From dcc9785ece00a922eeaba7c4e8769adc0f3097c7 Mon Sep 17 00:00:00 2001
From: Erez Sharim <erez@crossid.io>
Date: Tue, 21 Mar 2023 17:41:30 +0200
Subject: [PATCH] update example

- update requirements
- only decode nonce and state cookie values
- use the guaranteed email from id token
---
 README.md        |  2 +-
 requirements.txt | 19 ++++++++++---------
 server.py        | 11 ++++++++---
 3 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index 7320210..21b3c60 100644
--- a/README.md
+++ b/README.md
@@ -23,7 +23,7 @@ Then you can run the server with
 CLIENT_ID=<client_id>\
 CLIENT_SECRET=<client_secret> \
 REDIRECT_URI=https://localhost/callback \
-ISSUER_BASE_URL=https://<tenant_id>.crossid.io/oauth2/ \
+ISSUER_BASE_URL=https://<tenant_id>.<region>.crossid.io/oauth2/ \
 python server.py
 ```
 
diff --git a/requirements.txt b/requirements.txt
index f8f7546..70aeeaf 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,18 +1,19 @@
-certifi==2021.5.30
-cffi==1.14.6
+certifi==2022.12.7
+cffi==1.15.1
 charset-normalizer==2.0.6
-cryptography==3.4.8
-cryptojwt==1.5.2
+cryptography==39.0.2
+cryptojwt==1.6.1
 filelock==3.3.0
 idna==3.2
-oidcmsg==1.3.3.post1
+oidcmsg==1.6.0
 pycparser==2.20
-PyJWT==2.1.0
-pyOpenSSL==21.0.0
+PyJWT==2.6.0
+pyOpenSSL==23.0.0
 PyYAML==5.4.1
 readerwriterlock==1.0.9
-requests==2.26.0
-responses==0.14.0
+requests==2.28.2
+responses==0.23.1
 six==1.16.0
 typing-extensions==3.10.0.2
 urllib3==1.26.7
+python-dotenv==1.0.0
diff --git a/server.py b/server.py
index 1632657..2d62898 100644
--- a/server.py
+++ b/server.py
@@ -10,7 +10,9 @@
 from cryptography.fernet import Fernet
 
 from client import OIDCClient
+from dotenv import load_dotenv
 
+load_dotenv()
 
 
 secret = Fernet.generate_key()
@@ -49,8 +51,11 @@ def get_cookies(self):
         cookies = {}
         if self.headers.get('Cookie') != None:
           cookie.load(self.headers.get('Cookie'))
-          for n, c in cookie.items():            
-            cookies[n] = f.decrypt(c.value.encode()).decode()
+          for n, c in cookie.items():          
+            if n in ["nonce", "state"]:
+              cookies[n] = f.decrypt(c.value.encode()).decode()
+            else:
+              cookies[n] = c
 
         return cookies
 
@@ -119,7 +124,7 @@ def callback_GET(self, query):
       self.set_cookies(cookie)
       self.end_headers()
       self.wfile.write('<html><body>Hello {}.<br/><br/>Your access token is: {}<br/><br/>Try to consume  protected resource by:<br /><br /><code>export TOKEN=token...<br />curl -H "Authorization: Bearer $TOKEN" public_url/protected</code><br/><br/><button><a href="{}">Logout</a></button></body></html>'
-                      .format(id_token['name'], tokens.access_token, logout_url).encode())
+                      .format(id_token['email'], tokens.access_token, logout_url).encode())
 
     def has_any_scopes(self, token, scopes) -> bool:
       return len(set(token.get('scp', [])).intersection(scopes)) > 0