Merge pull request #383 from pkoffdeff/ROPC-Grant

Implement Resource Owner Password Credentials Grant correctly
CZ-NIC · Jun 28, 2017 · b06637f · b06637f
2 parents a8d7452 + b005585
commit b06637f
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -26,6 +26,9 @@ The format is based on the [KeepAChangeLog] project.
 
 ## 0.10.0.1 [UNRELEASED]
 
+### Changed
+- [#368]: `oic.oauth2.Client.construct_AccessTokenRequest()` as well as `oic.oic.Client` are now able to perform proper Resource Owner Password Credentials Grant
+
 ### Fixed
 - [#362]: Fix bad package settings URL
 - [#358]: Fixed claims_match
@@ -46,6 +49,7 @@ The format is based on the [KeepAChangeLog] project.
 [#349]: https://github.com/OpenIDC/pyoidc/issues/349
 [#362]: https://github.com/OpenIDC/pyoidc/pull/362
 [#363]: https://github.com/OpenIDC/pyoidc/issue/363
+[#368]: https://github.com/OpenIDC/pyoidc/issues/368
 [#369]: https://github.com/OpenIDC/pyoidc/pull/369
 
 ## 0.10.0.0 [2017-03-28]

diff --git a/src/oic/oauth2/__init__.py b/src/oic/oauth2/__init__.py
@@ -19,6 +19,7 @@
 from oic.oauth2.grant import Grant
 from oic.oauth2.grant import Token
 from oic.oauth2.message import AccessTokenRequest
+from oic.oauth2.message import ROPCAccessTokenRequest
 from oic.oauth2.message import AccessTokenResponse
 from oic.oauth2.message import ASConfigurationResponse
 from oic.oauth2.message import AuthorizationErrorResponse
@@ -363,17 +364,17 @@ def construct_AccessTokenRequest(self,
                                      request_args=None, extra_args=None,
                                      **kwargs):
 
-        grant = self.get_grant(**kwargs)
-
-        if not grant.is_valid():
-            raise GrantExpired("Authorization Code to old %s > %s" % (
-                utc_time_sans_frac(),
-                grant.grant_expiration_time))
-
         if request_args is None:
             request_args = {}
+        if request is not ROPCAccessTokenRequest:
+            grant = self.get_grant(**kwargs)
+
+            if not grant.is_valid():
+                raise GrantExpired("Authorization Code to old %s > %s" % (
+                    utc_time_sans_frac(),
+                    grant.grant_expiration_time))
 
-        request_args["code"] = grant.code
+            request_args["code"] = grant.code
 
         try:
             request_args['state'] = kwargs['state']

diff --git a/src/oic/oic/__init__.py b/src/oic/oic/__init__.py
@@ -109,6 +109,7 @@
     "ResourceRequest": "resource_endpoint",
     'TokenIntrospectionRequest': 'introspection_endpoint',
     'TokenRevocationRequest': 'revocation_endpoint',
+    "ROPCAccessTokenRequest": "token_endpoint",
 }
 
 # -----------------------------------------------------------------------------

diff --git a/src/oic/utils/authn/client.py b/src/oic/utils/authn/client.py
@@ -124,7 +124,8 @@ def construct(self, cis, request_args=None, http_args=None, **kwargs):
                     cis['client_id'] = self.cli.client_id
                 except AttributeError:
                     pass
-        elif cis.c_param["client_id"][VREQUIRED] is False:
+        elif (("client_id" not in cis.c_param.keys()) or
+                cis.c_param["client_id"][VREQUIRED]) is False:
             try:
                 del cis["client_id"]
             except KeyError: