diff --git a/src/oidcendpoint/oauth2/introspection.py b/src/oidcendpoint/oauth2/introspection.py index 4e7c085..4126488 100644 --- a/src/oidcendpoint/oauth2/introspection.py +++ b/src/oidcendpoint/oauth2/introspection.py @@ -73,10 +73,10 @@ def process_request(self, request=None, **kwargs): except UnknownToken: return {"response_args": _resp} - _token = self.endpoint_context.session_manager.find_token(_session_info["session_id"], - request_token) + _grant = _session_info["grant"] + _token = _grant.get_token(request_token) - _info = self._introspect(_token, _session_info["client_id"], _session_info["grant"]) + _info = self._introspect(_token, _session_info["client_id"], _grant) if _info is None: return {"response_args": _resp} @@ -90,7 +90,7 @@ def process_request(self, request=None, **kwargs): _resp.update(_info) _resp.weed() - _claims_restriction = _session_info["grant"].claims.get("introspection") + _claims_restriction = _grant.claims.get("introspection") if _claims_restriction: user_info = self.endpoint_context.claims_interface.get_user_claims( _session_info["user_id"], _claims_restriction) diff --git a/src/oidcendpoint/oidc/token.py b/src/oidcendpoint/oidc/token.py index 27f3894..1dffa2c 100755 --- a/src/oidcendpoint/oidc/token.py +++ b/src/oidcendpoint/oidc/token.py @@ -185,7 +185,8 @@ def post_parse_request(self, request: Union[Message, dict], return self.error_cls(error="invalid_grant", error_description="Unknown code") - code = _mngr.find_token(_session_info["session_id"], request["code"]) + _grant = _session_info["grant"] + code = _grant.get_token(request["code"]) if not isinstance(code, AuthorizationCode): return self.error_cls( error="invalid_request", error_description="Wrong token type" @@ -196,7 +197,7 @@ def post_parse_request(self, request: Union[Message, dict], error="invalid_request", error_description="Code inactive" ) - _auth_req = _session_info["grant"].authorization_request + _auth_req = _grant.authorization_request if "client_id" not in request: # Optional for access token request request["client_id"] = _auth_req["client_id"] @@ -217,9 +218,10 @@ def process_request(self, req: Union[Message, dict], **kwargs): token_value = req["refresh_token"] _session_info = _mngr.get_session_info_by_token(token_value, grant=True) - token = _mngr.find_token(_session_info["session_id"], token_value) _grant = _session_info["grant"] + token = _grant.get_token(token_value) + access_token = self._mint_token(token_type="access_token", grant=_grant, session_id=_session_info["session_id"], @@ -280,12 +282,15 @@ def post_parse_request(self, request: Union[Message, dict], _mngr = self.endpoint_context.session_manager try: - _session_info = _mngr.get_session_info_by_token(request["refresh_token"]) + _session_info = _mngr.get_session_info_by_token( + request["refresh_token"], grant=True + ) except KeyError: logger.error("Access Code invalid") return self.error_cls(error="invalid_grant") - token = _mngr.find_token(_session_info["session_id"], request["refresh_token"]) + _grant = _session_info["grant"] + token = _grant.get_token(request["refresh_token"]) if not isinstance(token, RefreshToken): return self.error_cls( diff --git a/src/oidcendpoint/oidc/userinfo.py b/src/oidcendpoint/oidc/userinfo.py index 6016805..dd2990f 100755 --- a/src/oidcendpoint/oidc/userinfo.py +++ b/src/oidcendpoint/oidc/userinfo.py @@ -111,7 +111,7 @@ def process_request(self, request=None, **kwargs): _session_info = _mngr.get_session_info_by_token(request["access_token"], grant=True) _grant = _session_info["grant"] - token = _mngr.find_token(_session_info["session_id"], request["access_token"]) + token = _grant.get_token(request["access_token"]) # should be an access token if not isinstance(token, AccessToken): return self.error_cls(