'
+  - '/feature\/.+/'
+-
+  label: 'chore'
+  branch:
+  - '/chore\/.+/'
+  - '/style\/.+/'
+template: |
+  ## Release notes
+
+  $CHANGES

.github/workflows/python-app.yml

@@ -5,9 +5,9 @@ name: oidcrp
 
 on:
   push:
-    branches: [ main, develop ]
+    branches: [ master, develop ]
   pull_request:
-    branches: [ main, develop ]
+    branches: [ master, develop ]
 
 jobs:
   build:

.github/workflows/release-drafter.yml

@@ -0,0 +1,17 @@
+name: Release drafter
+
+on:
+  push:
+    branches: [master, develop]
+  pull_request:
+    types: [opened, reopened, synchronize]
+
+jobs:
+  update_release_draft:
+    name: Update draft release
+    runs-on: ubuntu-latest
+    steps:
+    -
+      uses: release-drafter/release-drafter@v5
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

example/flask_rp/conf.json

@@ -136,7 +136,7 @@
         }
       }
     },
-    "local": {
+    "flask_provider": {
       "client_preferences": {
         "application_name": "rphandler",
         "application_type": "web",
@@ -204,6 +204,75 @@
           }
         }
       }
+    },
+    "django_provider": {
+      "client_preferences": {
+        "application_name": "rphandler",
+        "application_type": "web",
+        "contacts": [
+          "[email protected]"
+        ],
+        "response_types": [
+          "code"
+        ],
+        "scope": [
+          "openid",
+          "profile",
+          "email",
+          "address",
+          "phone"
+        ],
+        "token_endpoint_auth_method": [
+          "client_secret_basic",
+          "client_secret_post"
+        ]
+      },
+      "issuer": "https://127.0.0.1:8000/",
+      "redirect_uris": [
+        "https://{domain}:{port}/authz_cb/django"
+      ],
+      "post_logout_redirect_uris": [
+        "https://{domain}:{port}/session_logout/django"
+      ],
+      "frontchannel_logout_uri": "https://{domain}:{port}/fc_logout/django",
+      "frontchannel_logout_session_required": true,
+      "backchannel_logout_uri": "https://{domain}:{port}/bc_logout/django",
+      "backchannel_logout_session_required": true,
+      "services": {
+        "discovery": {
+          "class": "oidcrp.oidc.provider_info_discovery.ProviderInfoDiscovery",
+          "kwargs": {}
+        },
+        "registration": {
+          "class": "oidcrp.oidc.registration.Registration",
+          "kwargs": {}
+        },
+        "authorization": {
+          "class": "oidcrp.oidc.authorization.Authorization",
+          "kwargs": {}
+        },
+        "accesstoken": {
+          "class": "oidcrp.oidc.access_token.AccessToken",
+          "kwargs": {}
+        },
+        "userinfo": {
+          "class": "oidcrp.oidc.userinfo.UserInfo",
+          "kwargs": {}
+        },
+        "end_session": {
+          "class": "oidcrp.oidc.end_session.EndSession",
+          "kwargs": {}
+        }
+      },
+      "add_ons": {
+        "pkce": {
+          "function": "oidcrp.oauth2.add_on.pkce.add_support",
+          "kwargs": {
+            "code_challenge_length": 64,
+            "code_challenge_method": "S256"
+          }
+        }
+      }
     }
   },
   "webserver": {

example/flask_rp/views.py

@@ -1,4 +1,5 @@
 import logging
+import urllib
 from urllib.parse import parse_qs
 
 from flask import Blueprint
@@ -149,8 +150,21 @@ def finalize(op_hash, request_args):
         return make_response(res['error'], 400)
 
 
+def get_ophash_by_cb_uri(url:str):
+    uri = urllib.parse.splitquery(request.url)[0]
+    clients = current_app.rp_config.clients
+    for k,v in clients.items():
+        for endpoint in ("redirect_uris",
+                         "post_logout_redirect_uris",
+                         "frontchannel_logout_uri",
+                         "backchannel_logout_uri"):
+            if uri in clients[k].get(endpoint, []):
+                return k
+
+
 @oidc_rp_views.route('/authz_cb/<op_hash>')
 def authz_cb(op_hash):
+    op_hash = get_ophash_by_cb_uri(request.url)
     return finalize(op_hash, request.args)
 
 
@@ -215,6 +229,7 @@ def session_change():
 # post_logout_redirect_uri
 @oidc_rp_views.route('/session_logout/<op_hash>')
 def session_logout(op_hash):
+    op_hash = get_ophash_by_cb_uri(request.url)
     _rp = get_rp(op_hash)
     logger.debug('post_logout')
     return "Post logout from {}".format(_rp.client_get("service_context").issuer)

src/oidcrp/oidc/__init__.py

@@ -21,8 +21,7 @@
 
 DEFAULT_SERVICES = {
     "discovery": {
-        'class': 'oidcrp.oidc.provider_info_discovery'
-                 '.ProviderInfoDiscovery'
+        'class': 'oidcrp.oidc.provider_info_discovery.ProviderInfoDiscovery'
     },
     'registration': {
         'class': 'oidcrp.oidc.registration.Registration'
@@ -38,6 +37,9 @@
     },
     'userinfo': {
         'class': 'oidcrp.oidc.userinfo.UserInfo'
+    },
+    'end_session': {
+        'class': 'oidcrp.oidc.end_session.EndSession'
     }
 }