From a9d8621b66a4994a787bd7d874f3448670e484a1 Mon Sep 17 00:00:00 2001
From: Roland Hedberg <roland@catalogix.se>
Date: Mon, 18 Dec 2023 11:04:23 +0100
Subject: [PATCH 1/2] Need the output of the function not the function as such.
 Allow the default client class the RP Handler uses to create new client to be
 set in the configuration.

---
 src/idpyoidc/client/claims/oidc.py          |  6 +++---
 src/idpyoidc/client/oidc/access_token.py    |  4 ++--
 src/idpyoidc/client/rp_handler.py           | 12 +++++++++++-
 src/idpyoidc/server/claims/oidc.py          |  3 +--
 src/idpyoidc/server/oauth2/authorization.py |  6 +++---
 src/idpyoidc/server/oidc/userinfo.py        |  6 +++---
 tests/test_server_16_endpoint_context.py    |  6 +++---
 7 files changed, 26 insertions(+), 17 deletions(-)

diff --git a/src/idpyoidc/client/claims/oidc.py b/src/idpyoidc/client/claims/oidc.py
index 0c140246..7da04a9c 100644
--- a/src/idpyoidc/client/claims/oidc.py
+++ b/src/idpyoidc/client/claims/oidc.py
@@ -75,9 +75,9 @@ class Claims(client_claims.Claims):
         "encrypt_id_token_supported": None,
         # "grant_types_supported": ["authorization_code", "refresh_token"],
         "logo_uri": None,
-        "id_token_signing_alg_values_supported": metadata.get_signing_algs,
-        "id_token_encryption_alg_values_supported": metadata.get_encryption_algs,
-        "id_token_encryption_enc_values_supported": metadata.get_encryption_encs,
+        "id_token_signing_alg_values_supported": metadata.get_signing_algs(),
+        "id_token_encryption_alg_values_supported": metadata.get_encryption_algs(),
+        "id_token_encryption_enc_values_supported": metadata.get_encryption_encs(),
         "initiate_login_uri": None,
         "jwks": None,
         "jwks_uri": None,
diff --git a/src/idpyoidc/client/oidc/access_token.py b/src/idpyoidc/client/oidc/access_token.py
index 1c5e6740..55bdad78 100644
--- a/src/idpyoidc/client/oidc/access_token.py
+++ b/src/idpyoidc/client/oidc/access_token.py
@@ -26,8 +26,8 @@ class AccessToken(access_token.AccessToken):
     _include = {"grant_types_supported": ["authorization_code"]}
 
     _supports = {
-        "token_endpoint_auth_methods_supported": get_client_authn_methods,
-        "token_endpoint_auth_signing_alg_values_supported": get_signing_algs,
+        "token_endpoint_auth_methods_supported": get_client_authn_methods(),
+        "token_endpoint_auth_signing_alg_values_supported": get_signing_algs(),
     }
 
     def __init__(self, upstream_get, conf: Optional[dict] = None):
diff --git a/src/idpyoidc/client/rp_handler.py b/src/idpyoidc/client/rp_handler.py
index 891e8902..d771150d 100644
--- a/src/idpyoidc/client/rp_handler.py
+++ b/src/idpyoidc/client/rp_handler.py
@@ -8,6 +8,7 @@
 from cryptojwt import as_unicode
 from cryptojwt.key_jar import init_key_jar
 from cryptojwt.utils import as_bytes
+from cryptojwt.utils import importer
 
 from idpyoidc import verified_claim_name
 from idpyoidc.client.defaults import DEFAULT_CLIENT_CONFIGS
@@ -60,6 +61,14 @@ def __init__(
                 self.keyjar = init_key_jar(**config.key_conf, issuer_id="")
             if not client_configs:
                 self.client_configs = config.clients
+
+            if "client_class" in config:
+                if isinstance(config["client_class"], str):
+                    self.client_cls = importer(config["client_class"])
+                else: # assume it's a class
+                    self.client_cls = config["client_class"]
+            else:
+                self.client_cls = StandAloneClient
         else:
             if hash_seed:
                 self.hash_seed = as_bytes(hash_seed)
@@ -79,6 +88,8 @@ def __init__(
             else:
                 self.client_configs = client_configs
 
+            self.client_cls = StandAloneClient
+
         if _jwks_path:
             self.jwks_uri = add_path(base_url, _jwks_path)
         else:
@@ -95,7 +106,6 @@ def __init__(
 
         self.extra = kwargs
 
-        self.client_cls = StandAloneClient
         if services is None:
             self.services = DEFAULT_OIDC_SERVICES
         else:
diff --git a/src/idpyoidc/server/claims/oidc.py b/src/idpyoidc/server/claims/oidc.py
index 9fedc3a9..2c258ba2 100644
--- a/src/idpyoidc/server/claims/oidc.py
+++ b/src/idpyoidc/server/claims/oidc.py
@@ -1,6 +1,5 @@
 from typing import Optional
 
-from idpyoidc import claims
 from idpyoidc import metadata
 from idpyoidc.message.oidc import ProviderConfigurationResponse
 from idpyoidc.message.oidc import RegistrationRequest
@@ -73,7 +72,7 @@ def __init__(self, prefer: Optional[dict] = None, callback_path: Optional[dict]
 
     def verify_rules(self, supports):
         if self.get_preference("request_parameter_supported") and self.get_preference(
-            "request_uri_parameter_supported"
+                "request_uri_parameter_supported"
         ):
             raise ValueError(
                 "You have to chose one of 'request_parameter_supported' and "
diff --git a/src/idpyoidc/server/oauth2/authorization.py b/src/idpyoidc/server/oauth2/authorization.py
index 58cad0ff..cd704401 100755
--- a/src/idpyoidc/server/oauth2/authorization.py
+++ b/src/idpyoidc/server/oauth2/authorization.py
@@ -357,9 +357,9 @@ class Authorization(Endpoint):
         "request_uri_parameter_supported": True,
         "response_types_supported": ["code"],
         "response_modes_supported": ["query", "fragment", "form_post"],
-        "request_object_signing_alg_values_supported": metadata.get_signing_algs,
-        "request_object_encryption_alg_values_supported": metadata.get_encryption_algs,
-        "request_object_encryption_enc_values_supported": metadata.get_encryption_encs,
+        "request_object_signing_alg_values_supported": metadata.get_signing_algs(),
+        "request_object_encryption_alg_values_supported": metadata.get_encryption_algs(),
+        "request_object_encryption_enc_values_supported": metadata.get_encryption_encs(),
         # "grant_types_supported": ["authorization_code", "implicit"],
         "code_challenge_methods_supported": ["S256"],
         "scopes_supported": [],
diff --git a/src/idpyoidc/server/oidc/userinfo.py b/src/idpyoidc/server/oidc/userinfo.py
index 2134c9be..8585790d 100755
--- a/src/idpyoidc/server/oidc/userinfo.py
+++ b/src/idpyoidc/server/oidc/userinfo.py
@@ -35,9 +35,9 @@ class UserInfo(Endpoint):
     _supports = {
         "claim_types_supported": ["normal", "aggregated", "distributed"],
         "encrypt_userinfo_supported": True,
-        "userinfo_signing_alg_values_supported": metadata.get_signing_algs,
-        "userinfo_encryption_alg_values_supported": metadata.get_encryption_algs,
-        "userinfo_encryption_enc_values_supported": metadata.get_encryption_encs,
+        "userinfo_signing_alg_values_supported": metadata.get_signing_algs(),
+        "userinfo_encryption_alg_values_supported": metadata.get_encryption_algs(),
+        "userinfo_encryption_enc_values_supported": metadata.get_encryption_encs(),
     }
 
     def __init__(
diff --git a/tests/test_server_16_endpoint_context.py b/tests/test_server_16_endpoint_context.py
index 6a946402..bf4b8286 100644
--- a/tests/test_server_16_endpoint_context.py
+++ b/tests/test_server_16_endpoint_context.py
@@ -28,9 +28,9 @@ class Endpoint_1(Endpoint):
     name = "userinfo"
     _supports = {
         "claim_types_supported": ["normal", "aggregated", "distributed"],
-        "userinfo_signing_alg_values_supported": metadata.get_signing_algs,
-        "userinfo_encryption_alg_values_supported": metadata.get_encryption_algs,
-        "userinfo_encryption_enc_values_supported": metadata.get_encryption_encs,
+        "userinfo_signing_alg_values_supported": metadata.get_signing_algs(),
+        "userinfo_encryption_alg_values_supported": metadata.get_encryption_algs(),
+        "userinfo_encryption_enc_values_supported": metadata.get_encryption_encs(),
         "client_authn_method": ["bearer_header", "bearer_body"],
         "encrypt_userinfo_supported": False,
     }

From f374c0c5193a7f2903e1f0187bac360e82434516 Mon Sep 17 00:00:00 2001
From: Roland Hedberg <roland@catalogix.se>
Date: Mon, 18 Dec 2023 21:06:50 +0100
Subject: [PATCH 2/2] Improved the way of collecting entity_id.

---
 src/idpyoidc/client/service_context.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/idpyoidc/client/service_context.py b/src/idpyoidc/client/service_context.py
index d5491bfa..a919a339 100644
--- a/src/idpyoidc/client/service_context.py
+++ b/src/idpyoidc/client/service_context.py
@@ -136,16 +136,16 @@ def __init__(
         else:
             raise ValueError(f"Unknown client type: {client_type}")
 
-        if "client_id" in kwargs:
-            self.entity_id = kwargs["entity_id"]
-        else:
-            self.entity_id = config.conf.get("client_id", "")
+        self.entity_id = kwargs.get("entity_id", kwargs.get("client_id", ""))
+        if not self.entity_id:
+            self.entity_id = config.conf.get("entity_id", config.conf.get("client_id"))
+
         self.cstate = cstate or Current()
 
         self.kid = {"sig": {}, "enc": {}}
 
         self.allow = config.conf.get("allow", {})
-        self.base_url = base_url or config.conf.get("base_url", "")
+        self.base_url = base_url or config.conf.get("base_url", self.entity_id)
         self.provider_info = config.conf.get("provider_info", {})
 
         # Below so my IDE won't complain