Merge pull request #38 from curityio/feature/guides

Updates as part of writing code example article

Author: gary-archer

README.md

@@ -37,7 +37,6 @@ Name                | Type    | Default  | Description
 `debug`             | boolean | `false`  | If set to true, Flask will be in debug mode and write stacktraces if an error occurs. Some extra logging is also printed.
 `port`              | number  | `5443`   | The port that the Flask server should listen to
 `disable_https`     | boolean | `false`  | Set to true to run on http
-`logout_endpoint`   | string  |          | The URL to the logout endpoint at the authentication service. If set, the user will be redirected here after a logout has been made in the application. 
 `base_url`          | string  |          | base url to be added to internal redirects. If this is not configured, the base url will be extracted from the first request to the index page
 `send_parameters_via`|string  | `query_string`|How request parameters should be sent to the authorization endpoint. Valid values are `query_string`, `request_object` or `request_uri`.
 `request_object_keys`|JSON object|       | The JSON Web Key (JWK) used to sign JWTs used when sending authorization request parameters by-value in a request object or by reference in a request URI. For example:<br>`{`<br>`"kty":"RSA",`<br>`"n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",`<br>`"e":"AQAB",`<br>`"d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqijwp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d_cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBznbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFzme1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q",`<br>`"p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPVnwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqVWlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs",`<br>`"q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyumqjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgxkIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk",`<br>`"dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oimYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0",`<br>`"dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk",`<br>`"qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU",`<br>`"alg":"RS256",`<br>`"kid":"2011-04-29"`<br>`}`

app.py

@@ -130,11 +130,10 @@ def logout():
     if 'session_id' in session:
         del _session_store[session['session_id']]
     session.clear()
-    if 'logout_endpoint' in _config:
-        print "Logging out against", _config['logout_endpoint']
-        return redirect(_config['logout_endpoint'] + '?redirect_uri=' + _config['base_url'])
-    return redirect_with_baseurl('/')
-
+    
+    print "Logging out at ", _config['end_session_endpoint']
+    logout_request = _config['end_session_endpoint'] + '?client_id=' + _config['client_id'] + '&post_logout_redirect_uri=' + _config['base_url']
+    return redirect(logout_request)
 
 @_app.route('/refresh')
 def refresh():

client.py

@@ -201,7 +201,7 @@ def get_authn_req_url(self, session, acr, forceAuthN, scope, forceConsent, allow
                         'state': state,
                         'code_challenge': code_challenge,
                         'code_challenge_method': "S256",
-                        'redirect_uri': self.config.get('redirect_uri', "")}
+                        'redirect_uri': self.config.get('redirect_uri')}
 
         if 'authn_parameters' in self.config:
             request_args.update(self.config['authn_parameters'])

config.py

@@ -33,7 +33,7 @@ class Config():
             'issuer',
             'audience',
             'jwks_uri',
-            'logout_endpoint',
+            'end_session_endpoint',
             'port',
             'redirect_uri',
             'revocation_endpoint',

settings.json

@@ -1,13 +1,13 @@
 {
-  "logout_endpoint": "https://localhost:8443/dev/authn/authenticate/logout",
-  "issuer": "https://localhost:8443/dev/oauth/anonymous",
-  "api_endpoint": "http://localhost:5555/hello_world",
+  "issuer": "https://localhost:8443/oauth/v2/oauth-anonymous",
+  "api_endpoint": "https://localhost:3000",
   "verify_ssl_server": false,
   "debug": true,
   "scope": "openid profile email address phone",
   "send_parameters_via": "query",
-  "client_id": "client-two",
-  "client_secret": "sEcrEt@3wo",
+  "client_id": "python-client",
+  "client_secret": "Password1",
+  "redirect_uri": "https://localhost:5443/callback",
   "request_object_key": {
     "kty": "RSA",
     "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",