From 120ec40e42c58849f3c50dd3d89f2a9432875226 Mon Sep 17 00:00:00 2001
From: peppelinux <giuseppe.demarco@unical.it>
Date: Wed, 28 Apr 2021 17:46:22 +0200
Subject: [PATCH 1/3] client cb uris can be randomic now

* feat: op_hash doesn't match anymore to the final node of the configured uris (fix: https://github.com/IdentityPython/JWTConnect-Python-OidcRP/issues/36)
* feat: added django_provider to example providers
---
 example/flask_rp/conf.json | 71 +++++++++++++++++++++++++++++++++++++-
 example/flask_rp/views.py  | 15 ++++++++
 2 files changed, 85 insertions(+), 1 deletion(-)

diff --git a/example/flask_rp/conf.json b/example/flask_rp/conf.json
index 45962bf..e12541e 100644
--- a/example/flask_rp/conf.json
+++ b/example/flask_rp/conf.json
@@ -173,7 +173,7 @@
         }
       }
     },
-    "local": {
+    "flask_provider": {
       "client_preferences": {
         "application_name": "rphandler",
         "application_type": "web",
@@ -241,6 +241,75 @@
           }
         }
       }
+    },
+    "django_provider": {
+      "client_preferences": {
+        "application_name": "rphandler",
+        "application_type": "web",
+        "contacts": [
+          "ops@example.com"
+        ],
+        "response_types": [
+          "code"
+        ],
+        "scope": [
+          "openid",
+          "profile",
+          "email",
+          "address",
+          "phone"
+        ],
+        "token_endpoint_auth_method": [
+          "client_secret_basic",
+          "client_secret_post"
+        ]
+      },
+      "issuer": "https://127.0.0.1:8000/",
+      "redirect_uris": [
+        "https://{domain}:{port}/authz_cb/django"
+      ],
+      "post_logout_redirect_uris": [
+        "https://{domain}:{port}/session_logout/django"
+      ],
+      "frontchannel_logout_uri": "https://{domain}:{port}/fc_logout/django",
+      "frontchannel_logout_session_required": true,
+      "backchannel_logout_uri": "https://{domain}:{port}/bc_logout/django",
+      "backchannel_logout_session_required": true,
+      "services": {
+        "discovery": {
+          "class": "oidcrp.oidc.provider_info_discovery.ProviderInfoDiscovery",
+          "kwargs": {}
+        },
+        "registration": {
+          "class": "oidcrp.oidc.registration.Registration",
+          "kwargs": {}
+        },
+        "authorization": {
+          "class": "oidcrp.oidc.authorization.Authorization",
+          "kwargs": {}
+        },
+        "accesstoken": {
+          "class": "oidcrp.oidc.access_token.AccessToken",
+          "kwargs": {}
+        },
+        "userinfo": {
+          "class": "oidcrp.oidc.userinfo.UserInfo",
+          "kwargs": {}
+        },
+        "end_session": {
+          "class": "oidcrp.oidc.end_session.EndSession",
+          "kwargs": {}
+        }
+      },
+      "add_ons": {
+        "pkce": {
+          "function": "oidcrp.oauth2.add_on.pkce.add_support",
+          "kwargs": {
+            "code_challenge_length": 64,
+            "code_challenge_method": "S256"
+          }
+        }
+      }
     }
   },
   "webserver": {
diff --git a/example/flask_rp/views.py b/example/flask_rp/views.py
index e035b28..923cc6d 100644
--- a/example/flask_rp/views.py
+++ b/example/flask_rp/views.py
@@ -1,4 +1,5 @@
 import logging
+import urllib
 from urllib.parse import parse_qs
 
 from flask import Blueprint
@@ -149,8 +150,21 @@ def finalize(op_hash, request_args):
         return make_response(res['error'], 400)
 
 
+def get_ophash_by_cb_uri(url:str):
+    uri = urllib.parse.splitquery(request.url)[0]
+    clients = current_app.rp_config.clients
+    for k,v in clients.items():
+        for endpoint in ("redirect_uris",
+                         "post_logout_redirect_uris",
+                         "frontchannel_logout_uri",
+                         "backchannel_logout_uri"):
+            if uri in clients[k].get(endpoint, []):
+                return k
+
+
 @oidc_rp_views.route('/authz_cb/<op_hash>')
 def authz_cb(op_hash):
+    op_hash = get_ophash_by_cb_uri(request.url)
     return finalize(op_hash, request.args)
 
 
@@ -215,6 +229,7 @@ def session_change():
 # post_logout_redirect_uri
 @oidc_rp_views.route('/session_logout/<op_hash>')
 def session_logout(op_hash):
+    op_hash = get_ophash_by_cb_uri(request.url)
     _rp = get_rp(op_hash)
     logger.debug('post_logout')
     return "Post logout from {}".format(_rp.client_get("service_context").issuer)

From e34135dc86eacb5ed6f058306355ff304b996d93 Mon Sep 17 00:00:00 2001
From: Roland Hedberg <roland@catalogix.se>
Date: Thu, 3 Jun 2021 09:23:56 +0200
Subject: [PATCH 2/3] Added end_session as a default service.

---
 src/oidcrp/oidc/__init__.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/oidcrp/oidc/__init__.py b/src/oidcrp/oidc/__init__.py
index 34dc2ab..cb000e4 100755
--- a/src/oidcrp/oidc/__init__.py
+++ b/src/oidcrp/oidc/__init__.py
@@ -21,8 +21,7 @@
 
 DEFAULT_SERVICES = {
     "discovery": {
-        'class': 'oidcrp.oidc.provider_info_discovery'
-                 '.ProviderInfoDiscovery'
+        'class': 'oidcrp.oidc.provider_info_discovery.ProviderInfoDiscovery'
     },
     'registration': {
         'class': 'oidcrp.oidc.registration.Registration'
@@ -38,6 +37,9 @@
     },
     'userinfo': {
         'class': 'oidcrp.oidc.userinfo.UserInfo'
+    },
+    'end_session': {
+        'class': 'oidcrp.oidc.end_session.EndSession'
     }
 }
 

From 74f916594f5ebff5e4c7a09e9737b5edc7a5face Mon Sep 17 00:00:00 2001
From: Roland Hedberg <roland@catalogix.se>
Date: Thu, 3 Jun 2021 09:34:39 +0200
Subject: [PATCH 3/3] Added github action release drafter.

---
 .github/release-drafter.yml           | 54 +++++++++++++++++++++++++++
 .github/workflows/python-app.yml      |  4 +-
 .github/workflows/release-drafter.yml | 17 +++++++++
 3 files changed, 73 insertions(+), 2 deletions(-)
 create mode 100644 .github/release-drafter.yml
 create mode 100644 .github/workflows/release-drafter.yml

diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml
new file mode 100644
index 0000000..affd63b
--- /dev/null
+++ b/.github/release-drafter.yml
@@ -0,0 +1,54 @@
+name-template: 'v$RESOLVED_VERSION'
+tag-template: 'v$RESOLVED_VERSION'
+categories:
+-
+  title: 'Features'
+  labels:
+  - 'enhancement'
+  - 'feat'
+  - 'feature'
+-
+  title: 'Bug Fixes'
+  labels:
+  - 'bug'
+  - 'bugfix'
+  - 'fix'
+-
+  title: 'Maintenance'
+  labels:
+  - 'chore'
+  - 'style'
+change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
+change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks.
+version-resolver:
+  major:
+    labels: ['major']
+  minor:
+    labels: ['minor']
+  patch:
+    labels: ['patch']
+  default: patch
+exclude-labels: ['skip']
+autolabeler:
+-
+  label: 'bug'
+  branch:
+  - '/bug\/.+/'
+  - '/bugfix\/.+/'
+  - '/fix\/.+/'
+-
+  label: 'enhancement'
+  branch:
+  - '/dependabot\/.+/'
+  - '/enhancement\/.+/'
+  - '/feat\/.+/'
+  - '/feature\/.+/'
+-
+  label: 'chore'
+  branch:
+  - '/chore\/.+/'
+  - '/style\/.+/'
+template: |
+  ## Release notes
+
+  $CHANGES
diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml
index e7a3cf3..8d9cdfa 100644
--- a/.github/workflows/python-app.yml
+++ b/.github/workflows/python-app.yml
@@ -5,9 +5,9 @@ name: oidcrp
 
 on:
   push:
-    branches: [ main, develop ]
+    branches: [ master, develop ]
   pull_request:
-    branches: [ main, develop ]
+    branches: [ master, develop ]
 
 jobs:
   build:
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
new file mode 100644
index 0000000..ff418de
--- /dev/null
+++ b/.github/workflows/release-drafter.yml
@@ -0,0 +1,17 @@
+name: Release drafter
+
+on:
+  push:
+    branches: [master, develop]
+  pull_request:
+    types: [opened, reopened, synchronize]
+
+jobs:
+  update_release_draft:
+    name: Update draft release
+    runs-on: ubuntu-latest
+    steps:
+    -
+      uses: release-drafter/release-drafter@v5
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}