Skip to content

Commit 98f7a67

Browse files
authored
Merge pull request #35 from IdentityPython/def_req_token_type
Defined DEFAULT_REQUESTED_TOKEN_TYPE.
2 parents 7765ef9 + 75d3bd7 commit 98f7a67

File tree

3 files changed

+28
-16
lines changed

3 files changed

+28
-16
lines changed

src/idpyoidc/server/constant.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,3 @@
1-
import os
2-
31
# from cryptojwt.jwe.fernet import DEFAULT_ITERATIONS
42

53
DEF_SIGN_ALG = {
@@ -17,3 +15,5 @@
1715
DIVIDER = ";;"
1816

1917
DEFAULT_TOKEN_LIFETIME = 1800
18+
19+
DEFAULT_REQUESTED_TOKEN_TYPE = "urn:ietf:params:oauth:token-type:access_token"

src/idpyoidc/server/oauth2/token.py

Lines changed: 18 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
from idpyoidc.message.oauth2 import ResponseMessage
1010
from idpyoidc.message.oauth2 import TokenExchangeRequest
1111
from idpyoidc.message.oidc import TokenErrorResponse
12+
from idpyoidc.server.constant import DEFAULT_REQUESTED_TOKEN_TYPE
1213
from idpyoidc.server.endpoint import Endpoint
1314
from idpyoidc.server.exception import ProcessError
1415
from idpyoidc.server.oauth2.token_helper import AccessTokenHelper
@@ -133,13 +134,24 @@ def process_request(self, request: Optional[Union[Message, dict]] = None, **kwar
133134

134135
if isinstance(request, TokenExchangeRequest):
135136
if "token_exchange" in _context.cdb[request["client_id"]]:
136-
default_requested_token_type = _context.cdb[request["client_id"]]["token_exchange"][
137-
"default_requested_token_type"
138-
]
137+
try:
138+
default_requested_token_type = _context.cdb[request["client_id"]][
139+
"token_exchange"]["default_requested_token_type"]
140+
except KeyError:
141+
try:
142+
default_requested_token_type = self.helper[
143+
"urn:ietf:params:oauth:grant-type:token-exchange"
144+
].config["default_requested_token_type"]
145+
except:
146+
default_requested_token_type = DEFAULT_REQUESTED_TOKEN_TYPE
139147
else:
140-
default_requested_token_type = self.helper[
141-
"urn:ietf:params:oauth:grant-type:token-exchange"
142-
].config["default_requested_token_type"]
148+
try:
149+
default_requested_token_type = self.helper[
150+
"urn:ietf:params:oauth:grant-type:token-exchange"
151+
].config["default_requested_token_type"]
152+
except KeyError:
153+
default_requested_token_type = DEFAULT_REQUESTED_TOKEN_TYPE
154+
143155
requested_token_type = request.get("requested_token_type", default_requested_token_type)
144156
_handler_key = TOKEN_TYPES_MAPPING[requested_token_type]
145157
else:

src/idpyoidc/server/oauth2/token_helper.py

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
from idpyoidc.message.oauth2 import TokenExchangeResponse
1414
from idpyoidc.message.oidc import RefreshAccessTokenRequest
1515
from idpyoidc.message.oidc import TokenErrorResponse
16+
from idpyoidc.server.constant import DEFAULT_REQUESTED_TOKEN_TYPE
1617
from idpyoidc.server.constant import DEFAULT_TOKEN_LIFETIME
1718
from idpyoidc.server.exception import ToOld
1819
from idpyoidc.server.exception import UnAuthorizedClientScope
@@ -597,11 +598,7 @@ def process_request(self, request, **kwargs):
597598
def _validate_configuration(self, config):
598599
if "requested_token_types_supported" not in config:
599600
raise ImproperlyConfigured(
600-
f"Missing 'requested_token_types_supported'" "from Token Exchange configuration"
601-
)
602-
if "default_requested_token_type" not in config:
603-
raise ImproperlyConfigured(
604-
f"Missing 'default_requested_token_type'" "from Token Exchange configuration"
601+
f"Missing 'requested_token_types_supported' from Token Exchange configuration"
605602
)
606603
if "policy" not in config:
607604
raise ImproperlyConfigured(f"Missing 'policy' from Token Exchange configuration")
@@ -613,11 +610,14 @@ def _validate_configuration(self, config):
613610
raise ImproperlyConfigured(
614611
f"Missing 'callable' from default Token Exchange policy configuration"
615612
)
616-
if config["default_requested_token_type"] not in config["requested_token_types_supported"]:
613+
614+
_default_requested_token_type = config.get("default_requested_token_type",
615+
DEFAULT_REQUESTED_TOKEN_TYPE)
616+
if _default_requested_token_type not in config["requested_token_types_supported"]:
617617
raise ImproperlyConfigured(
618-
f"Unsupported default requested_token_type {config['default_requested_token_type']}"
618+
f"Unsupported default requested_token_type {_default_requested_token_type}"
619619
)
620-
620+
621621

622622
def validate_token_exchange_policy(request, context, subject_token, **kwargs):
623623
if "resource" in request:

0 commit comments

Comments
 (0)