Add registration_token kwarg to Client.register

Close #432

CHANGELOG.md

@@ -23,6 +23,7 @@ The format is based on the [KeepAChangeLog] project.
 
 ### Added
 - [#496] Ability to specify additional supported scopes for oic.Provider
+- [#432] Ability to specify Initial Access Token for ``Client.register``
 
 [#494]: https://github.com/OpenIDC/issues/494
 [#496]: https://github.com/OpenIDC/pyoidc/issues/496
@@ -32,6 +33,7 @@ The format is based on the [KeepAChangeLog] project.
 [#502]: https://github.com/OpenIDC/pyoidc/issues/502
 [#481]: https://github.com/OpenIDC/pyoidc/issues/481
 [#492]: https://github.com/OpenIDC/pyoidc/issues/492
+[#432]: https://github.com/OpenIDC/pyoidc/issues/432
 
 ## 0.13.1 [2018-04-06]
 

doc/examples/rp.rst

@@ -152,6 +152,14 @@ Provide the parameters as arguments to the method::
 
 or a combination of the two.
 
+If the OP requires to authenticate at the Registration Endpoint, you can pass the `Initial Access Token <https://openid.net/specs/openid-connect-registration-1_0.html#ClientRegistration>`_
+as a keyword argument to the :py:meth:`Client.register` method::
+
+    registration_response = client.register(
+        provider_infop["registration_endpoint"],
+        registration_token="my token", **args)
+
+
 Provided the registration went flawlessly you will get the registration response
 (an instance of RegistrationResponse) as a result. The response will also be
 stored in the client instance (registration_response attribute) and some of the parameters

src/oic/oic/__init__.py

@@ -1,6 +1,7 @@
 import hashlib
 import logging
 import os
+from base64 import b64encode
 
 from oic.utils.http_util import Response
 
@@ -1351,11 +1352,12 @@ def create_registration_request(self, **kwargs):
 
         return req
 
-    def register(self, url, **kwargs):
+    def register(self, url, registration_token=None, **kwargs):
         """
         Register the client at an OP
 
         :param url: The OPs registration endpoint
+        :param registration_token: Initial Access Token for registration endpoint
         :param kwargs: parameters to the registration request
         :return:
         """
@@ -1367,6 +1369,8 @@ def register(self, url, **kwargs):
             self.events.store('Protocol request', req)
 
         headers = {"content-type": "application/json"}
+        if registration_token is not None:
+            headers["Authorization"] = b"Bearer " + b64encode(registration_token.encode())
 
         rsp = self.http_request(url, "POST", data=req.to_json(),
                                 headers=headers)

tests/test_oic_consumer.py

@@ -510,6 +510,22 @@ def test_client_register(self, fake_oic_server):
         assert c.client_secret is not None
         assert c.registration_expires > utc_time_sans_frac()
 
+    def test_client_register_token(self):
+        c = Consumer(None, None)
+
+        c.application_type = "web"
+        c.application_name = "My super service"
+        c.redirect_uris = ["https://example.com/authz"]
+        c.contact = ["foo@example.com"]
+
+        client_info = {"client_id": "clientid", "redirect_uris": ["https://example.com/authz"]}
+
+        with responses.RequestsMock() as rsps:
+            rsps.add(rsps.POST, "https://provider.example.com/registration/", json=client_info)
+            c.register("https://provider.example.com/registration/", registration_token="initial_registration_token")
+            header = rsps.calls[0].request.headers['Authorization'].decode()
+            assert header == "Bearer aW5pdGlhbF9yZWdpc3RyYXRpb25fdG9rZW4="
+
     def _faulty_id_token(self):
         idval = {'nonce': 'KUEYfRM2VzKDaaKD', 'sub': 'EndUserSubject',
                  'iss': 'https://alpha.cloud.nds.rub.de', 'exp': 1420823073,