fix ClientSettings import

src/pas/plugins/oidc/plugins.py

@@ -2,10 +2,10 @@
 from AccessControl.class_init import InitializeClass
 from contextlib import contextmanager
 from oic.oic import Client
-from oic.oic.settings import ClientSettings
 from oic.oic.message import OpenIDSchema
 from oic.oic.message import RegistrationResponse
 from oic.utils.authn.client import CLIENT_AUTHN_METHOD
+from oic.utils.settings import ClientSettings
 from pas.plugins.oidc import logger
 from plone.base.utils import safe_text
 from plone.protect.utils import safeWrite
@@ -28,8 +28,8 @@
 
 import itertools
 import plone.api as api
-import string
 import requests
+import string
 
 
 manage_addOIDCPluginForm = PageTemplateFile(
@@ -343,13 +343,15 @@ def get_oauth2_client(self):
         if domain:
             settings = ClientSettings()
             session = requests.Session()
-            session.headers.update({'x-oauth-identity-domain-name': domain})
+            session.headers.update({"x-oauth-identity-domain-name": domain})
             settings.requests_session = session
         else:
             settings = None
         try:
             client = Client(client_authn_method=CLIENT_AUTHN_METHOD, settings=settings)
-            client.allow["issuer_mismatch"] = True  # Some providers aren't configured with configured and issuer urls the same even though they should.
+            client.allow["issuer_mismatch"] = (
+                True  # Some providers aren't configured with configured and issuer urls the same even though they should.
+            )
 
             # registration_response = client.register(provider_info["registration_endpoint"], redirect_uris=...)
             # ... oic.exception.RegistrationError: {'error': 'insufficient_scope',
@@ -366,7 +368,9 @@ def get_oauth2_client(self):
                 # - modify the keybundle objects after provider_config but before they are used.
                 #   - client.keyjar.issuer_keys[issuer].source = ...
                 jwks_uri = client.keyjar.issuer_keys[self.getProperty("issuer")].source
-                client.keyjar.issuer_keys[self.getProperty("issuer")].source = f'{jwks_uri}?identityDomainName={domain}'
+                client.keyjar.issuer_keys[self.getProperty("issuer")].source = (
+                    f"{jwks_uri}?identityDomainName={domain}"
+                )
             info = {
                 "client_id": self.getProperty("client_id"),
                 "client_secret": self.getProperty("client_secret"),

src/pas/plugins/oidc/utils.py

@@ -128,7 +128,7 @@ def authorization_flow_args(plugin: plugins.OIDCPlugin, session: Session) -> dic
         "redirect_uri": plugin.get_redirect_uris(),
     }
     if plugin.getProperty("identity_domain_name"):
-        args['domain'] = plugin.getProperty("identity_domain_name", "")
+        args["domain"] = plugin.getProperty("identity_domain_name", "")
     if plugin.getProperty("use_pkce"):
         # Build a random string of 43 to 128 characters
         # and send it in the request as a base64-encoded urlsafe string of the sha256 hash of that string