oauthlib · thedrow · Jun 5, 2018 · Mar 17, 2018 · Mar 17, 2018 · Mar 17, 2018
diff --git a/Makefile b/Makefile
@@ -12,13 +12,27 @@
 # Since these contacts will be addressed with Github mentions they
 # need to be Github users (for now)(sorry Bitbucket).
 #
-clean:
+clean: clean-eggs clean-build
+	@find . -iname '*.pyc' -delete
+	@find . -iname '*.pyo' -delete
+	@find . -iname '*~' -delete
+	@find . -iname '*.swp' -delete
+	@find . -iname '__pycache__' -delete
 	rm -rf .tox
 	rm -rf bottle-oauthlib
 	rm -rf django-oauth-toolkit
 	rm -rf flask-oauthlib
 	rm -rf requests-oauthlib
 
+clean-eggs:
+	@find . -name '*.egg' -print0|xargs -0 rm -rf --
+	@rm -rf .eggs/
+
+clean-build:
+	@rm -fr build/
+	@rm -fr dist/
+	@rm -fr *.egg-info
+
 test:
 	tox
 
@@ -51,7 +65,6 @@ requests:
 	cd requests-oauthlib 2>/dev/null || git clone https://github.com/requests/requests-oauthlib.git
 	cd requests-oauthlib && sed -i.old 's,deps=,deps = --editable=file://{toxinidir}/../[signedtoken],' tox.ini && sed -i.old '/oauthlib/d' requirements.txt && tox
 
-
 .DEFAULT_GOAL := all
 .PHONY: clean test bottle django flask requests
 all: clean test bottle django flask requests
diff --git a/oauthlib/oauth2/__init__.py b/oauthlib/oauth2/__init__.py
@@ -24,7 +24,7 @@
 from .rfc6749.endpoints import MobileApplicationServer
 from .rfc6749.endpoints import LegacyApplicationServer
 from .rfc6749.endpoints import BackendApplicationServer
-from .rfc6749.errors import AccessDeniedError, AccountSelectionRequired, ConsentRequired, FatalClientError, FatalOpenIDClientError, InsecureTransportError, InteractionRequired, InvalidClientError, InvalidClientIdError, InvalidGrantError, InvalidRedirectURIError, InvalidRequestError, InvalidRequestFatalError, InvalidScopeError, LoginRequired, MismatchingRedirectURIError, MismatchingStateError, MissingClientIdError, MissingCodeError, MissingRedirectURIError, MissingResponseTypeError, MissingTokenError, MissingTokenTypeError, OAuth2Error, OpenIDClientError, ServerError, TemporarilyUnavailableError, TokenExpiredError, UnauthorizedClientError, UnsupportedGrantTypeError, UnsupportedResponseTypeError, UnsupportedTokenTypeError
+from .rfc6749.errors import AccessDeniedError, OAuth2Error, FatalClientError, InsecureTransportError, InvalidClientError, InvalidClientIdError, InvalidGrantError, InvalidRedirectURIError, InvalidRequestError, InvalidRequestFatalError, InvalidScopeError, MismatchingRedirectURIError, MismatchingStateError, MissingClientIdError, MissingCodeError, MissingRedirectURIError, MissingResponseTypeError, MissingTokenError, MissingTokenTypeError, ServerError, TemporarilyUnavailableError, TokenExpiredError, UnauthorizedClientError, UnsupportedGrantTypeError, UnsupportedResponseTypeError, UnsupportedTokenTypeError
 from .rfc6749.grant_types import AuthorizationCodeGrant
 from .rfc6749.grant_types import ImplicitGrant
 from .rfc6749.grant_types import ResourceOwnerPasswordCredentialsGrant

diff --git a/oauthlib/oauth2/rfc6749/endpoints/pre_configured.py b/oauthlib/oauth2/rfc6749/endpoints/pre_configured.py
@@ -1,22 +1,19 @@
 # -*- coding: utf-8 -*-
 """
-oauthlib.oauth2.rfc6749
-~~~~~~~~~~~~~~~~~~~~~~~
+oauthlib.oauth2.rfc6749.endpoints.pre_configured
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-This module is an implementation of various logic needed
-for consuming and providing OAuth 2.0 RFC6749.
+This module is an implementation of various endpoints needed
+for providing OAuth 2.0 RFC6749 servers.
 """
 from __future__ import absolute_import, unicode_literals
 
-from ..grant_types import (AuthCodeGrantDispatcher, AuthorizationCodeGrant,
-                           AuthTokenGrantDispatcher,
+from ..grant_types import (AuthorizationCodeGrant,
                            ClientCredentialsGrant,
-                           ImplicitTokenGrantDispatcher, ImplicitGrant,
-                           OpenIDConnectAuthCode, OpenIDConnectImplicit,
-                           OpenIDConnectHybrid,
+                           ImplicitGrant,
                            RefreshTokenGrant,
                            ResourceOwnerPasswordCredentialsGrant)
-from ..tokens import BearerToken, JWTToken
+from ..tokens import BearerToken
 from .authorization import AuthorizationEndpoint
 from .introspect import IntrospectEndpoint
 from .resource import ResourceEndpoint
@@ -51,46 +48,28 @@ def __init__(self, request_validator, token_expires_in=None,
             request_validator)
         credentials_grant = ClientCredentialsGrant(request_validator)
         refresh_grant = RefreshTokenGrant(request_validator)
-        openid_connect_auth = OpenIDConnectAuthCode(request_validator)
-        openid_connect_implicit = OpenIDConnectImplicit(request_validator)
-        openid_connect_hybrid = OpenIDConnectHybrid(request_validator)
 
         bearer = BearerToken(request_validator, token_generator,
                              token_expires_in, refresh_token_generator)
 
-        jwt = JWTToken(request_validator, token_generator,
-                       token_expires_in, refresh_token_generator)
-
-        auth_grant_choice = AuthCodeGrantDispatcher(default_auth_grant=auth_grant, oidc_auth_grant=openid_connect_auth)
-        implicit_grant_choice = ImplicitTokenGrantDispatcher(default_implicit_grant=implicit_grant, oidc_implicit_grant=openid_connect_implicit)
-
-        # See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Combinations for valid combinations
-        # internally our AuthorizationEndpoint will ensure they can appear in any order for any valid combination
         AuthorizationEndpoint.__init__(self, default_response_type='code',
                                        response_types={
-                                           'code': auth_grant_choice,
-                                           'token': implicit_grant_choice,
-                                           'id_token': openid_connect_implicit,
-                                           'id_token token': openid_connect_implicit,
-                                           'code token': openid_connect_hybrid,
-                                           'code id_token': openid_connect_hybrid,
-                                           'code id_token token': openid_connect_hybrid,
+                                           'code': auth_grant,
+                                           'token': implicit_grant,
                                            'none': auth_grant
                                        },
                                        default_token_type=bearer)
 
-        token_grant_choice = AuthTokenGrantDispatcher(request_validator, default_token_grant=auth_grant, oidc_token_grant=openid_connect_auth)
-
         TokenEndpoint.__init__(self, default_grant_type='authorization_code',
                                grant_types={
-                                   'authorization_code': token_grant_choice,
+                                   'authorization_code': auth_grant,
                                    'password': password_grant,
                                    'client_credentials': credentials_grant,
                                    'refresh_token': refresh_grant,
                                },
                                default_token_type=bearer)
         ResourceEndpoint.__init__(self, default_token='Bearer',
-                                  token_types={'Bearer': bearer, 'JWT': jwt})
+                                  token_types={'Bearer': bearer})
         RevocationEndpoint.__init__(self, request_validator)
         IntrospectEndpoint.__init__(self, request_validator)
 

diff --git a/oauthlib/oauth2/rfc6749/errors.py b/oauthlib/oauth2/rfc6749/errors.py
@@ -274,106 +274,6 @@ class UnsupportedTokenTypeError(OAuth2Error):
     error = 'unsupported_token_type'
 
 
-class FatalOpenIDClientError(FatalClientError):
-    pass
-
-
-class OpenIDClientError(OAuth2Error):
-    pass
-
-
-class InteractionRequired(OpenIDClientError):
-    """
-    The Authorization Server requires End-User interaction to proceed.
-
-    This error MAY be returned when the prompt parameter value in the
-    Authentication Request is none, but the Authentication Request cannot be
-    completed without displaying a user interface for End-User interaction.
-    """
-    error = 'interaction_required'
-    status_code = 401
-
-
-class LoginRequired(OpenIDClientError):
-    """
-    The Authorization Server requires End-User authentication.
-
-    This error MAY be returned when the prompt parameter value in the
-    Authentication Request is none, but the Authentication Request cannot be
-    completed without displaying a user interface for End-User authentication.
-    """
-    error = 'login_required'
-    status_code = 401
-
-
-class AccountSelectionRequired(OpenIDClientError):
-    """
-    The End-User is REQUIRED to select a session at the Authorization Server.
-
-    The End-User MAY be authenticated at the Authorization Server with
-    different associated accounts, but the End-User did not select a session.
-    This error MAY be returned when the prompt parameter value in the
-    Authentication Request is none, but the Authentication Request cannot be
-    completed without displaying a user interface to prompt for a session to
-    use.
-    """
-    error = 'account_selection_required'
-
-
-class ConsentRequired(OpenIDClientError):
-    """
-    The Authorization Server requires End-User consent.
-
-    This error MAY be returned when the prompt parameter value in the
-    Authentication Request is none, but the Authentication Request cannot be
-    completed without displaying a user interface for End-User consent.
-    """
-    error = 'consent_required'
-    status_code = 401
-
-
-class InvalidRequestURI(OpenIDClientError):
-    """
-    The request_uri in the Authorization Request returns an error or
-    contains invalid data.
-    """
-    error = 'invalid_request_uri'
-    description = 'The request_uri in the Authorization Request returns an ' \
-                  'error or contains invalid data.'
-
-
-class InvalidRequestObject(OpenIDClientError):
-    """
-    The request parameter contains an invalid Request Object.
-    """
-    error = 'invalid_request_object'
-    description = 'The request parameter contains an invalid Request Object.'
-
-
-class RequestNotSupported(OpenIDClientError):
-    """
-    The OP does not support use of the request parameter.
-    """
-    error = 'request_not_supported'
-    description = 'The request parameter is not supported.'
-
-
-class RequestURINotSupported(OpenIDClientError):
-    """
-    The OP does not support use of the request_uri parameter.
-    """
-    error = 'request_uri_not_supported'
-    description = 'The request_uri parameter is not supported.'
-
-
-class RegistrationNotSupported(OpenIDClientError):
-    """
-    The OP does not support use of the registration parameter.
-    """
-    error = 'registration_not_supported'
-    description = 'The registration parameter is not supported.'
-
-
 class InvalidTokenError(OAuth2Error):
     """
     The access token provided is expired, revoked, malformed, or
@@ -402,6 +302,29 @@ class InsufficientScopeError(OAuth2Error):
                    "the access token.")
 
 
+class ConsentRequired(OAuth2Error):
+    """
+    The Authorization Server requires End-User consent.
+
+    This error MAY be returned when the prompt parameter value in the
+    Authentication Request is none, but the Authentication Request cannot be
+    completed without displaying a user interface for End-User consent.
+    """
+    error = 'consent_required'
+    status_code = 401
+
+class LoginRequired(OAuth2Error):
+    """
+    The Authorization Server requires End-User authentication.
+
+    This error MAY be returned when the prompt parameter value in the
+    Authentication Request is none, but the Authentication Request cannot be
+    completed without displaying a user interface for End-User authentication.
+    """
+    error = 'login_required'
+    status_code = 401
+
+
 def raise_from_error(error, params=None):
     import inspect
     import sys

diff --git a/oauthlib/oauth2/rfc6749/grant_types/__init__.py b/oauthlib/oauth2/rfc6749/grant_types/__init__.py
@@ -10,11 +10,3 @@
 from .resource_owner_password_credentials import ResourceOwnerPasswordCredentialsGrant
 from .client_credentials import ClientCredentialsGrant
 from .refresh_token import RefreshTokenGrant
-from .openid_connect import OpenIDConnectBase
-from .openid_connect import OpenIDConnectAuthCode
-from .openid_connect import OpenIDConnectImplicit
-from .openid_connect import OpenIDConnectHybrid
-from .openid_connect import OIDCNoPrompt
-from .openid_connect import AuthCodeGrantDispatcher
-from .openid_connect import AuthTokenGrantDispatcher
-from .openid_connect import ImplicitTokenGrantDispatcher
diff --git a/oauthlib/oauth2/rfc6749/request_validator.py b/oauthlib/oauth2/rfc6749/request_validator.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 """
-oauthlib.oauth2.rfc6749.grant_types
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+oauthlib.oauth2.rfc6749.request_validator
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 """
 from __future__ import absolute_import, unicode_literals
 

diff --git a/oauthlib/oauth2/rfc6749/tokens.py b/oauthlib/oauth2/rfc6749/tokens.py
@@ -315,43 +315,3 @@ def estimate_type(self, request):
             return 5
         else:
             return 0
-
-
-class JWTToken(TokenBase):
-    __slots__ = (
-        'request_validator', 'token_generator',
-        'refresh_token_generator', 'expires_in'
-    )
-
-    def __init__(self, request_validator=None, token_generator=None,
-                 expires_in=None, refresh_token_generator=None):
-        self.request_validator = request_validator
-        self.token_generator = token_generator or random_token_generator
-        self.refresh_token_generator = (
-            refresh_token_generator or self.token_generator
-        )
-        self.expires_in = expires_in or 3600
-
-    def create_token(self, request, refresh_token=False, save_token=False):
-        """Create a JWT Token, using requestvalidator method."""
-
-        if callable(self.expires_in):
-            expires_in = self.expires_in(request)
-        else:
-            expires_in = self.expires_in
-
-        request.expires_in = expires_in
-
-        return self.request_validator.get_jwt_bearer_token(None, None, request)
-
-    def validate_request(self, request):
-        token = get_token_from_header(request)
-        return self.request_validator.validate_jwt_bearer_token(
-            token, request.scopes, request)
-
-    def estimate_type(self, request):
-        split_header = request.headers.get('Authorization', '').split()
-
-        if len(split_header) == 2 and split_header[0] == 'Bearer' and split_header[1].startswith('ey') and split_header[1].count('.') in (2, 4):
-            return 10
-        return 0
diff --git a/oauthlib/openid/__init__.py b/oauthlib/openid/__init__.py
diff --git a/oauthlib/openid/connect/__init__.py b/oauthlib/openid/connect/__init__.py
diff --git a/oauthlib/openid/connect/core/__init__.py b/oauthlib/openid/connect/core/__init__.py