rohe
commented
7 years ago Wow, 0.9.0.0 ! That was a long time ago. You should really move to 0.11.1.0 or 0.11.2.0 which will be released in a couple of days.
Closed jkakavas closed 7 years ago
rohe
commented
7 years ago Wow, 0.9.0.0 ! That was a long time ago. You should really move to 0.11.1.0 or 0.11.2.0 which will be released in a couple of days.
jkakavas
commented
7 years ago We stumbled upon this on InAcademia a few months back but it wasn't easy/straightforward to upgrade. We need to do this soon nevertheless
rohe
commented
7 years ago Pyoidc is a moving target and will continue to be so :-)
johanlundberg
commented
7 years ago Created a PR with the latest pyoidc, https://github.com/SUNET/pyop/pull/19. Tests are passing for pyOP but I will see if I can get the tests passing in SATOSA before asking for a merge.
I used a loose requirement of "oic<0.12" for now. Do you think that will be safe enough @rohe? :)
johanlundberg
commented
7 years ago I got stuck on one failing test in SATOSA (https://github.com/SUNET/SATOSA/pull/150) where the tests checks that there should not be a token endpoint set up when implicit flow is used but oic fails to validate a providers configuration when token endpoint is missing. What is the correct resolution to that?
According to oidc spec the token endpoint should not be used in implicit flow but does that mean it can not exist?
rohe
commented
7 years ago The only endpoint that MUST exist is the authorization endpoint. A missing token endpoint when only implicit flow is used is totally permissible.
johanlundberg
commented
7 years ago Ok, then PR #19 should be ok.
We have a dependency to oic==0.9.0.0 but the latest version available is 0.11.1.0. Some of the changes are breaking ( a lot of the tests are failing ). We should investigate what needs to be changed in pyOP in order for us to use the latest pyoidc version