Closed jkakavas closed 7 years ago
Wow, 0.9.0.0 ! That was a long time ago. You should really move to 0.11.1.0 or 0.11.2.0 which will be released in a couple of days.
We stumbled upon this on InAcademia a few months back but it wasn't easy/straightforward to upgrade. We need to do this soon nevertheless
Pyoidc is a moving target and will continue to be so :-)
Created a PR with the latest pyoidc, https://github.com/SUNET/pyop/pull/19. Tests are passing for pyOP but I will see if I can get the tests passing in SATOSA before asking for a merge.
I used a loose requirement of "oic<0.12" for now. Do you think that will be safe enough @rohe? :)
I got stuck on one failing test in SATOSA (https://github.com/SUNET/SATOSA/pull/150) where the tests checks that there should not be a token endpoint set up when implicit flow is used but oic fails to validate a providers configuration when token endpoint is missing. What is the correct resolution to that?
According to oidc spec the token endpoint should not be used in implicit flow but does that mean it can not exist?
The only endpoint that MUST exist is the authorization endpoint. A missing token endpoint when only implicit flow is used is totally permissible.
Ok, then PR #19 should be ok.
We have a dependency to oic==0.9.0.0 but the latest version available is 0.11.1.0. Some of the changes are breaking ( a lot of the tests are failing ). We should investigate what needs to be changed in pyOP in order for us to use the latest pyoidc version