IdentityPython · rohe · May 20, 2021 · May 20, 2021 · May 20, 2021 · May 20, 2021
diff --git a/src/oidcop/endpoint.py b/src/oidcop/endpoint.py
@@ -201,7 +201,8 @@ def parse_request(
         LOGGER.info("Parsed and verified request: %s" % sanitize(req))
 
         # Do any endpoint specific parsing
-        return self.do_post_parse_request(request=req, client_id=_client_id, **kwargs)
+        return self.do_post_parse_request(request=req, client_id=_client_id, http_info=http_info,
+                                          **kwargs)
 
     def get_client_id_from_token(
         self,

diff --git a/src/oidcop/oauth2/add_on/device_authorization.py b/src/oidcop/oauth2/add_on/device_authorization.py
diff --git a/src/oidcop/oauth2/add_on/dpop.py b/src/oidcop/oauth2/add_on/dpop.py
@@ -1,6 +1,7 @@
 from typing import Optional
 
 from cryptojwt import JWS
+from cryptojwt import as_unicode
 from cryptojwt.jwk.jwk import key_from_jwk_dict
 from cryptojwt.jws.jws import factory
 from oidcmsg.message import SINGLE_REQUIRED_INT
@@ -58,6 +59,7 @@ def create_header(self) -> str:
         payload = {k: self[k] for k in self.body_params}
         _jws = JWS(payload, alg=self["alg"])
         _headers = {k: self[k] for k in self.header_params}
+        self.key.kid = ""
         _sjwt = _jws.sign_compact(keys=[self.key], **_headers)
         return _sjwt
 
@@ -112,36 +114,35 @@ def post_parse_request(request, client_id, endpoint_context, **kwargs):
     if not _dpop.key:
         _dpop.key = key_from_jwk_dict(_dpop["jwk"])
 
-    _jkt = str(_dpop.key.thumbprint("SHA-256"))
-    try:
-        endpoint_context.cdb[client_id]["dpop_jkt"][_jkt] = _dpop.key
-    except KeyError:
-        endpoint_context.cdb[client_id]["dpop_jkt"] = {_jkt: _dpop.key}
-
     # Need something I can add as a reference when minting tokens
-    request["dpop_jkt"] = _jkt
+    request["dpop_jkt"] = as_unicode(_dpop.key.thumbprint("SHA-256"))
     return request
 
 
 def token_args(endpoint_context, client_id, token_args: Optional[dict] = None):
-    if "dpop.jkt" in endpoint_context.cdb[client_id]:
-        token_args.update({"cnf": {"jkt": endpoint_context.cdb[client_id]["dpop_jkt"]}})
+    dpop_jkt = endpoint_context.cdb[client_id]["dpop_jkt"]
+    _jkt = list(dpop_jkt.keys())[0]
+    if "dpop_jkt" in endpoint_context.cdb[client_id]:
+        if token_args is None:
+            token_args = {"cnf": {"jkt": _jkt}}
+        else:
+            token_args.update({"cnf": {"jkt": endpoint_context.cdb[client_id]["dpop_jkt"]}})
 
     return token_args
 
 
 def add_support(endpoint, **kwargs):
     #
-    _endp = endpoint["token"]
-    _endp.post_parse_request.append(post_parse_request)
+    _token_endp = endpoint["token"]
+    _token_endp.post_parse_request.append(post_parse_request)
 
     # Endpoint Context stuff
     # _endp.endpoint_context.token_args_methods.append(token_args)
     _algs_supported = kwargs.get("dpop_signing_alg_values_supported")
     if not _algs_supported:
         _algs_supported = ["RS256"]
 
-    _endp.server_get("endpoint_context").provider_info[
+    _token_endp.server_get("endpoint_context").provider_info[
         "dpop_signing_alg_values_supported"
     ] = _algs_supported
 

diff --git a/src/oidcop/oauth2/add_on/dpop_token.py b/src/oidcop/oauth2/add_on/dpop_token.py
diff --git a/src/oidcop/oauth2/device_authorization.py b/src/oidcop/oauth2/device_authorization.py
diff --git a/src/oidcop/oidc/token.py b/src/oidcop/oidc/token.py
@@ -123,6 +123,15 @@ def process_request(self, req: Union[Message, dict], **kwargs):
         _session_info = _mngr.get_session_info_by_token(_access_code, grant=True)
         grant = _session_info["grant"]
 
+        token_type = "Bearer"
+
+        # Is DPOP supported
+        if "dpop_signing_alg_values_supported" in _context.provider_info:
+            _dpop_jkt = req.get("dpop_jkt")
+            if _dpop_jkt:
+                grant.extra["dpop_jkt"] = _dpop_jkt
+                token_type = "DPoP"
+
         _based_on = grant.get_token(_access_code)
         _supports_minting = _based_on.usage_rules.get("supports_minting", [])
 
@@ -146,7 +155,7 @@ def process_request(self, req: Union[Message, dict], **kwargs):
                 issue_refresh = True
 
         _response = {
-            "token_type": "Bearer",
+            "token_type": token_type,
             "scope": grant.scope,
         }
 
@@ -260,9 +269,17 @@ def process_request(self, req: Union[Message, dict], **kwargs):
             )
 
         token_value = req["refresh_token"]
-        _session_info = _mngr.get_session_info_by_token(
-            token_value, grant=True
-        )
+        _session_info = _mngr.get_session_info_by_token(token_value, grant=True)
+        grant = _session_info["grant"]
+
+        token_type = "Bearer"
+
+        # Is DPOP supported
+        if "dpop_signing_alg_values_supported" in _context.provider_info:
+            _dpop_jkt = req.get("dpop_jkt")
+            if _dpop_jkt:
+                grant.extra["dpop_jkt"] = _dpop_jkt
+                token_type = "DPoP"
 
         _grant = _session_info["grant"]
         token = _grant.get_token(token_value)
@@ -276,7 +293,7 @@ def process_request(self, req: Union[Message, dict], **kwargs):
 
         _resp = {
             "access_token": access_token.value,
-            "token_type": access_token.type,
+            "token_type": token_type,
             "scope": _grant.scope,
         }