Did make blacken, isort and bandit and this was the result.

Author: rohe

setup.py

@@ -60,6 +60,10 @@ def run_tests(self):
         "Programming Language :: Python :: 3.5",
         "Programming Language :: Python :: 3.6",
         "Topic :: Software Development :: Libraries :: Python Modules"],
+    extras_require={
+        'docs': ['Sphinx', 'sphinx-autobuild', 'alabaster'],
+        'quality': ['pylama', 'isort', 'eradicate', 'mypy', 'black', 'bandit'],
+    },
     install_requires=[
         "oidcmsg>=0.6.3",
         "oidcservice>=0.6.3",

src/oidcendpoint/__init__.py

@@ -1,24 +1,27 @@
 import string
+
 # Since SystemRandom is not available on all systems
 try:
     import random.SystemRandom as rnd
 except ImportError:
     import random as rnd
 
-__version__ = '0.9.0'
+__version__ = "0.9.0"
 
 
-DEF_SIGN_ALG = {"id_token": "RS256",
-                "userinfo": "RS256",
-                "request_object": "RS256",
-                "client_secret_jwt": "HS256",
-                "private_key_jwt": "RS256"}
+DEF_SIGN_ALG = {
+    "id_token": "RS256",
+    "userinfo": "RS256",
+    "request_object": "RS256",
+    "client_secret_jwt": "HS256",
+    "private_key_jwt": "RS256",
+}
 
 HTTP_ARGS = ["headers", "redirections", "connection_type"]
 
 JWT_BEARER = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
 
-URL_ENCODED = 'application/x-www-form-urlencoded'
+URL_ENCODED = "application/x-www-form-urlencoded"
 JSON_ENCODED = "application/json"
 JOSE_ENCODED = "application/jose"
 

src/oidcendpoint/authn_event.py

@@ -6,21 +6,21 @@
 
 class AuthnEvent(Message):
     c_param = {
-        'uid': SINGLE_REQUIRED_STRING,
-        'salt': SINGLE_REQUIRED_STRING,
-        'authn_info': SINGLE_REQUIRED_STRING,
-        'authn_time': SINGLE_OPTIONAL_INT,
-        'valid_until': SINGLE_OPTIONAL_INT
+        "uid": SINGLE_REQUIRED_STRING,
+        "salt": SINGLE_REQUIRED_STRING,
+        "authn_info": SINGLE_REQUIRED_STRING,
+        "authn_time": SINGLE_OPTIONAL_INT,
+        "valid_until": SINGLE_OPTIONAL_INT,
     }
 
     def valid(self, now=0):
         if now:
-            return self['valid_until'] > now
+            return self["valid_until"] > now
         else:
-            return self['valid_until'] > time_sans_frac()
+            return self["valid_until"] > time_sans_frac()
 
     def expires_in(self):
-        return self['valid_until'] - time_sans_frac()
+        return self["valid_until"] - time_sans_frac()
 
 
 def create_authn_event(uid, salt, authn_info=None, **kwargs):
@@ -33,22 +33,22 @@ def create_authn_event(uid, salt, authn_info=None, **kwargs):
     :return:
     """
 
-    args = {'uid': uid, 'salt': salt, 'authn_info': authn_info}
+    args = {"uid": uid, "salt": salt, "authn_info": authn_info}
 
     try:
-        args['authn_time'] = int(kwargs['authn_time'])
+        args["authn_time"] = int(kwargs["authn_time"])
     except KeyError:
         try:
-            args['authn_time'] = int(kwargs['timestamp'])
+            args["authn_time"] = int(kwargs["timestamp"])
         except KeyError:
-            args['authn_time'] = time_sans_frac()
+            args["authn_time"] = time_sans_frac()
 
     try:
-        args['valid_until'] = kwargs['valid_until']
+        args["valid_until"] = kwargs["valid_until"]
     except KeyError:
         try:
-            args['valid_until'] = args['authn_time'] + kwargs['expires_in']
+            args["valid_until"] = args["authn_time"] + kwargs["expires_in"]
         except KeyError:
-            args['valid_until'] = args['authn_time'] + 3600
+            args["valid_until"] = args["authn_time"] + 3600
 
     return AuthnEvent(**args)

src/oidcendpoint/authz/__init__.py

@@ -24,7 +24,7 @@ def set(self, uid, client_id, permission):
         try:
             self.permdb[uid][client_id] = permission
         except KeyError:
-            self.permdb[uid] = {client_id:permission}
+            self.permdb[uid] = {client_id: permission}
 
     def permissions(self, cookie=None, **kwargs):
         if cookie is None:
@@ -39,7 +39,7 @@ def permissions(self, cookie=None, **kwargs):
                 b64, _ts, typ = val
 
             info = cookie_value(b64)
-            return self.get(info['sub'], info['client_id'])
+            return self.get(info["sub"], info["client_id"])
 
     def get(self, uid, client_id):
         try:

src/oidcendpoint/client_authn.py

@@ -17,7 +17,7 @@
 
 logger = logging.getLogger(__name__)
 
-__author__ = 'roland hedberg'
+__author__ = "roland hedberg"
 
 
 class AuthnFailure(Exception):
@@ -62,9 +62,9 @@ def basic_authn(authn):
     _tok = base64.b64decode(_tok)
     part = as_unicode(_tok).split(":")
     if len(part) == 2:
-        return dict(zip(['id', 'secret'], part))
+        return dict(zip(["id", "secret"], part))
     else:
-        raise ValueError('Illegal token')
+        raise ValueError("Illegal token")
 
 
 class ClientSecretBasic(ClientAuthnMethod):
@@ -77,9 +77,11 @@ class ClientSecretBasic(ClientAuthnMethod):
     def verify(self, request, authorization_info, **kwargs):
         client_info = basic_authn(authorization_info)
 
-        if self.endpoint_context.cdb[
-            client_info['id']]["client_secret"] == client_info['secret']:
-            return {'client_id': client_info['id']}
+        if (
+            self.endpoint_context.cdb[client_info["id"]]["client_secret"]
+            == client_info["secret"]
+        ):
+            return {"client_id": client_info["id"]}
         else:
             raise AuthnFailure()
 
@@ -93,10 +95,11 @@ class ClientSecretPost(ClientSecretBasic):
     """
 
     def verify(self, request, **kwargs):
-        if self.endpoint_context.cdb[
-            request[
-                'client_id']]["client_secret"] == request['client_secret']:
-            return {'client_id': request['client_id']}
+        if (
+            self.endpoint_context.cdb[request["client_id"]]["client_secret"]
+            == request["client_secret"]
+        ):
+            return {"client_id": request["client_id"]}
         else:
             raise AuthnFailure("secrets doesn't match")
 
@@ -109,7 +112,7 @@ def verify(self, request, authorization_info, **kwargs):
         if not authorization_info.startswith("Bearer "):
             raise AuthnFailure("Wrong type of authorization token")
 
-        return {'token': authorization_info.split(' ', 1)[1]}
+        return {"token": authorization_info.split(" ", 1)[1]}
 
 
 class BearerBody(ClientSecretPost):
@@ -119,13 +122,12 @@ class BearerBody(ClientSecretPost):
 
     def verify(self, request, **kwargs):
         try:
-            return {'token': request['access_token']}
+            return {"token": request["access_token"]}
         except KeyError:
-            raise AuthnFailure('No access token')
+            raise AuthnFailure("No access token")
 
 
 class JWSAuthnMethod(ClientAuthnMethod):
-
     def verify(self, request, **kwargs):
         _jwt = JWT(self.endpoint_context.keyjar)
         try:
@@ -139,7 +141,7 @@ def verify(self, request, **kwargs):
         except AttributeError:
             logger.debug("authntoken: %s" % sanitize(ca_jwt))
 
-        request[verified_claim_name('client_assertion')] = ca_jwt
+        request[verified_claim_name("client_assertion")] = ca_jwt
 
         try:
             client_id = kwargs["client_id"]
@@ -150,12 +152,12 @@ def verify(self, request, **kwargs):
         # could be either my issuer id or the token endpoint
         if self.endpoint_context.issuer in ca_jwt["aud"]:
             pass
-        elif self.endpoint_context.endpoint['token'].full_path in ca_jwt['aud']:
+        elif self.endpoint_context.endpoint["token"].full_path in ca_jwt["aud"]:
             pass
         else:
             raise NotForMe("Not for me!")
 
-        return {'client_id': client_id, 'jwt': ca_jwt}
+        return {"client_id": client_id, "jwt": ca_jwt}
 
 
 class ClientSecretJWT(JWSAuthnMethod):
@@ -180,21 +182,22 @@ class PrivateKeyJWT(JWSAuthnMethod):
     "bearer_body": BearerBody,
     "client_secret_jwt": ClientSecretJWT,
     "private_key_jwt": PrivateKeyJWT,
-    "none": None
+    "none": None,
 }
 
 TYPE_METHOD = [(JWT_BEARER, JWSAuthnMethod)]
 
 
 def valid_client_info(cinfo):
-    eta = cinfo.get('client_secret_expires_at', 0)
+    eta = cinfo.get("client_secret_expires_at", 0)
     if eta != 0 and eta < utc_time_sans_frac():
         return False
     return True
 
 
-def verify_client(endpoint_context, request, authorization_info=None,
-                  get_client_id_from_token=None):
+def verify_client(
+    endpoint_context, request, authorization_info=None, get_client_id_from_token=None
+):
     """
     Initiated Guessing !
 
@@ -209,78 +212,81 @@ def verify_client(endpoint_context, request, authorization_info=None,
     # fixes request = {} instead of str
     # "AttributeError: 'dict' object has no attribute 'startswith'" in oidcendpoint/endpoint.py(158)client_authentication()
     if isinstance(authorization_info, dict):
-        strings_parade = ('{} {}'.format(k,v) for k,v in authorization_info.items())
-        authorization_info = ' '.join(strings_parade)
+        strings_parade = ("{} {}".format(k, v) for k, v in authorization_info.items())
+        authorization_info = " ".join(strings_parade)
 
     if authorization_info is None:
-        if 'client_id' in request and 'client_secret' in request:
+        if "client_id" in request and "client_secret" in request:
             auth_info = ClientSecretPost(endpoint_context).verify(request)
-            auth_info['method'] = 'client_secret_post'
-        elif 'client_assertion' in request:
+            auth_info["method"] = "client_secret_post"
+        elif "client_assertion" in request:
             auth_info = JWSAuthnMethod(endpoint_context).verify(request)
             #  If symmetric key was used
             # auth_method = 'client_secret_jwt'
             #  If asymmetric key was used
-            auth_info['method'] = 'private_key_jwt'
-        elif 'access_token' in request:
+            auth_info["method"] = "private_key_jwt"
+        elif "access_token" in request:
             auth_info = BearerBody(endpoint_context).verify(request)
-            auth_info['method'] = 'bearer_body'
+            auth_info["method"] = "bearer_body"
         else:
             raise UnknownOrNoAuthnMethod()
     else:
-        if authorization_info.startswith('Basic '):
+        if authorization_info.startswith("Basic "):
             auth_info = ClientSecretBasic(endpoint_context).verify(
-                request, authorization_info)
-            auth_info['method'] = 'client_secret_basic'
-        elif authorization_info.startswith('Bearer '):
+                request, authorization_info
+            )
+            auth_info["method"] = "client_secret_basic"
+        elif authorization_info.startswith("Bearer "):
             auth_info = BearerHeader(endpoint_context).verify(
-                request, authorization_info)
-            auth_info['method'] = 'bearer_header'
+                request, authorization_info
+            )
+            auth_info["method"] = "bearer_header"
         else:
             raise UnknownOrNoAuthnMethod(authorization_info)
 
     try:
-        client_id = auth_info['client_id']
+        client_id = auth_info["client_id"]
     except KeyError:
         try:
-            _token = auth_info['token']
+            _token = auth_info["token"]
         except KeyError:
-            logger.warning('No token')
+            logger.warning("No token")
         else:
             if get_client_id_from_token:
                 try:
                     _id = get_client_id_from_token(endpoint_context, _token, request)
                 except KeyError:
-                    raise ValueError('Unknown token')
+                    raise ValueError("Unknown token")
 
                 if _id:
-                    auth_info['client_id'] = _id
+                    auth_info["client_id"] = _id
     else:
         try:
             _cinfo = endpoint_context.cdb[client_id]
         except KeyError:
-            raise ValueError('Unknown Client ID')
+            raise ValueError("Unknown Client ID")
         else:
             if isinstance(_cinfo, str):
                 try:
                     _cinfo = endpoint_context.cdb[_cinfo]
                 except KeyError:
-                    raise ValueError('Unknown Client ID')
+                    raise ValueError("Unknown Client ID")
 
             try:
                 valid_client_info(_cinfo)
             except KeyError:
-                logger.warning('Client registration has timed out')
-                raise ValueError('Not valid client')
+                logger.warning("Client registration has timed out")
+                raise ValueError("Not valid client")
             else:
                 # store what authn method was used
                 try:
-                    endpoint_context.cdb[client_id]['auth_method'][
-                        request.__class__.__name__] = auth_info['method']
+                    endpoint_context.cdb[client_id]["auth_method"][
+                        request.__class__.__name__
+                    ] = auth_info["method"]
                 except KeyError:
                     try:
-                        endpoint_context.cdb[client_id]['auth_method'] = {
-                            request.__class__.__name__: auth_info['method']
+                        endpoint_context.cdb[client_id]["auth_method"] = {
+                            request.__class__.__name__: auth_info["method"]
                         }
                     except KeyError:
                         pass