Merge pull request #324 from esune/fix/openid-endpoint-mismatch

Update authorization, token endpoints to be consistent.
bcgov · Sep 1, 2023 · 66d86c9 · 66d86c9
2 parents 78cb9e6 + 2ea7619
commit 66d86c9
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 18 deletions.
diff --git a/oidc-controller/api/core/oidc/provider.py b/oidc-controller/api/core/oidc/provider.py
@@ -1,19 +1,18 @@
-import structlog
-import structlog.typing
 import os
+from urllib.parse import urlparse
 
+import structlog
+import structlog.typing
 from api.core.config import settings
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric import rsa
+from jwkest.jwk import KEYS, RSAKey, rsa_load
 from pymongo.database import Database
 from pyop.authz_state import AuthorizationState
 from pyop.provider import Provider
-from pyop.storage import StatelessWrapper
 from pyop.subject_identifier import HashBasedSubjectIdentifierFactory
 from pyop.userinfo import Userinfo
-from urllib.parse import urlparse
-from jwkest.jwk import rsa_load, RSAKey, KEYS
 
 logger: structlog.typing.FilteringBoundLogger = structlog.get_logger()
 DIR_PATH = os.path.dirname(os.path.realpath(__file__))
@@ -86,14 +85,15 @@ def pem_file_exists(filepath) -> bool:
 )
 signing_keys = KEYS().append(signing_key)
 
-# config from vc-authn-oidc 1.0 can be found here
-# https://toip-vc-authn-controller-dev.apps.silver.devops.gov.bc.ca/.well-known/openid-configuration
+# Define constants so that they can be imported for route definition in routers/oidc.py
+AuthorizeUriEndpoint = "authorize"
+TokenUriEndpoint = "token"
 
 # TODO validate the correctness of this? either change config or add capabilities
 configuration_information = {
     "issuer": issuer_url,
-    "authorization_endpoint": f"{issuer_url}/authorization",
-    "token_endpoint": f"{issuer_url}/token",
+    "authorization_endpoint": f"{issuer_url}/{AuthorizeUriEndpoint}",
+    "token_endpoint": f"{issuer_url}/{TokenUriEndpoint}",
     "jwks_uri": f"{issuer_url}/.well-known/openid-configuration/jwks",
     "response_types_supported": ["code", "id_token", "token"],
     "id_token_signing_alg_values_supported": [signing_key.alg],

diff --git a/oidc-controller/api/routers/oidc.py b/oidc-controller/api/routers/oidc.py
@@ -1,36 +1,36 @@
 import base64
 import io
-import structlog
-from urllib.parse import urlencode
 from datetime import datetime
+from urllib.parse import urlencode
 
 import qrcode
+import structlog
 from fastapi import APIRouter, Depends, Request
 from fastapi.responses import HTMLResponse, JSONResponse, RedirectResponse
 from jinja2 import Template
 from oic.oic.message import AccessTokenRequest, AuthorizationRequest
 from pymongo.database import Database
 
 from ..authSessions.crud import AuthSessionCreate, AuthSessionCRUD
-from ..authSessions.models import AuthSessionState, AuthSessionPatch
+from ..authSessions.models import AuthSessionPatch, AuthSessionState
 from ..core.acapy.client import AcapyClient
 from ..core.config import settings
 from ..core.logger_util import log_debug
 from ..core.oidc import provider
 from ..core.oidc.issue_token_service import Token
 from ..db.session import get_db
-from ..verificationConfigs.crud import VerificationConfigCRUD
 
 # Access to the websocket
-from ..routers.socketio import (sio, connections_reload)
+from ..routers.socketio import connections_reload, sio
 
 # This allows the templates to insert assets like css, js or svg.
 from ..templates.helpers import add_asset
+from ..verificationConfigs.crud import VerificationConfigCRUD
 
 ChallengePollUri = "/poll"
 AuthorizeCallbackUri = "/callback"
-VerifiedCredentialAuthorizeUri = "/authorize"
-VerifiedCredentialTokenUri = "/token"
+VerifiedCredentialAuthorizeUri = f"/{provider.AuthorizeUriEndpoint}"
+VerifiedCredentialTokenUri = f"/{provider.TokenUriEndpoint}"
 
 logger: structlog.typing.FilteringBoundLogger = structlog.getLogger(__name__)
 
@@ -40,7 +40,7 @@
 @log_debug
 
 # TODO: To be replaced by a websocket and a python scheduler
-# TODO: This is a hack to get the websocket to expire the proof, if necessary 
+# TODO: This is a hack to get the websocket to expire the proof, if necessary
 @router.get(f"{ChallengePollUri}/{{pid}}")
 async def poll_pres_exch_complete(pid: str, db: Database = Depends(get_db)):
     """Called by authorize webpage to see if request
@@ -65,7 +65,7 @@ async def poll_pres_exch_complete(pid: str, db: Database = Depends(get_db)):
             str(auth_session.id), AuthSessionPatch(**auth_session.dict())
         )
         # Send message through the websocket.
-        await sio.emit('status', {'status': 'expired'}, to=sid)
+        await sio.emit("status", {"status": "expired"}, to=sid)
 
     return {"proof_status": auth_session.proof_status}