IdentityPython · rohe · Sep 16, 2021 · Aug 31, 2021 · Sep 1, 2021 · Sep 2, 2021
diff --git a/example/flask_op/views.py b/example/flask_op/views.py
@@ -78,14 +78,16 @@ def do_response(endpoint, req_args, error='', **args):
     if error:
         if _response_placement == 'body':
             _log.info('Error Response: {}'.format(info['response']))
-            resp = make_response(info['response'], 400)
+            _http_response_code = info.get('response_code', 400)
+            resp = make_response(info['response'], _http_response_code)
         else:  # _response_placement == 'url':
             _log.info('Redirect to: {}'.format(info['response']))
             resp = redirect(info['response'])
     else:
         if _response_placement == 'body':
             _log.info('Response: {}'.format(info['response']))
-            resp = make_response(info['response'], 200)
+            _http_response_code = info.get('response_code', 200)
+            resp = make_response(info['response'], _http_response_code)
         else:  # _response_placement == 'url':
             _log.info('Redirect to: {}'.format(info['response']))
             resp = redirect(info['response'])
@@ -166,10 +168,14 @@ def registration():
         current_app.server.server_get("endpoint", 'registration'))
 
 
-@oidc_op_views.route('/registration_api', methods=['GET'])
+@oidc_op_views.route('/registration_api', methods=['GET', 'DELETE'])
 def registration_api():
-    return service_endpoint(
-        current_app.server.server_get("endpoint", 'registration_read'))
+    if request.method == "DELETE":
+        return service_endpoint(
+            current_app.server.server_get("endpoint", 'registration_delete'))
+    else:
+        return service_endpoint(
+            current_app.server.server_get("endpoint", 'registration_read'))
 
 
 @oidc_op_views.route('/authorization')
@@ -245,10 +251,14 @@ def service_endpoint(endpoint):
             err_msg = ResponseMessage(error='invalid_request', error_description=str(err))
             return make_response(err_msg.to_json(), 400)
 
-    _log.info('request: {}'.format(req_args))
     if isinstance(req_args, ResponseMessage) and 'error' in req_args:
-        return make_response(req_args.to_json(), 400)
+        _log.info('Error response: {}'.format(req_args))
+        _resp = make_response(req_args.to_json(), 400)
+        if request.method == "POST":
+            _resp.headers["Content-type"] = "application/json"
+        return _resp
     try:
+        _log.info('request: {}'.format(req_args))
         if isinstance(endpoint, Token):
             args = endpoint.process_request(AccessTokenRequest(**req_args), http_info=http_info)
         else:

diff --git a/src/oidcop/configure.py b/src/oidcop/configure.py
@@ -59,7 +59,10 @@
                         "max_usage": 1,
                     },
                     "access_token": {},
-                    "refresh_token": {"supports_minting": ["access_token", "refresh_token"]},
+                    "refresh_token": {
+                        "supports_minting": ["access_token", "refresh_token"],
+                        "expires_in": -1
+                    },
                 },
                 "expires_in": 43200,
             }
@@ -380,7 +383,10 @@ def __init__(
                         "max_usage": 1,
                     },
                     "access_token": {},
-                    "refresh_token": {"supports_minting": ["access_token", "refresh_token"]},
+                    "refresh_token": {
+                        "supports_minting": ["access_token", "refresh_token"],
+                        "expires_in": -1
+                    },
                 },
                 "expires_in": 43200,
             }

diff --git a/src/oidcop/constant.py b/src/oidcop/constant.py
@@ -1 +1,3 @@
 DIVIDER = ";;"
+
+DEFAULT_TOKEN_LIFETIME = 1800
diff --git a/src/oidcop/cookie_handler.py b/src/oidcop/cookie_handler.py
@@ -167,6 +167,7 @@ def _ver_dec_content(self, parts):
             try:
                 msg = decrypter.decrypt(ciphertext, iv, tag=tag)
             except InvalidTag:
+                LOGGER.debug("Decryption failed")
                 return None
 
             p = lv_unpack(msg.decode("utf-8"))
@@ -180,6 +181,8 @@ def _ver_dec_content(self, parts):
                     self.sign_key.key,
                 ):
                     return payload, timestamp
+                else:
+                    LOGGER.debug("Could not verify signature")
             else:
                 return payload, timestamp
         return None
@@ -247,12 +250,18 @@ def parse_cookie(self, name: str, cookies: List[dict]) -> Optional[List[dict]]:
         if not cookies:
             return None
 
+        LOGGER.debug("Looking for '{}' cookies".format(name))
         res = []
         for _cookie in cookies:
-            if _cookie["name"] == name:
-                payload, timestamp = self._ver_dec_content(_cookie["value"].split("|"))
-                value, typ = payload.split("::")
-                res.append({"value": value, "type": typ, "timestamp": timestamp})
+            LOGGER.debug('Cookie: {}'.format(_cookie))
+            if "name" in _cookie and _cookie["name"] == name:
+                _content = self._ver_dec_content(_cookie["value"].split("|"))
+                if _content:
+                    payload, timestamp = self._ver_dec_content(_cookie["value"].split("|"))
+                    value, typ = payload.split("::")
+                    res.append({"value": value, "type": typ, "timestamp": timestamp})
+                else:
+                    LOGGER.debug(f"Could not verify {name} cookie")
         return res
 
 

diff --git a/src/oidcop/endpoint.py b/src/oidcop/endpoint.py
@@ -128,10 +128,6 @@ def __init__(self, server_get: Callable, **kwargs):
         self.allowed_targets = [self.name]
         self.client_verification_method = []
 
-    def parse_cookies(self, cookies: List[dict], context: EndpointContext, name: str):
-        res = context.cookie_handler.parse_cookie(name, cookies)
-        return res
-
     def parse_request(
         self, request: Union[Message, dict, str], http_info: Optional[dict] = None, **kwargs
     ):
@@ -330,10 +326,9 @@ def do_response(
         resp = None
         if error:
             _response = ResponseMessage(error=error)
-            try:
-                _response["error_description"] = kwargs["error_description"]
-            except KeyError:
-                pass
+            for attr in ["error_description", "error_uri", "state"]:
+                if attr in kwargs:
+                    _response[attr] = kwargs[attr]
         elif "response_msg" in kwargs:
             resp = kwargs["response_msg"]
             _response_placement = kwargs.get("response_placement")
@@ -405,6 +400,11 @@ def do_response(
         except KeyError:
             pass
 
+        try:
+            _resp["response_code"] = kwargs["response_code"]
+        except KeyError:
+            pass
+
         return _resp
 
     def allowed_target_uris(self):