def verify(self, **kwargs):
if "scopes_supported" in self:
assert "openid" in self["scopes_supported"]
for scope in self["scopes_supported"]:
check_char_set(scope, SCOPE_CHARSET)
parts = urlparse(self["issuer"])
try:
assert parts.scheme == "https"
except AssertionError:
raise SchemeError("Not HTTPS")
assert not parts.query and not parts.fragment
return super(ProviderConfigurationResponse, self).verify(**kwargs)
def verify(self, **kwargs):
super(ProviderConfigurationResponse, self).verify(**kwargs)
if "scopes_supported" in self:
assert "openid" in self["scopes_supported"]
for scope in self["scopes_supported"]:
check_char_set(scope, SCOPE_CHARSET)
parts = urlparse(self["issuer"])
if parts.scheme != "https":
raise SchemeError("Not HTTPS")
assert not parts.query and not parts.fragment
if any("code" in rt for rt in self["response_types_supported"]
) and "token_endpoint" not in self:
raise MissingRequiredAttribute("token_endpoint")
return True
def verify(self, **kwargs):
super().verify(**kwargs)
if "scopes_supported" in self:
if "openid" not in self["scopes_supported"]:
raise AssertionError()
for scope in self["scopes_supported"]:
check_char_set(scope, SCOPE_CHARSET)
parts = urlparse(self["issuer"])
if parts.scheme != "https":
raise SchemeError("Not HTTPS")
if parts.query or parts.fragment:
raise AssertionError()
if (any("code" in rt for rt in self["response_types_supported"])
and "token_endpoint" not in self):
raise MissingRequiredAttribute("token_endpoint")
return True
