From 2fe1cdb88e076f624824496c4aba6a8665e991d9 Mon Sep 17 00:00:00 2001
From: Wiliam Souza <wiliamsouza83@gmail.com>
Date: Tue, 30 Jan 2018 17:30:26 -0200
Subject: Openid connect jwt (#488)

* Add JWT token with it the server knows how to validate this new type of token in resource requests

* Change find_token_type sorted function to reverse result and choose the valued estimated token handler

* Add validate_id_token method to RequestValidator

* Added unittest for JWTToken model

* Updated version of Mock

* Add get_jwt_bearer_token and validate_jwt_bearer_token oauthlib.oauth2.RequestValidator and change oauthlib.oauth2.tokens JWTToken to use it

* Change to improve token type estimate test

* Add a note in RequestValidator.validate_jwt_bearer_token about error  5xx rather 4xx
---
 oauthlib/oauth2/rfc6749/endpoints/pre_configured.py | 7 +++++--
 oauthlib/oauth2/rfc6749/endpoints/resource.py       | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

(limited to 'oauthlib/oauth2/rfc6749/endpoints')

diff --git a/oauthlib/oauth2/rfc6749/endpoints/pre_configured.py b/oauthlib/oauth2/rfc6749/endpoints/pre_configured.py
index 07c3715..0c26986 100644
--- a/oauthlib/oauth2/rfc6749/endpoints/pre_configured.py
+++ b/oauthlib/oauth2/rfc6749/endpoints/pre_configured.py
@@ -16,7 +16,7 @@ from ..grant_types import (AuthCodeGrantDispatcher, AuthorizationCodeGrant,
                            OpenIDConnectHybrid,
                            RefreshTokenGrant,
                            ResourceOwnerPasswordCredentialsGrant)
-from ..tokens import BearerToken
+from ..tokens import BearerToken, JWTToken
 from .authorization import AuthorizationEndpoint
 from .resource import ResourceEndpoint
 from .revocation import RevocationEndpoint
@@ -57,6 +57,9 @@ class Server(AuthorizationEndpoint, TokenEndpoint, ResourceEndpoint,
         bearer = BearerToken(request_validator, token_generator,
                              token_expires_in, refresh_token_generator)
 
+        jwt = JWTToken(request_validator, token_generator,
+                       token_expires_in, refresh_token_generator)
+
         auth_grant_choice = AuthCodeGrantDispatcher(default_auth_grant=auth_grant, oidc_auth_grant=openid_connect_auth)
         implicit_grant_choice = ImplicitTokenGrantDispatcher(default_implicit_grant=implicit_grant, oidc_implicit_grant=openid_connect_implicit)
 
@@ -86,7 +89,7 @@ class Server(AuthorizationEndpoint, TokenEndpoint, ResourceEndpoint,
                                },
                                default_token_type=bearer)
         ResourceEndpoint.__init__(self, default_token='Bearer',
-                                  token_types={'Bearer': bearer})
+                                  token_types={'Bearer': bearer, 'JWT': jwt})
         RevocationEndpoint.__init__(self, request_validator)
 
 
diff --git a/oauthlib/oauth2/rfc6749/endpoints/resource.py b/oauthlib/oauth2/rfc6749/endpoints/resource.py
index d03ed21..f19c60c 100644
--- a/oauthlib/oauth2/rfc6749/endpoints/resource.py
+++ b/oauthlib/oauth2/rfc6749/endpoints/resource.py
@@ -83,5 +83,5 @@ class ResourceEndpoint(BaseEndpoint):
         to give an estimation based on the request.
         """
         estimates = sorted(((t.estimate_type(request), n)
-                            for n, t in self.tokens.items()))
+                            for n, t in self.tokens.items()), reverse=True)
         return estimates[0][1] if len(estimates) else None
-- 
cgit v1.2.1


From 32e5ad1509a8d46fa402776f54fbabef4b1ded63 Mon Sep 17 00:00:00 2001
From: Jonathan Huot <JonathanHuot@users.noreply.github.com>
Date: Wed, 28 Feb 2018 15:00:08 +0100
Subject: Rtd docs fix (#515)

* Added sphinx build for developers

Rationale is to build docs locally to prevent RTD to break later.

* Replace manual sphinx into make

* Renamed idan URL to oauthlib community

* Renamed http into https URLs since http is returning 302

* python requests library renamed its home URL

* Add ignore list for "make linkcheck"

linkcheck is doing requests to github with anonymous access, however creating an issue require an logged-in account

* virtualenv changed its homepage and website.

* Fixed broken link
---
 oauthlib/oauth2/rfc6749/endpoints/authorization.py |  2 +-
 oauthlib/oauth2/rfc6749/endpoints/revocation.py    | 12 ++++++------
 oauthlib/oauth2/rfc6749/endpoints/token.py         |  2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)

(limited to 'oauthlib/oauth2/rfc6749/endpoints')

diff --git a/oauthlib/oauth2/rfc6749/endpoints/authorization.py b/oauthlib/oauth2/rfc6749/endpoints/authorization.py
index b6e0734..92cde34 100644
--- a/oauthlib/oauth2/rfc6749/endpoints/authorization.py
+++ b/oauthlib/oauth2/rfc6749/endpoints/authorization.py
@@ -59,7 +59,7 @@ class AuthorizationEndpoint(BaseEndpoint):
 
         # Enforced through the design of oauthlib.common.Request
 
-    .. _`Appendix B`: http://tools.ietf.org/html/rfc6749#appendix-B
+    .. _`Appendix B`: https://tools.ietf.org/html/rfc6749#appendix-B
     """
 
     def __init__(self, default_response_type, default_token_type,
diff --git a/oauthlib/oauth2/rfc6749/endpoints/revocation.py b/oauthlib/oauth2/rfc6749/endpoints/revocation.py
index 4364b81..d5b5b78 100644
--- a/oauthlib/oauth2/rfc6749/endpoints/revocation.py
+++ b/oauthlib/oauth2/rfc6749/endpoints/revocation.py
@@ -5,7 +5,7 @@ oauthlib.oauth2.rfc6749.endpoint.revocation
 
 An implementation of the OAuth 2 `Token Revocation`_ spec (draft 11).
 
-.. _`Token Revocation`: http://tools.ietf.org/html/draft-ietf-oauth-revocation-11
+.. _`Token Revocation`: https://tools.ietf.org/html/draft-ietf-oauth-revocation-11
 """
 from __future__ import absolute_import, unicode_literals
 
@@ -110,11 +110,11 @@ class RevocationEndpoint(BaseEndpoint):
         The client also includes its authentication credentials as described in
         `Section 2.3`_. of [`RFC6749`_].
 
-        .. _`section 1.4`: http://tools.ietf.org/html/rfc6749#section-1.4
-        .. _`section 1.5`: http://tools.ietf.org/html/rfc6749#section-1.5
-        .. _`section 2.3`: http://tools.ietf.org/html/rfc6749#section-2.3
-        .. _`Section 4.1.2`: http://tools.ietf.org/html/draft-ietf-oauth-revocation-11#section-4.1.2
-        .. _`RFC6749`: http://tools.ietf.org/html/rfc6749
+        .. _`section 1.4`: https://tools.ietf.org/html/rfc6749#section-1.4
+        .. _`section 1.5`: https://tools.ietf.org/html/rfc6749#section-1.5
+        .. _`section 2.3`: https://tools.ietf.org/html/rfc6749#section-2.3
+        .. _`Section 4.1.2`: https://tools.ietf.org/html/draft-ietf-oauth-revocation-11#section-4.1.2
+        .. _`RFC6749`: https://tools.ietf.org/html/rfc6749
         """
         if not request.token:
             raise InvalidRequestError(request=request,
diff --git a/oauthlib/oauth2/rfc6749/endpoints/token.py b/oauthlib/oauth2/rfc6749/endpoints/token.py
index ece6325..90fb16f 100644
--- a/oauthlib/oauth2/rfc6749/endpoints/token.py
+++ b/oauthlib/oauth2/rfc6749/endpoints/token.py
@@ -59,7 +59,7 @@ class TokenEndpoint(BaseEndpoint):
 
         # Delegated to each grant type.
 
-    .. _`Appendix B`: http://tools.ietf.org/html/rfc6749#appendix-B
+    .. _`Appendix B`: https://tools.ietf.org/html/rfc6749#appendix-B
     """
 
     def __init__(self, default_grant_type, default_token_type, grant_types):
-- 
cgit v1.2.1