Replace the name callable with function.

src/idpyoidc/server/oauth2/authorization.py

@@ -526,7 +526,7 @@ def _post_parse_request(self, request, client_id, context, **kwargs):
 
         if resource_indicators_config is not None:
             if "policy" not in resource_indicators_config:
-                policy = {"policy": {"callable": validate_resource_indicators_policy}}
+                policy = {"policy": {"function": validate_resource_indicators_policy}}
                 resource_indicators_config.update(policy)
             request = self._enforce_resource_indicators_policy(request, resource_indicators_config)
 
@@ -536,25 +536,25 @@ def _enforce_resource_indicators_policy(self, request, config):
         _context = self.upstream_get("context")
 
         policy = config["policy"]
-        callable = policy["callable"]
+        function = policy["function"]
         kwargs = policy.get("kwargs", {})
 
         if kwargs.get("resource_servers_per_client", None) is None:
             kwargs["resource_servers_per_client"] = {
                 request["client_id"]: request["client_id"]
             }
 
-        if isinstance(callable, str):
+        if isinstance(function, str):
             try:
-                fn = importer(callable)
+                fn = importer(function)
             except Exception:
-                raise ImproperlyConfigured(f"Error importing {callable} policy callable")
+                raise ImproperlyConfigured(f"Error importing {function} policy function")
         else:
-            fn = callable
+            fn = function
         try:
             return fn(request, context=_context, **kwargs)
         except Exception as e:
-            logger.error(f"Error while executing the {fn} policy callable: {e}")
+            logger.error(f"Error while executing the {fn} policy function: {e}")
             return self.error_cls(error="server_error", error_description="Internal server error")
 
     def pick_authn_method(self, request, redirect_uri, acr=None, **kwargs):

src/idpyoidc/server/oauth2/token_helper/access_token.py

@@ -58,7 +58,7 @@ def process_request(self, req: Union[Message, dict], **kwargs):
 
         if resource_indicators_config is not None:
             if "policy" not in resource_indicators_config:
-                policy = {"policy": {"callable": validate_resource_indicators_policy}}
+                policy = {"policy": {"function": validate_resource_indicators_policy}}
                 resource_indicators_config.update(policy)
 
             req = self._enforce_resource_indicators_policy(req, resource_indicators_config)
@@ -152,20 +152,20 @@ def _enforce_resource_indicators_policy(self, request, config):
         _context = self.endpoint.upstream_get('context')
 
         policy = config["policy"]
-        callable = policy["callable"]
+        function = policy["function"]
         kwargs = policy.get("kwargs", {})
 
-        if isinstance(callable, str):
+        if isinstance(function, str):
             try:
-                fn = importer(callable)
+                fn = importer(function)
             except Exception:
-                raise ImproperlyConfigured(f"Error importing {callable} policy callable")
+                raise ImproperlyConfigured(f"Error importing {function} policy function")
         else:
-            fn = callable
+            fn = function
         try:
             return fn(request, context=_context, **kwargs)
         except Exception as e:
-            logger.error(f"Error while executing the {fn} policy callable: {e}")
+            logger.error(f"Error while executing the {fn} policy function: {e}")
             return self.error_cls(error="server_error", error_description="Internal server error")
 
     def post_parse_request(

src/idpyoidc/server/oauth2/token_helper/token_exchange.py

@@ -41,7 +41,7 @@ def __init__(self, endpoint, config=None):
                     "urn:ietf:params:oauth:token-type:refresh_token",
                 ],
                 "default_requested_token_type": "urn:ietf:params:oauth:token-type:access_token",
-                "policy": {"": {"callable": validate_token_exchange_policy}},
+                "policy": {"": {"function": validate_token_exchange_policy}},
             }
         else:
             self.config = config
@@ -154,21 +154,21 @@ def _enforce_policy(self, request, token, config):
             subject_token_type = ""
 
         policy = config["policy"][subject_token_type]
-        callable = policy["callable"]
+        function = policy["function"]
         kwargs = policy.get("kwargs", {})
 
-        if isinstance(callable, str):
+        if isinstance(function, str):
             try:
-                fn = importer(callable)
+                fn = importer(function)
             except Exception:
-                raise ImproperlyConfigured(f"Error importing {callable} policy callable")
+                raise ImproperlyConfigured(f"Error importing {function} policy function")
         else:
-            fn = callable
+            fn = function
 
         try:
             return fn(request, context=_context, subject_token=token, **kwargs)
         except Exception as e:
-            logger.error(f"Error while executing the {fn} policy callable: {e}")
+            logger.error(f"Error while executing the {fn} policy function: {e}")
             return self.error_cls(error="server_error", error_description="Internal server error")
 
     def token_exchange_response(self, token, issued_token_type):
@@ -285,9 +285,9 @@ def _validate_configuration(self, config):
             raise ImproperlyConfigured(
                 "Default Token Exchange policy configuration is not defined"
             )
-        if "callable" not in config["policy"][""]:
+        if "function" not in config["policy"][""]:
             raise ImproperlyConfigured(
-                "Missing 'callable' from default Token Exchange policy configuration"
+                "Missing 'function' from default Token Exchange policy configuration"
             )
 
         _default_requested_token_type = config.get("default_requested_token_type",

src/idpyoidc/server/oauth2/token_revocation.py

@@ -86,7 +86,7 @@ def process_request(self, request=None, **kwargs):
             self.policy = _context.cdb[client_id]["token_revocation"]["policy"]
         except Exception:
             self.policy = self.token_revocation_kwargs.get("policy", {
-                "": {"callable": validate_token_revocation_policy}})
+                "": {"function": validate_token_revocation_policy}})
 
         if _token.token_class not in self.token_types_supported:
             desc = (
@@ -108,21 +108,21 @@ def _revoke(self, request, session_info):
             _cls = ""
 
         temp_policy = self.policy[_cls]
-        callable = temp_policy["callable"]
+        function = temp_policy["function"]
         kwargs = temp_policy.get("kwargs", {})
 
-        if isinstance(callable, str):
+        if isinstance(function, str):
             try:
-                fn = importer(callable)
+                fn = importer(function)
             except Exception:
-                raise ImproperlyConfigured(f"Error importing {callable} policy callable")
+                raise ImproperlyConfigured(f"Error importing {function} policy function")
         else:
-            fn = callable
+            fn = function
 
         try:
             return fn(_token, session_info=session_info, **kwargs)
         except Exception as e:
-            logger.error(f"Error while executing the {fn} policy callable: {e}")
+            logger.error(f"Error while executing the {fn} policy function: {e}")
             return self.error_cls(error="server_error", error_description="Internal server error")
 
 

tests/private/token_jwks.json

@@ -1 +1 @@
-{"keys": [{"kty": "oct", "use": "enc", "kid": "code", "k": "vSHDkLBHhDStkR0NWu8519rmV5zmnm5_"}, {"kty": "oct", "use": "enc", "kid": "refresh", "k": "nSZ0kdDYyJn4d0Oy67Z1okgykXRhCcKk"}]}
+{"keys": [{"kty": "oct", "use": "enc", "kid": "code", "k": "vSHDkLBHhDStkR0NWu8519rmV5zmnm5_"}, {"kty": "oct", "use": "enc", "kid": "refresh", "k": "XeeoaV1P5eINXBFEDU2U_YBXqsjJE0uD"}]}

tests/pub_client.jwks

@@ -1 +1 @@
-{"keys": [{"kty": "EC", "use": "sig", "kid": "azZQQ2FEQjh3QnVZWVdrbHJkMEZSaWR6aVJ0LTBjeUFfeWRlbTRrRFZ5VQ", "crv": "P-256", "x": "2ADe18caWWGp6hpRbfa9HqQHDFNpid9xUmR56Wzm_wc", "y": "HnD_8QBanz4Y-UF8mKQFZXfqkGkXUSm34mLsdDKtSyk"}, {"kty": "RSA", "use": "sig", "kid": "SHEyYWcwNVk0LTdROTZzZ2FUWndIVXdack0xWUM5SEpwcS03dVUxWU4zRQ", "e": "AQAB", "n": "rRz52ddyP9Y2ezSlRsnkt-sjXfV_Ii7vOFX-cStLE3IUlVeSJGEe_kAASLr2r3BE2unjntaxj67NP8D95h_rzG1SpCklTEn-aTe3FOwNyTzUH_oiDVeRoEcf04Y43ciRGYRB5PhI6ii-2lYuig6hyUr776Qxiu6-0zw-M_ay2MgGSy5CEj55dDSvcUyxStUObxGpPWnEvybO1vnE7iJEWGNe0L5uPe5nLidOiR-JwjxSWEx1xZYtIjxaf2Ulu-qu4hwgwBUQdx4bNZyBfljKj55skWuHqPMG3xMjnedQC6Ms5bR3rIkbBpvmgI3kJK-4CZikM6ruyLo94-Lk19aYQw"}]}
+{"keys": [{"kty": "EC", "use": "sig", "kid": "azZQQ2FEQjh3QnVZWVdrbHJkMEZSaWR6aVJ0LTBjeUFfeWRlbTRrRFZ5VQ", "crv": "P-256", "x": "2ADe18caWWGp6hpRbfa9HqQHDFNpid9xUmR56Wzm_wc", "y": "HnD_8QBanz4Y-UF8mKQFZXfqkGkXUSm34mLsdDKtSyk"}, {"kty": "RSA", "use": "sig", "kid": "SHEyYWcwNVk0LTdROTZzZ2FUWndIVXdack0xWUM5SEpwcS03dVUxWU4zRQ", "n": "rRz52ddyP9Y2ezSlRsnkt-sjXfV_Ii7vOFX-cStLE3IUlVeSJGEe_kAASLr2r3BE2unjntaxj67NP8D95h_rzG1SpCklTEn-aTe3FOwNyTzUH_oiDVeRoEcf04Y43ciRGYRB5PhI6ii-2lYuig6hyUr776Qxiu6-0zw-M_ay2MgGSy5CEj55dDSvcUyxStUObxGpPWnEvybO1vnE7iJEWGNe0L5uPe5nLidOiR-JwjxSWEx1xZYtIjxaf2Ulu-qu4hwgwBUQdx4bNZyBfljKj55skWuHqPMG3xMjnedQC6Ms5bR3rIkbBpvmgI3kJK-4CZikM6ruyLo94-Lk19aYQw", "e": "AQAB"}]}

tests/pub_iss.jwks

@@ -1 +1 @@
-{"keys": [{"kty": "EC", "use": "sig", "kid": "SmdKMlVGcG1zMnprdDdXZGpGWEczdHhlZVpGbkx1THpPdUY4d0w4bnZkSQ", "crv": "P-256", "x": "tRHJYm0fsOi0icpGEb33qiDVgt68ltMoYSWdLGhDGz4", "y": "fRpX0i6p5Jigf5I0qwW34PyStosMShwWAWS8x_w5o7E"}, {"kty": "RSA", "use": "sig", "kid": "R0FsaFdqREFaUFp1c0MwbUpsbHVSZ200blBJZWJVMTUtNGsyVlBmdHk5UQ", "e": "AQAB", "n": "2ilgsKVqF92KfhwmosSVeZOaDgb3RF1mbg-pqkmLO6YpOO06LF4V4angF-GhP-ysAm2E75aSIU4tnHVThFlcxTgKFqjYKJQXyVzTVK2r-L2IbvFPaDtvoU6WteybpMlIUVk2po3cFDGObCWYKCm7CUOLlwH0uOpui66P9VSCqdKVKbJRAQBvTSbP10KWPxulfqjWGJtHO5fY7-JVWwOBkG-eHSJIT_uaoPjyvKCZjknq04bLUV9qP78KRQpRyYijBN60w2v8F79baN9CN10TIEjjWKGz0uX0M_YYQzTUoSY5l5ka9RkL3wT4o2iQ1t5nHphX6aA-gqwgCQmi-nvjaw"}]}
+{"keys": [{"kty": "EC", "use": "sig", "kid": "SmdKMlVGcG1zMnprdDdXZGpGWEczdHhlZVpGbkx1THpPdUY4d0w4bnZkSQ", "crv": "P-256", "x": "tRHJYm0fsOi0icpGEb33qiDVgt68ltMoYSWdLGhDGz4", "y": "fRpX0i6p5Jigf5I0qwW34PyStosMShwWAWS8x_w5o7E"}, {"kty": "RSA", "use": "sig", "kid": "R0FsaFdqREFaUFp1c0MwbUpsbHVSZ200blBJZWJVMTUtNGsyVlBmdHk5UQ", "n": "2ilgsKVqF92KfhwmosSVeZOaDgb3RF1mbg-pqkmLO6YpOO06LF4V4angF-GhP-ysAm2E75aSIU4tnHVThFlcxTgKFqjYKJQXyVzTVK2r-L2IbvFPaDtvoU6WteybpMlIUVk2po3cFDGObCWYKCm7CUOLlwH0uOpui66P9VSCqdKVKbJRAQBvTSbP10KWPxulfqjWGJtHO5fY7-JVWwOBkG-eHSJIT_uaoPjyvKCZjknq04bLUV9qP78KRQpRyYijBN60w2v8F79baN9CN10TIEjjWKGz0uX0M_YYQzTUoSY5l5ka9RkL3wT4o2iQ1t5nHphX6aA-gqwgCQmi-nvjaw", "e": "AQAB"}]}

tests/static/jwks.json

@@ -1 +1 @@
-{"keys": [{"kty": "RSA", "use": "sig", "kid": "YnNESFhyQjloMnYzV2VqRGR2a3VCblFLX2h4VGl3TDVlY3FUNkViUE90bw", "e": "AQAB", "n": "2iMaDALTQolz4UaT--GhjriLMyNbrDGlIXxSmgRh17Cm3cuHiyPOIQv1pjZVg4ATU1aafxmFyTfrmtf56tPuJ8yqcNNZC8XadYPAw7PTW9g8GJgLtC8GURJ9GQZD6FYIE6YCou8fYo6yd4b99y2y_vsl06cm9xQnstfp6eyMkcgQyrmdmlbyeuXwvcxsxtGX61MTJtCp4VELmDctJiYP_bD7HNRPV7uqXDMNmWSY0TYL-tg0As4y8-w3wSwmtcfWhnQEraFT0-m4hBpEWHlouuFNXRQIrXbamKxeh6kJNO0wJN8fZ4Ovygf8sE4kEwBPfWO59wxDF7camTpDUqg29Q"}, {"kty": "EC", "use": "sig", "kid": "aWhtalRSTDZmNmRTd1ZDNWZmY3ZGMTNqM1dnLVA2RjQyMi1CNGdOSUNKVQ", "crv": "P-256", "x": "Ww5XVT3CxYN88BpJDZGodRiar0qr8UvPFaRoqzyD1Io", "y": "w23EDFAvwe03NjL5NKtUXwxuVMFmEn3ecJOPbljiDkg"}]}
+{"keys": [{"kty": "RSA", "use": "sig", "kid": "YnNESFhyQjloMnYzV2VqRGR2a3VCblFLX2h4VGl3TDVlY3FUNkViUE90bw", "n": "2iMaDALTQolz4UaT--GhjriLMyNbrDGlIXxSmgRh17Cm3cuHiyPOIQv1pjZVg4ATU1aafxmFyTfrmtf56tPuJ8yqcNNZC8XadYPAw7PTW9g8GJgLtC8GURJ9GQZD6FYIE6YCou8fYo6yd4b99y2y_vsl06cm9xQnstfp6eyMkcgQyrmdmlbyeuXwvcxsxtGX61MTJtCp4VELmDctJiYP_bD7HNRPV7uqXDMNmWSY0TYL-tg0As4y8-w3wSwmtcfWhnQEraFT0-m4hBpEWHlouuFNXRQIrXbamKxeh6kJNO0wJN8fZ4Ovygf8sE4kEwBPfWO59wxDF7camTpDUqg29Q", "e": "AQAB"}, {"kty": "EC", "use": "sig", "kid": "aWhtalRSTDZmNmRTd1ZDNWZmY3ZGMTNqM1dnLVA2RjQyMi1CNGdOSUNKVQ", "crv": "P-256", "x": "Ww5XVT3CxYN88BpJDZGodRiar0qr8UvPFaRoqzyD1Io", "y": "w23EDFAvwe03NjL5NKtUXwxuVMFmEn3ecJOPbljiDkg"}]}

tests/test_server_00a_client_configure.py

@@ -34,14 +34,14 @@
                 ],
                 "policy": {
                     "urn:ietf:params:oauth:token-type:access_token": {
-                        "callable": "/path/to/callable",
+                        "function": "/path/to/function",
                         "kwargs": {"audience": ["https://example.com"], "scopes": ["openid"]},
                     },
                     "urn:ietf:params:oauth:token-type:refresh_token": {
-                        "callable": "/path/to/callable",
+                        "function": "/path/to/function",
                         "kwargs": {"resource": ["https://example.com"], "scopes": ["openid"]},
                     },
-                    "": {"callable": "/path/to/callable", "kwargs": {"scopes": ["openid"]}},
+                    "": {"function": "/path/to/function", "kwargs": {"scopes": ["openid"]}},
                 },
             },
         },

tests/test_server_24_oauth2_resource_indicators.py

@@ -328,7 +328,7 @@ def get_cookie_value(cookie=None, name=None):
                 "request_uri_parameter_supported": True,
                 "resource_indicators": {
                     "policy": {
-                        "callable": validate_authorization_resource_indicators_policy,
+                        "function": validate_authorization_resource_indicators_policy,
                         "kwargs": {
                             "resource_servers_per_client": {
                                 "client_1": ["client_1", "client_2"],
@@ -350,7 +350,7 @@ def get_cookie_value(cookie=None, name=None):
                 ],
                 "resource_indicators": {
                     "policy": {
-                        "callable": validate_token_resource_indicators_policy,
+                        "function": validate_token_resource_indicators_policy,
                         "kwargs": {
                             "resource_servers_per_client": {
                                 "client_1": ["client_2", "client_3"]
@@ -551,7 +551,7 @@ def test_authorization_code_req_per_client(self, create_endpoint_ri_disabled):
         endpoint_context.cdb["client_1"]["resource_indicators"] = {
             "authorization_code": {
                 "policy": {
-                    "callable": validate_authorization_resource_indicators_policy,
+                    "function": validate_authorization_resource_indicators_policy,
                     "kwargs": {
                         "resource_servers_per_client":["client_3"]
                     },

tests/test_server_36_oauth2_token_exchange.py

@@ -352,7 +352,7 @@ def test_token_exchange_per_client(self, token):
             "default_requested_token_type": "urn:ietf:params:oauth:token-type:access_token",
             "policy": {
                 "": {
-                    "callable": "idpyoidc.server.oauth2.token_helper.validate_token_exchange_policy",
+                    "function": "idpyoidc.server.oauth2.token_helper.validate_token_exchange_policy",
                     "kwargs": {"scope": ["openid", "offline_access"]},
                 }
             },
@@ -410,7 +410,7 @@ def test_token_exchange_scopes_per_client(self):
             "default_requested_token_type": "urn:ietf:params:oauth:token-type:access_token",
             "policy": {
                 "": {
-                    "callable": "idpyoidc.server.oauth2.token_helper.validate_token_exchange_policy",
+                    "function": "idpyoidc.server.oauth2.token_helper.validate_token_exchange_policy",
                     "kwargs": {
                         "scope": ["openid", "profile", "offline_access"]
                     },
@@ -468,7 +468,7 @@ def test_token_exchange_unsupported_scopes_per_client(self):
             "default_requested_token_type": "urn:ietf:params:oauth:token-type:access_token",
             "policy": {
                 "": {
-                    "callable": "idpyoidc.server.oauth2.token_helper.validate_token_exchange_policy",
+                    "function": "idpyoidc.server.oauth2.token_helper.validate_token_exchange_policy",
                     "kwargs": {
                         "scope": ["openid", "profile", "offline_access"]
                     },
@@ -522,7 +522,7 @@ def test_token_exchange_no_scopes_requested(self):
             "default_requested_token_type": "urn:ietf:params:oauth:token-type:access_token",
             "policy": {
                 "": {
-                    "callable": "idpyoidc.server.oauth2.token_helper.validate_token_exchange_policy",
+                    "function": "idpyoidc.server.oauth2.token_helper.validate_token_exchange_policy",
                     "kwargs": {
                         "scope": ["openid", "offline_access"]
                     },
@@ -1041,7 +1041,7 @@ def test_token_exchange_unsupported_scope_requested_1(self):
             "default_requested_token_type": "urn:ietf:params:oauth:token-type:access_token",
             "policy": {
                 "": {
-                    "callable": "idpyoidc.server.oauth2.token_helper.validate_token_exchange_policy",
+                    "function": "idpyoidc.server.oauth2.token_helper.validate_token_exchange_policy",
                     "kwargs": {
                         "scope": ["offline_access", "profile"]
                     },
@@ -1130,7 +1130,7 @@ def test_token_exchange_unsupported_scope_requested_2(self):
             "default_requested_token_type": "urn:ietf:params:oauth:token-type:access_token",
             "policy": {
                 "": {
-                    "callable": "idpyoidc.server.oauth2.token_helper.validate_token_exchange_policy",
+                    "function": "idpyoidc.server.oauth2.token_helper.validate_token_exchange_policy",
                     "kwargs": {
                         "scope": ["profile"]
                     },
@@ -1218,7 +1218,7 @@ def test_token_exchange_unsupported_scope_requested_3(self):
             "default_requested_token_type": "urn:ietf:params:oauth:token-type:access_token",
             "policy": {
                 "": {
-                    "callable": "idpyoidc.server.oauth2.token_helper.validate_token_exchange_policy",
+                    "function": "idpyoidc.server.oauth2.token_helper.validate_token_exchange_policy",
                     "kwargs": {
                         "scope": ["offline_access", "profile"]
                     },
@@ -1326,7 +1326,7 @@ def test_token_exchange_unsupported_scope_requested_4(self):
             "default_requested_token_type": "urn:ietf:params:oauth:token-type:access_token",
             "policy": {
                 "": {
-                    "callable": "idpyoidc.server.oauth2.token_helper.validate_token_exchange_policy",
+                    "function": "idpyoidc.server.oauth2.token_helper.validate_token_exchange_policy",
                     "kwargs": {
                         "scope": ["offline_access", "profile"]
                     },
@@ -1424,7 +1424,7 @@ def test_token_exchange_unsupported_scope_requested_5(self):
             "default_requested_token_type": "urn:ietf:params:oauth:token-type:access_token",
             "policy": {
                 "": {
-                    "callable": "idpyoidc.server.oauth2.token_helper.validate_token_exchange_policy",
+                    "function": "idpyoidc.server.oauth2.token_helper.validate_token_exchange_policy",
                     "kwargs": {
                         "scope": ["profile"]
                     },