WIP: Make more fixes to the new_session_handling before it gets merged

src/oidcendpoint/oauth2/introspection.py

@@ -73,10 +73,10 @@ def process_request(self, request=None, **kwargs):
         except UnknownToken:
             return {"response_args": _resp}
 
-        _token = self.endpoint_context.session_manager.find_token(_session_info["session_id"],
-                                                                  request_token)
+        _grant = _session_info["grant"]
+        _token = _grant.get_token(request_token)
 
-        _info = self._introspect(_token, _session_info["client_id"], _session_info["grant"])
+        _info = self._introspect(_token, _session_info["client_id"], _grant)
         if _info is None:
             return {"response_args": _resp}
 
@@ -90,7 +90,7 @@ def process_request(self, request=None, **kwargs):
         _resp.update(_info)
         _resp.weed()
 
-        _claims_restriction = _session_info["grant"].claims.get("introspection")
+        _claims_restriction = _grant.claims.get("introspection")
         if _claims_restriction:
             user_info = self.endpoint_context.claims_interface.get_user_claims(
                 _session_info["user_id"], _claims_restriction)

src/oidcendpoint/oidc/token.py

@@ -185,7 +185,8 @@ def post_parse_request(self, request: Union[Message, dict],
             return self.error_cls(error="invalid_grant",
                                   error_description="Unknown code")
 
-        code = _mngr.find_token(_session_info["session_id"], request["code"])
+        _grant = _session_info["grant"]
+        code = _grant.get_token(request["code"])
         if not isinstance(code, AuthorizationCode):
             return self.error_cls(
                 error="invalid_request", error_description="Wrong token type"
@@ -196,7 +197,7 @@ def post_parse_request(self, request: Union[Message, dict],
                 error="invalid_request", error_description="Code inactive"
             )
 
-        _auth_req = _session_info["grant"].authorization_request
+        _auth_req = _grant.authorization_request
 
         if "client_id" not in request:  # Optional for access token request
             request["client_id"] = _auth_req["client_id"]
@@ -217,9 +218,10 @@ def process_request(self, req: Union[Message, dict], **kwargs):
 
         token_value = req["refresh_token"]
         _session_info = _mngr.get_session_info_by_token(token_value, grant=True)
-        token = _mngr.find_token(_session_info["session_id"], token_value)
 
         _grant = _session_info["grant"]
+        token = _grant.get_token(token_value)
+
         access_token = self._mint_token(token_type="access_token",
                                         grant=_grant,
                                         session_id=_session_info["session_id"],
@@ -280,12 +282,15 @@ def post_parse_request(self, request: Union[Message, dict],
 
         _mngr = self.endpoint_context.session_manager
         try:
-            _session_info = _mngr.get_session_info_by_token(request["refresh_token"])
+            _session_info = _mngr.get_session_info_by_token(
+                request["refresh_token"], grant=True
+            )
         except KeyError:
             logger.error("Access Code invalid")
             return self.error_cls(error="invalid_grant")
 
-        token = _mngr.find_token(_session_info["session_id"], request["refresh_token"])
+        _grant = _session_info["grant"]
+        token = _grant.get_token(request["refresh_token"])
 
         if not isinstance(token, RefreshToken):
             return self.error_cls(

src/oidcendpoint/oidc/userinfo.py

@@ -111,7 +111,7 @@ def process_request(self, request=None, **kwargs):
         _session_info = _mngr.get_session_info_by_token(request["access_token"],
                                                         grant=True)
         _grant = _session_info["grant"]
-        token = _mngr.find_token(_session_info["session_id"], request["access_token"])
+        token = _grant.get_token(request["access_token"])
         # should be an access token
         if not isinstance(token, AccessToken):
             return self.error_cls(