Skip to content
This repository was archived by the owner on Jun 1, 2023. It is now read-only.

Commit 88479a0

Browse files
committed
Check for RS256 in id_token_signing_alg_values_supported.
According to standard MUST always be present. Allow for default not always be set.
1 parent b552ba5 commit 88479a0

File tree

4 files changed

+9
-7
lines changed

4 files changed

+9
-7
lines changed

src/oidcmsg/message.py

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -35,8 +35,11 @@ class Message(MutableMapping):
3535
c_default = {}
3636
c_allowed_values = {}
3737

38-
def __init__(self, **kwargs):
39-
self._dict = self.c_default.copy()
38+
def __init__(self, set_defaults=True, **kwargs):
39+
if set_defaults:
40+
self._dict = self.c_default.copy()
41+
else:
42+
self._dict = {}
4043
self.lax = False
4144
self.jwt = None
4245
self.jws_header = None
@@ -73,7 +76,7 @@ def set_defaults(self):
7376
Based on specification set a parameters value to the default value.
7477
"""
7578
for key, val in self.c_default.items():
76-
self._dict[key] = val
79+
self._dict.setdefault(key, val)
7780

7881
def to_urlencoded(self, lev=0):
7982
"""

src/oidcmsg/oidc/__init__.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -915,6 +915,9 @@ def verify(self, **kwargs):
915915
elif parts.scheme != "https":
916916
raise SchemeError("Not HTTPS")
917917

918+
if "RS256" not in self["id_token_signing_alg_values_supported"]:
919+
raise ValueError('RS256 missing from id_token_signing_alg_values_supported')
920+
918921
if not parts.query and not parts.fragment:
919922
pass
920923
else:

tests/test_05_oauth2.py

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -490,7 +490,6 @@ def test_init(self):
490490
class TestCCAccessTokenRequest(object):
491491
def test_init(self):
492492
cc = CCAccessTokenRequest(scope="/foo")
493-
494493
assert cc["grant_type"] == "client_credentials"
495494
assert cc["scope"] == ["/foo"]
496495

@@ -499,7 +498,6 @@ class TestRefreshAccessTokenRequest(object):
499498
def test_init(self):
500499
ratr = RefreshAccessTokenRequest(refresh_token="ababababab",
501500
client_id="Client_id")
502-
503501
assert ratr["grant_type"] == "refresh_token"
504502
assert ratr["refresh_token"] == "ababababab"
505503
assert ratr["client_id"] == "Client_id"

tests/test_06_oidc.py

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -536,7 +536,6 @@ def test_deserialize(self):
536536

537537
reg = RegistrationRequest().deserialize(json.dumps(msg), "json")
538538
assert reg.verify()
539-
540539
assert _eq(list(msg.keys()) + ['response_types'], reg.keys())
541540

542541
def test_registration_request(self):
@@ -582,7 +581,6 @@ def test_deser(self):
582581
application_type="web",
583582
redirect_uris=[
584583
"https://example.com/authz_cb"])
585-
586584
ser_req = req.serialize('urlencoded')
587585
deser_req = registration_request_deser(ser_req)
588586
assert set(deser_req.keys()) == {'operation', 'default_max_age',

0 commit comments

Comments
 (0)