From 8a7f1b77e8f1eff007b4139e4a8155130ae37f9e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= <emiliano.sune@gmail.com>
Date: Thu, 31 Aug 2023 15:58:09 -0700
Subject: [PATCH] Update authorization,token endpoints to be consistent.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Emiliano Suñé <emiliano.sune@gmail.com>
---
 oidc-controller/api/core/oidc/provider.py | 18 +++++++++---------
 oidc-controller/api/routers/oidc.py       | 18 +++++++++---------
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/oidc-controller/api/core/oidc/provider.py b/oidc-controller/api/core/oidc/provider.py
index be09db56..7a6b3ef2 100644
--- a/oidc-controller/api/core/oidc/provider.py
+++ b/oidc-controller/api/core/oidc/provider.py
@@ -1,19 +1,18 @@
-import structlog
-import structlog.typing
 import os
+from urllib.parse import urlparse
 
+import structlog
+import structlog.typing
 from api.core.config import settings
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric import rsa
+from jwkest.jwk import KEYS, RSAKey, rsa_load
 from pymongo.database import Database
 from pyop.authz_state import AuthorizationState
 from pyop.provider import Provider
-from pyop.storage import StatelessWrapper
 from pyop.subject_identifier import HashBasedSubjectIdentifierFactory
 from pyop.userinfo import Userinfo
-from urllib.parse import urlparse
-from jwkest.jwk import rsa_load, RSAKey, KEYS
 
 logger: structlog.typing.FilteringBoundLogger = structlog.get_logger()
 DIR_PATH = os.path.dirname(os.path.realpath(__file__))
@@ -86,14 +85,15 @@ def pem_file_exists(filepath) -> bool:
 )
 signing_keys = KEYS().append(signing_key)
 
-# config from vc-authn-oidc 1.0 can be found here
-# https://toip-vc-authn-controller-dev.apps.silver.devops.gov.bc.ca/.well-known/openid-configuration
+# Define constants so that they can be imported for route definition in routers/oidc.py
+AuthorizeUriEndpoint = "authorize"
+TokenUriEndpoint = "token"
 
 # TODO validate the correctness of this? either change config or add capabilities
 configuration_information = {
     "issuer": issuer_url,
-    "authorization_endpoint": f"{issuer_url}/authorization",
-    "token_endpoint": f"{issuer_url}/token",
+    "authorization_endpoint": f"{issuer_url}/{AuthorizeUriEndpoint}",
+    "token_endpoint": f"{issuer_url}/{TokenUriEndpoint}",
     "jwks_uri": f"{issuer_url}/.well-known/openid-configuration/jwks",
     "response_types_supported": ["code", "id_token", "token"],
     "id_token_signing_alg_values_supported": [signing_key.alg],
diff --git a/oidc-controller/api/routers/oidc.py b/oidc-controller/api/routers/oidc.py
index e2687b3b..deb8308e 100644
--- a/oidc-controller/api/routers/oidc.py
+++ b/oidc-controller/api/routers/oidc.py
@@ -1,10 +1,10 @@
 import base64
 import io
-import structlog
-from urllib.parse import urlencode
 from datetime import datetime
+from urllib.parse import urlencode
 
 import qrcode
+import structlog
 from fastapi import APIRouter, Depends, Request
 from fastapi.responses import HTMLResponse, JSONResponse, RedirectResponse
 from jinja2 import Template
@@ -12,25 +12,25 @@
 from pymongo.database import Database
 
 from ..authSessions.crud import AuthSessionCreate, AuthSessionCRUD
-from ..authSessions.models import AuthSessionState, AuthSessionPatch
+from ..authSessions.models import AuthSessionPatch, AuthSessionState
 from ..core.acapy.client import AcapyClient
 from ..core.config import settings
 from ..core.logger_util import log_debug
 from ..core.oidc import provider
 from ..core.oidc.issue_token_service import Token
 from ..db.session import get_db
-from ..verificationConfigs.crud import VerificationConfigCRUD
 
 # Access to the websocket
-from ..routers.socketio import (sio, connections_reload)
+from ..routers.socketio import connections_reload, sio
 
 # This allows the templates to insert assets like css, js or svg.
 from ..templates.helpers import add_asset
+from ..verificationConfigs.crud import VerificationConfigCRUD
 
 ChallengePollUri = "/poll"
 AuthorizeCallbackUri = "/callback"
-VerifiedCredentialAuthorizeUri = "/authorize"
-VerifiedCredentialTokenUri = "/token"
+VerifiedCredentialAuthorizeUri = f"/{provider.AuthorizeUriEndpoint}"
+VerifiedCredentialTokenUri = f"/{provider.TokenUriEndpoint}"
 
 logger: structlog.typing.FilteringBoundLogger = structlog.getLogger(__name__)
 
@@ -40,7 +40,7 @@
 @log_debug
 
 # TODO: To be replaced by a websocket and a python scheduler
-# TODO: This is a hack to get the websocket to expire the proof, if necessary 
+# TODO: This is a hack to get the websocket to expire the proof, if necessary
 @router.get(f"{ChallengePollUri}/{{pid}}")
 async def poll_pres_exch_complete(pid: str, db: Database = Depends(get_db)):
     """Called by authorize webpage to see if request
@@ -65,7 +65,7 @@ async def poll_pres_exch_complete(pid: str, db: Database = Depends(get_db)):
             str(auth_session.id), AuthSessionPatch(**auth_session.dict())
         )
         # Send message through the websocket.
-        await sio.emit('status', {'status': 'expired'}, to=sid)
+        await sio.emit("status", {"status": "expired"}, to=sid)
 
     return {"proof_status": auth_session.proof_status}