Only load provider metadata when not using dynamic discovery (#166)

Fixes #164
zamzterz · Aug 12, 2023 · b2e1e54 · b2e1e54
1 parent 7e0cded
commit b2e1e54
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 2 deletions.
diff --git a/src/flask_pyoidc/pyoidc_facade.py b/src/flask_pyoidc/pyoidc_facade.py
@@ -39,8 +39,10 @@ def __init__(self, provider_configuration, redirect_uri):
                                            settings=self._provider_configuration.client_settings)
 
         provider_metadata = provider_configuration.ensure_provider_metadata(self._client)
-        self._client.handle_provider_config(ProviderConfigurationResponse(**provider_metadata.to_dict()),
-                                            provider_metadata['issuer'])
+        # Should be called explicitly for "Static Provider Registration" to register the issuer.
+        if not self._client.issuer:
+            self._client.handle_provider_config(ProviderConfigurationResponse(**provider_metadata.to_dict()),
+                                                provider_metadata['issuer'])
 
         if self._provider_configuration.registered_client_metadata:
             client_metadata = self._provider_configuration.registered_client_metadata.to_dict()

diff --git a/tests/test_pyoidc_facade.py b/tests/test_pyoidc_facade.py
@@ -25,6 +25,25 @@ class TestPyoidcFacade:
                                          jwks_uri=PROVIDER_BASEURL + '/jwks')
     CLIENT_METADATA = ClientMetadata('client1', 'secret1')
 
+    @pytest.mark.parametrize('provider_config', [
+        {'issuer': PROVIDER_BASEURL, 'client_registration_info': ClientRegistrationInfo()},
+        {'provider_metadata': PROVIDER_METADATA, 'client_metadata': CLIENT_METADATA}
+    ])
+    @responses.activate
+    def test_should_handle_provider_config_with_static_and_dynamic_provider(self, provider_config):
+        provider_metadata = {
+            'issuer': self.PROVIDER_BASEURL,
+            'authorization_endpoint': self.PROVIDER_BASEURL + '/auth',
+            'jwks_uri': self.PROVIDER_BASEURL + '/jwks'
+        }
+        responses.add(responses.GET,
+                      self.PROVIDER_BASEURL + '/.well-known/openid-configuration',
+                      json=provider_metadata)
+
+        config = ProviderConfiguration(**provider_config)
+        facade = PyoidcFacade(config, REDIRECT_URI)
+        assert facade._client.issuer == self.PROVIDER_BASEURL
+
     def test_registered_client_metadata_is_forwarded_to_pyoidc(self):
         config = ProviderConfiguration(provider_metadata=self.PROVIDER_METADATA, client_metadata=self.CLIENT_METADATA)
         facade = PyoidcFacade(config, REDIRECT_URI)