Finished release 2.4.

Changelog.md

@@ -2,6 +2,9 @@
 
 All notable changes to this project will be documented in this file.
 
+## [2.4] - 2024-06-25
+- Fixed the issue with client_credentials grant type token in Authentication part.
+
 ## [2.3] - 2024-06-19
 - Changed Modify IP trunk label to Modify ISIS
 

gso/auth/oidc_policy_helper.py

@@ -239,11 +239,14 @@ class OIDCUser(HTTPBearer):
                 logger.info("User is not active", url=request.url, user_info=intercepted_token)
                 raise HTTPException(status_code=HTTPStatus.UNAUTHORIZED, detail="User is not active")
 
-            user_info = await self.userinfo(async_request, token)
-
-            user_info["client_id"] = intercepted_token.get("client_id")
+            client_id = intercepted_token.get("client_id")
+            if "sub" not in intercepted_token:
+                return OIDCUserModel(client_id=client_id)
 
+            user_info = await self.userinfo(async_request, token)
+            user_info["client_id"] = client_id
             logger.debug("OIDCUserModel object.", intercepted_token=intercepted_token)
+
             return user_info
 
     async def check_openid_config(self, async_request: AsyncClient) -> None:

setup.py

@@ -4,7 +4,7 @@ from setuptools import find_packages, setup
 
 setup(
     name="geant-service-orchestrator",
-    version="2.3",
+    version="2.4",
     author="GÉANT Orchestration and Automation Team",
     author_email="goat@geant.org",
     description="GÉANT Service Orchestrator",

test/auth/test_oidc_policy_helper.py

@@ -237,7 +237,7 @@ def test_evaluate_decision_deny_with_auto_error():
 
 @pytest.mark.asyncio()
 async def test_oidc_user_call_with_token(oidc_user, mock_request, mock_async_client):
-    oidc_user.introspect_token = AsyncMock(return_value={"active": True})
+    oidc_user.introspect_token = AsyncMock(return_value={"active": True, "sub": "123", "client_id": "test_client"})
     oidc_user.userinfo = AsyncMock(return_value=OIDCUserModel({"sub": "123", "name": "John Doe"}))
 
     result = await oidc_user.__call__(mock_request, token="test_token")  # noqa: S106
@@ -245,11 +245,24 @@ async def test_oidc_user_call_with_token(oidc_user, mock_request, mock_async_cli
     assert isinstance(result, OIDCUserModel)
     assert result["sub"] == "123"
     assert result["name"] == "John Doe"
+    assert result["client_id"] == "test_client"
+
+
+@pytest.mark.asyncio()
+async def test_oidc_user_call_with_client_credential_token(oidc_user, mock_request, mock_async_client):
+    oidc_user.introspect_token = AsyncMock(return_value={"active": True})
+    oidc_user.userinfo = AsyncMock(return_value=OIDCUserModel({"sub": "123", "name": "John Doe"}))
+
+    result = await oidc_user.__call__(mock_request, token="test_token")  # noqa: S106
+
+    assert isinstance(result, OIDCUserModel)
+    assert result["client_id"] is None
+    oidc_user.userinfo.assert_not_called()
 
 
 @pytest.mark.asyncio()
 async def test_oidc_user_call_inactive_token(oidc_user, mock_request, mock_async_client):
-    oidc_user.introspect_token = AsyncMock(return_value={"active": False})
+    oidc_user.introspect_token = AsyncMock(return_value={"active": False, "sub": "123"})
 
     with pytest.raises(HTTPException) as exc_info:
         await oidc_user.__call__(mock_request, token="test_token")  # noqa: S106
@@ -278,7 +291,7 @@ async def test_oidc_user_call_token_from_request(oidc_user, mock_request, mock_a
     mock_request.state.credentials = Mock()
     mock_request.state.credentials.credentials = "request_token"
 
-    oidc_user.introspect_token = AsyncMock(return_value={"active": True})
+    oidc_user.introspect_token = AsyncMock(return_value={"active": True, "sub": "123"})
     oidc_user.userinfo = AsyncMock(return_value=OIDCUserModel({"sub": "123", "name": "John Doe"}))
 
     result = await oidc_user.__call__(mock_request)  # noqa: PLC2801