def _create_client(provider_metadata, client_metadata, verify_ssl=True):
"""
Create a pyoidc client instance.
:param provider_metadata: provider configuration information
:type provider_metadata: Mapping[str, Union[str, Sequence[str]]]
:param client_metadata: client metadata
:type client_metadata: Mapping[str, Union[str, Sequence[str]]]
:return: client instance to use for communicating with the configured provider
:rtype: oic.oic.Client
"""
client = oic.Client(
client_authn_method=CLIENT_AUTHN_METHOD, verify_ssl=verify_ssl
)
# Provider configuration information
if "authorization_endpoint" in provider_metadata:
# no dynamic discovery necessary
client.handle_provider_config(ProviderConfigurationResponse(**provider_metadata),
provider_metadata["issuer"])
else:
# do dynamic discovery
client.provider_config(provider_metadata["issuer"])
# Client information
if "client_id" in client_metadata:
# static client info provided
client.store_registration_info(RegistrationRequest(**client_metadata))
else:
# do dynamic registration
client.register(client.provider_info['registration_endpoint'],
**client_metadata)
client.subject_type = (client.registration_response.get("subject_type") or
client.provider_info["subject_types_supported"][0])
return client
def __init__(self,
client_id=None,
ca_certs=None,
client_prefs=None,
client_authn_methods=None,
keyjar=None,
conf=None,
server_info=None,
authz_page="",
flow_type="",
password=None,
registration_info=None,
response_type="",
scope="",
verify_ssl=True):
config = {
"authz_page": authz_page,
"response_type": response_type,
"scope": scope
}
dynreg.Client.__init__(self, client_id, ca_certs, client_authn_methods,
keyjar, verify_ssl)
self.oidc_client = oic.Client(client_id, ca_certs, client_prefs,
client_authn_methods, keyjar, verify_ssl)
self.provider_info = None
# token per user
self.token = {}
self.behaviour = {
"require_signed_request_object":
DEF_SIGN_ALG["openid_request_object"]
}
self.conf = conf or {}
self.registration_info = registration_info
self.flow_type = flow_type
self.scope = scope
self.state = {}
self.allow = {}
self.keyjar = None
self.client_id = ""
self.client_secret = ""
self.request2endpoint.update({
"RegistrationRequest": "dynamic_client_endpoint",
"TokenRequest": "token_endpoint",
"AuthorizationRequest": "authorization_endpoint",
"RequestingPartyClaimsRequest": "requesting_party_claims_endpoint",
"IntrospectionRequest": "introspection_endpoint",
"ResourceSetDescription": "resource_set_registration_endpoint",
"PermissionRegistrationRequest":
"permission_registration_endpoint",
# "AuthorizationDataRequest": "authorization_data_request_endpoint",
"RPTRequest": "rpt_endpoint"
})