Merge pull request #624 from oauthlib/preconf-server-metadata

Preconf server metadata

2 files changed, 70 insertions, 3 deletions

diff --git a/oauthlib/oauth2/rfc6749/endpoints/metadata.py b/oauthlib/oauth2/rfc6749/endpoints/metadata.py
index 6873334..84ddf8f 100644
--- a/oauthlib/oauth2/rfc6749/endpoints/metadata.py
+++ b/oauthlib/oauth2/rfc6749/endpoints/metadata.py
@@ -89,17 +89,19 @@ class MetadataEndpoint(BaseEndpoint):
                     raise ValueError("array {}: {} must contains only string (not {})".format(key, array[key], elem))
 
     def validate_metadata_token(self, claims, endpoint):
-        claims.setdefault("grant_types_supported", list(endpoint._grant_types.keys()))
+        self._grant_types += list(endpoint._grant_types.keys())
         claims.setdefault("token_endpoint_auth_methods_supported", ["client_secret_post", "client_secret_basic"])
 
-        self.validate_metadata(claims, "grant_types_supported", is_list=True)
         self.validate_metadata(claims, "token_endpoint_auth_methods_supported", is_list=True)
         self.validate_metadata(claims, "token_endpoint_auth_signing_alg_values_supported", is_list=True)
         self.validate_metadata(claims, "token_endpoint", is_required=True, is_url=True)
 
     def validate_metadata_authorization(self, claims, endpoint):
-        claims.setdefault("response_types_supported", list(self._response_types.keys()))
+        claims.setdefault("response_types_supported",
+                          list(filter(lambda x: x != "none", endpoint._response_types.keys())))
         claims.setdefault("response_modes_supported", ["query", "fragment"])
+        if "token" in claims["response_types_supported"]:
+            self._grant_types.append("implicit")
 
         self.validate_metadata(claims, "response_types_supported", is_required=True, is_list=True)
         self.validate_metadata(claims, "response_modes_supported", is_list=True)
@@ -183,6 +185,7 @@ class MetadataEndpoint(BaseEndpoint):
         self.validate_metadata(claims, "op_policy_uri", is_url=True)
         self.validate_metadata(claims, "op_tos_uri", is_url=True)
 
+        self._grant_types = []
         for endpoint in self.endpoints:
             if isinstance(endpoint, TokenEndpoint):
                 self.validate_metadata_token(claims, endpoint)
@@ -192,4 +195,7 @@ class MetadataEndpoint(BaseEndpoint):
                 self.validate_metadata_revocation(claims, endpoint)
             if isinstance(endpoint, IntrospectEndpoint):
                 self.validate_metadata_introspection(claims, endpoint)
+
+        claims.setdefault("grant_types_supported", self._grant_types)
+        self.validate_metadata(claims, "grant_types_supported", is_list=True)
         return claims
diff --git a/tests/oauth2/rfc6749/endpoints/test_metadata.py b/tests/oauth2/rfc6749/endpoints/test_metadata.py
index 301e846..875316a 100644
--- a/tests/oauth2/rfc6749/endpoints/test_metadata.py
+++ b/tests/oauth2/rfc6749/endpoints/test_metadata.py
@@ -3,6 +3,7 @@ from __future__ import absolute_import, unicode_literals
 
 from oauthlib.oauth2 import MetadataEndpoint
 from oauthlib.oauth2 import TokenEndpoint
+from oauthlib.oauth2 import Server
 
 from ....unittest import TestCase
 
@@ -36,3 +37,63 @@ class MetadataEndpointTest(TestCase):
         metadata = MetadataEndpoint([], self.metadata)
         self.assertIn("issuer", metadata.claims)
         self.assertEqual(metadata.claims["issuer"], 'https://foo.bar')
+
+    def test_server_metadata(self):
+        endpoint = Server(None)
+        metadata = MetadataEndpoint([endpoint], {
+            "issuer": 'https://foo.bar',
+            "authorization_endpoint": "https://foo.bar/authorize",
+            "introspection_endpoint": "https://foo.bar/introspect",
+            "revocation_endpoint": "https://foo.bar/revoke",
+            "token_endpoint": "https://foo.bar/token",
+            "jwks_uri": "https://foo.bar/certs",
+            "scopes_supported": ["email", "profile"]
+        })
+        expected_claims = {
+            "issuer": "https://foo.bar",
+            "authorization_endpoint": "https://foo.bar/authorize",
+            "introspection_endpoint": "https://foo.bar/introspect",
+            "revocation_endpoint": "https://foo.bar/revoke",
+            "token_endpoint": "https://foo.bar/token",
+            "jwks_uri": "https://foo.bar/certs",
+            "scopes_supported": ["email", "profile"],
+            "grant_types_supported": [
+                "authorization_code",
+                "password",
+                "client_credentials",
+                "refresh_token",
+                "implicit"
+            ],
+            "token_endpoint_auth_methods_supported": [
+                "client_secret_post",
+                "client_secret_basic"
+            ],
+            "response_types_supported": [
+                "code",
+                "token"
+            ],
+            "response_modes_supported": [
+                "query",
+                "fragment"
+            ],
+            "code_challenge_methods_supported": [
+                "plain",
+                "S256"
+            ],
+            "revocation_endpoint_auth_methods_supported": [
+                "client_secret_post",
+                "client_secret_basic"
+            ],
+            "introspection_endpoint_auth_methods_supported": [
+                "client_secret_post",
+                "client_secret_basic"
+            ]
+        }
+
+        def sort_list(claims):
+            for k in claims.keys():
+                claims[k] = sorted(claims[k])
+
+        sort_list(metadata.claims)
+        sort_list(expected_claims)
+        self.assertEqual(sorted(metadata.claims.items()), sorted(expected_claims.items()))