Skip to content

Commit

Permalink
add claims for OAuth 2.0 Protected Resource
Browse files Browse the repository at this point in the history
  • Loading branch information
lionick authored and rohe committed Apr 3, 2024
1 parent 70b42c5 commit 3cef03d
Show file tree
Hide file tree
Showing 4 changed files with 73 additions and 1 deletion.
46 changes: 46 additions & 0 deletions src/idpyoidc/client/claims/oauth2resource.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
from typing import Optional

from idpyoidc.client import claims
from idpyoidc.message.oauth2 import OAuthProtectedResourceRequest
from idpyoidc.client.claims.transform import array_or_singleton

class Claims(claims.Claims):
_supports = {
"resource": None,
"grant_types_supported": ["authorization_code", "implicit", "refresh_token"],
"scopes_supported": [],
"authorization_servers": [],
"bearer_methods_supported": [],
"resource_documentation": None,
"resource_signing_alg_values_supported": [],
"resource_encryption_alg_values_supported": [],
"resource_encryption_enc_values_supported": [],
"client_registration_types": [],
"organization_name": None,
"resource_policy_uri": None,
"resource_tos_uri": None
}

callback_path = {}

callback_uris = ["redirect_uris"]

def __init__(self, prefer: Optional[dict] = None, callback_path: Optional[dict] = None):
claims.Claims.__init__(self, prefer=prefer, callback_path=callback_path)

def create_registration_request(self):
_request = {}
for key, spec in OAuthProtectedResourceRequest.c_param.items():
_pref_key = key
if _pref_key in self.prefer:
value = self.prefer[_pref_key]
elif _pref_key in self.supports():
value = self.supports()[_pref_key]
else:
continue

if not value:
continue

_request[key] = array_or_singleton(spec, value)
return _request
9 changes: 8 additions & 1 deletion src/idpyoidc/client/service.py
Original file line number Diff line number Diff line change
Expand Up @@ -262,9 +262,16 @@ def construct(self, request_args: Optional[dict] = None, **kwargs):
_args = self.gather_request_args(**request_args)

# logger.debug("kwargs: %s" % sanitize(kwargs))

# we must check if claims module is idpyoidc.client.claims.oauth2recource as
# in that case we don't want to set_defaults like application_type etc.
obj = self.upstream_get("context").claims
# initiate the request as in an instance of the self.msg_type
# message type
request = self.msg_type(**_args)
if(obj.__class__.__module__ == "idpyoidc.client.claims.oauth2resource"):
request = self.msg_type(**_args, set_defaults=False)
else:
request = self.msg_type(**_args)

_behaviour_args = kwargs.get("behaviour_args")
if _behaviour_args:
Expand Down
3 changes: 3 additions & 0 deletions src/idpyoidc/client/service_context.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
from idpyoidc.claims import claims_dump
from idpyoidc.claims import claims_load
from idpyoidc.client.claims.oauth2 import Claims as OAUTH2_Specs
from idpyoidc.client.claims.oauth2resource import Claims as OAUTH2RESOURCE_Specs
from idpyoidc.client.claims.oidc import Claims as OIDC_Specs
from idpyoidc.client.configure import Configuration
from idpyoidc.util import rndstr
Expand Down Expand Up @@ -133,6 +134,8 @@ def __init__(
self.claims = OIDC_Specs()
elif client_type == "oauth2":
self.claims = OAUTH2_Specs()
elif client_type == "oauth2resource":
self.claims = OAUTH2RESOURCE_Specs()
else:
raise ValueError(f"Unknown client type: {client_type}")

Expand Down
16 changes: 16 additions & 0 deletions src/idpyoidc/message/oauth2/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -636,6 +636,22 @@ class TokenRevocationErrorResponse(ResponseMessage):
c_allowed_values = ResponseMessage.c_allowed_values.copy()
c_allowed_values.update({"error": ["unsupported_token_type"]})

class OAuthProtectedResourceRequest(Message):
c_param = {
"resource": SINGLE_REQUIRED_STRING,
"authorization_servers": OPTIONAL_LIST_OF_STRINGS,
"jwks_uri": SINGLE_OPTIONAL_STRING,
"resource_documentation": SINGLE_OPTIONAL_STRING,
"scopes_supported": OPTIONAL_LIST_OF_STRINGS,
"bearer_methods_supported": OPTIONAL_LIST_OF_STRINGS,
"resource_signing_alg_values_supported": OPTIONAL_LIST_OF_STRINGS,
"resource_encryption_alg_values_supported": OPTIONAL_LIST_OF_STRINGS,
"resource_encryption_enc_values_supported": OPTIONAL_LIST_OF_STRINGS,
"client_registration_types": OPTIONAL_LIST_OF_STRINGS,
"organization_name": SINGLE_OPTIONAL_STRING,
"resource_policy_uri": SINGLE_OPTIONAL_STRING,
"resource_tos_uri": SINGLE_OPTIONAL_STRING
}

def factory(msgtype, **kwargs):
"""
Expand Down

0 comments on commit 3cef03d

Please sign in to comment.