Add pyoidc dependencies and fix package requirements

This commit downgrades pyoidc from 1.7.0 to 1.6.1 to resolve dependency
conflicts with pydantic-core dependency and stx-builder environment.
The pyjwkest package is added to satisfy the missing dependency
required for pyoidc functionality.

This commit also restructures package naming for pyoidc to follow the
Debian python3-* convention for consistency with other Python packages
in the distribution.

Test Plan:
PASS: Build pyjwkest and pyoidc packages.
PASS: Build, install and deploy a image load containing the code
      changes for these packages. Installation succeed for AIO-SX
      environment and packages are installed on runtime system.
PASS: Import exception, message, utils and oic modules from oic library
      and observe that modules are imported successfully.
PASS: Test the current oic common implementation with oic version 1.6.1
      installed at system runtime. Observe that the implementation is
      working as expected using both valid and invalid tokens.

Story: 2011511
Task: 53554

Change-Id: I2736571878cbcf1d528433df7009093b376ad8c9
Signed-off-by: Manoel Benedito Neto <Manoel.BeneditoNeto@windriver.com>

debian_iso_image.inc

@@ -460,8 +460,11 @@ python3.9
 #pynetlink
 pynetlink
 
-#pyoidc
-pyoidc
+#python3-pyjwkest
+python3-pyjwkest
+
+#python3-pyoidc
+python3-pyoidc
 
 #pyzmq
 python3-zmq

debian_pkg_dirs

@@ -99,7 +99,8 @@ ostree/ostree
 ostree/ostree-upgrade-mgr
 python/dh-python
 python/pynetlink
-python/pyoidc
+python/python3-pyjwkest
+python/python3-pyoidc
 python/python-nss
 python/python3-nsenter
 python/python3-setuptools

debian_trixie_iso_image_std.inc

@@ -357,8 +357,11 @@ python3-setuptools
 #pynetlink
 pynetlink
 
-#pyoidc
-pyoidc
+#python3-pyjwkest
+#python3-pyjwkest
+
+#python3-pyoidc
+#python3-pyoidc
 
 #pyzmq
 python3-zmq

debian_trixie_pkg_dirs_std

@@ -94,7 +94,8 @@ ostree/ostree-upgrade-mgr
 python/dh-python
 python/python-eventlet
 python/pynetlink
-python/pyoidc
+# python/python3-pyjwkest
+# python/python3-pyoidc
 python/python-nss
 python/python3-nsenter
 python/python3-setuptools

python/pyoidc/debian/all/deb_folder/changelog

@@ -1,5 +0,0 @@
-pyoidc (1.7.0-ff005c8a3234539609be324bafb2f5ff344ec621) unstable; urgency=medium
-
-  * Initial release.
-
- -- Manoel Benedito Neto <manoel.beneditoneto@windriver.com>  Thu, 28 Aug 2025 17:37:40 -0300

python/pyoidc/debian/all/deb_folder/source/format

@@ -1 +0,0 @@
-3.0 (quilt)

python/pyoidc/debian/all/meta_data.yaml

@@ -1,11 +0,0 @@
----
-debname: pyoidc
-debver: 1.7.0-ff005c8a3234539609be324bafb2f5ff344ec621
-dl_path:
-  name: ff005c8a3234539609be324bafb2f5ff344ec621.tar.gz
-  url: https://github.com/CZ-NIC/pyoidc/archive/ff005c8a3234539609be324bafb2f5ff344ec621.tar.gz
-  md5sum: aa01992e44398260433168d0e730b0b3
-  sha256sum: 319bef978f30ebc048e0d8ac9090c43cfebaf5fa6c3c6b34a06f17485f8e29ef
-revision:
-  dist: $STX_DIST
-  PKG_GITREVCOUNT: true

python/python3-pyjwkest/debian/all/deb_folder/changelog

@@ -0,0 +1,5 @@
+pyjwkest (1.4.4) unstable; urgency=medium
+
+  * Initial release.
+
+ -- Manoel Benedito Neto <manoel.beneditoneto@windriver.com>  Thu, 04 Dec 2025 17:02:34 -0300

python/python3-pyjwkest/debian/all/deb_folder/control

@@ -0,0 +1,24 @@
+Source: pyjwkest
+Section: python
+Priority: optional
+Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
+Build-Depends: debhelper-compat (= 13),
+ dh-python,
+ python3-all,
+ python3-setuptools,
+ python3-wheel
+Standards-Version: 4.6.0
+
+Package: python3-pyjwkest
+Architecture: all
+Depends: ${python3:Depends}, ${misc:Depends}
+Description: Python implementation of JWT, JWE, JWS and JWK.
+
+Package: python3-pyjwkest-wheel
+Architecture: all
+Section: python
+Depends: ${misc:Depends}
+Description: Python implementation of JWT, JWE, JWS and JWK (wheel)
+ .
+ This is the support package for the PEP 427 wheel version of the package,
+ required for using pip inside a virtual environment.

python/python3-pyjwkest/debian/all/deb_folder/copyright

@@ -0,0 +1,20 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: pyjwkest
+Source: https://github.com/IdentityPython/pyjwkest
+
+Files: *
+Copyright: 2018 Roland Hedberg (roland@catalogix.se)
+License: Apache-2.0
+
+License: Apache-2.0
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.

python/python3-pyjwkest/debian/all/deb_folder/python3-pyjwkest.install

@@ -0,0 +1,2 @@
+usr/bin
+usr/lib/python3/dist-packages

python/python3-pyjwkest/debian/all/deb_folder/rules

@@ -0,0 +1,24 @@
+#!/usr/bin/make -f
+export DH_VERBOSE = 1
+export PYTHONDONTWRITEBYTECODE=1
+
+export PYBUILD_NAME=pyjwkest
+export ROOT=debian/tmp
+
+DEBIAN_DIR := $(CURDIR)/debian/tmp
+
+%:
+	dh $@ --with python3 --buildsystem=pybuild
+
+override_dh_install:
+	python3 setup.py install -f --install-layout=deb --root=$(CURDIR)/debian/tmp
+	python3 setup.py bdist_wheel \
+		--universal \
+		-d ${CURDIR}/debian/python3-pyjwkest-wheel/usr/share/python-wheels
+	dh_install
+
+override_dh_auto_test:
+	echo "do nothing..."
+
+override_dh_python3:
+	dh_python3 --shebang=/usr/bin/python3

python/python3-pyjwkest/debian/all/deb_folder/source/format

@@ -0,0 +1 @@
+3.0 (native)

python/python3-pyjwkest/debian/all/meta_data.yaml

@@ -0,0 +1,10 @@
+---
+debname: pyjwkest
+debver: 1.4.4
+dl_path:
+  name: pyjwkest-1.4.4.tar.gz
+  url: https://github.com/IdentityPython/pyjwkest/archive/refs/tags/v1.4.4.tar.gz
+  sha256sum: be1d5ef1acf2106c14f7e7fae9c7e75cb53470c1a520299e0d0beab2edcbe126
+revision:
+  dist: $STX_DIST
+  PKG_GITREVCOUNT: true

python/python3-pyoidc/debian/all/deb_folder/changelog

@@ -0,0 +1,5 @@
+pyoidc (1.6.1) unstable; urgency=medium
+
+  * Initial release.
+
+ -- Manoel Benedito Neto <manoel.beneditoneto@windriver.com>  Thu, 04 Dec 2025 17:02:34 -0300

python/python3-pyoidc/debian/all/deb_folder/control

@@ -6,16 +6,22 @@ Build-Depends: debhelper-compat (= 13),
  dh-python,
  python3-all,
  python3-setuptools,
- python3-wheel,
+ python3-wheel
 Standards-Version: 4.5.1
 
-Package: pyoidc
+Package: python3-pyoidc
 Section: python
 Architecture: all
 Depends: ${python3:Depends}, ${misc:Depends},
+ python3-defusedxml,
+ python3-mako,
+ python3-pycryptodome,
+ python3-cryptography,
+ python3-requests,
+ python3-typing-extensions
 Description: Python implementation of OAuth2 and OpenID Connect.
 
-Package: pyoidc-wheel
+Package: python3-pyoidc-wheel
 Architecture: all
 Depends: ${python3:Depends}, ${misc:Depends}, python3-wheel
 Description: Python implementation of OAuth2 and OpenID Connect.

python/python3-pyoidc/debian/all/deb_folder/patches/0001-Revert-move-to-pydantic-settings-from-pydantic.patch

@@ -0,0 +1,49 @@
+From 5d2c3a1e39caff5b8f96978bcd52542c359a06d9 Mon Sep 17 00:00:00 2001
+From: Manoel Benedito Neto <Manoel.BeneditoNeto@windriver.com>
+Date: Thu, 18 Dec 2025 16:39:42 -0300
+Subject: [PATCH] Revert "move to pydantic-settings from pydantic (#862)"
+
+This reverts commit 35c5afad8f51cbeea46e43b1023261dbda456910.
+---
+ setup.py                  | 2 +-
+ src/oic/utils/settings.py | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/setup.py b/setup.py
+index 70a4f9e3..a56df08d 100755
+--- a/setup.py
++++ b/setup.py
+@@ -87,7 +87,7 @@ setup(
+     install_requires=[
+         "requests",
+         "pycryptodomex",
+-        "pydantic-settings",
++        "pydantic",
+         "pyjwkest>=1.3.6",
+         "mako",
+         "cryptography",
+diff --git a/src/oic/utils/settings.py b/src/oic/utils/settings.py
+index 77ea6a37..c4cda7e2 100644
+--- a/src/oic/utils/settings.py
++++ b/src/oic/utils/settings.py
+@@ -9,7 +9,7 @@ Settings for oic objects.
+ In order to configure some objects in PyOIDC, you need a settings object.
+ If you need to add some settings, make sure that you settings class inherits from the appropriate class in this module.
+ 
+-The settings make use of `pydantic-settings <https://docs.pydantic.dev/usage/settings/>`_ library.
++The settings make use of `pydantic <https://docs.pydantic.dev/usage/settings/>`_ library.
+ It is possible to instance them directly or use environment values to fill the settings.
+ """
+ from typing import Optional
+@@ -17,7 +17,7 @@ from typing import Tuple
+ from typing import Union
+ 
+ import requests
+-from pydantic_settings import BaseSettings
++from pydantic import BaseSettings
+ 
+ 
+ class PyoidcSettings(BaseSettings):
+-- 
+2.34.1
+

python/python3-pyoidc/debian/all/deb_folder/patches/0002-Revert-improve-settings-by-using-pydantic.patch

@@ -0,0 +1,228 @@
+From 2cb26cf20c34707988f7e5195a7ada79c01a5028 Mon Sep 17 00:00:00 2001
+From: Manoel Benedito Neto <Manoel.BeneditoNeto@windriver.com>
+Date: Thu, 18 Dec 2025 17:31:33 -0300
+Subject: [PATCH] Revert "Improve settings by using pydantic"
+
+This reverts commit 9670f833391de4ba47e6b9a895e9f9979267cced.
+---
+ CHANGELOG.md              |  21 --------
+ doc/conf.py               |   7 ---
+ setup.py                  |   3 +-
+ src/oic/utils/settings.py | 104 ++++++++++++++++++++++++++++----------
+ 4 files changed, 79 insertions(+), 56 deletions(-)
+
+diff --git a/CHANGELOG.md b/CHANGELOG.md
+index dff9557d..36b8b977 100644
+--- a/CHANGELOG.md
++++ b/CHANGELOG.md
+@@ -7,27 +7,6 @@ The format is based on the [KeepAChangeLog] project.
+ 
+ ## Unreleased
+ 
+-## 1.6.1 [2023-07-13]
+-- [#862] Fixed pydantic dependency
+-
+-[#862]: https://github.com/CZ-NIC/pyoidc/pull/862
+-
+-## 1.6.0 [2023-05-15]
+-
+-- [#854] Improve OIDC Session Management support by using the `session_state` parameter from an *Authentication Response* (if available) as a key to store `Consumer` data.
+-
+-### Changed
+-- [#847] Using pydantic for settings instead of custom class
+-- [#851], [#852] Add `authn_method` to `Consumer.complete`
+-
+-## Fixed
+-- [#857] Made oauth_example less broken
+-
+-[#847]: https://github.com/CZ-NIC/pyoidc/pull/847
+-[#851]: https://github.com/CZ-NIC/pyoidc/issues/851
+-[#852]: https://github.com/CZ-NIC/pyoidc/pull/852
+-[#857]: https://github.com/CZ-NIC/pyoidc/pull/857
+-
+ ## 1.5.0 [2022-12-14]
+ 
+ ### Changed
+diff --git a/doc/conf.py b/doc/conf.py
+index 7351e836..4eef9c4d 100644
+--- a/doc/conf.py
++++ b/doc/conf.py
+@@ -1,19 +1,12 @@
+ import alabaster
+-import os
+-import sys
+-
+-sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..', 'src')))
+ 
+ extensions = [
+     'sphinx.ext.autodoc',
+     'sphinx.ext.napoleon',
+-    'sphinxcontrib.autodoc_pydantic',
+ ]
+ 
+ autoclass_content = 'both'  # Merge the __init__ docstring into the class docstring.
+ autodoc_member_order = 'bysource'  # Order by source ordering
+-autodoc_pydantic_model_show_config = True
+-autodoc_pydantic_settings_show_json = False
+ 
+ templates_path = ['_templates']
+ 
+diff --git a/setup.py b/setup.py
+index a56df08d..8b14d65d 100755
+--- a/setup.py
++++ b/setup.py
+@@ -78,7 +78,7 @@ setup(
+     extras_require={
+         'develop': ["cherrypy==3.2.4", "pyOpenSSL"],
+         'testing': tests_requires,
+-        'docs': ['Sphinx', 'sphinx-autobuild', 'alabaster', 'autodoc_pydantic'],
++        'docs': ['Sphinx', 'sphinx-autobuild', 'alabaster'],
+         'quality': ['pylama', 'isort', 'eradicate', 'mypy', 'black', 'bandit', 'readme_renderer[md]'],
+         'types': ['types-requests'],
+         'ldap_authn': ['python-ldap'],
+@@ -87,7 +87,6 @@ setup(
+     install_requires=[
+         "requests",
+         "pycryptodomex",
+-        "pydantic",
+         "pyjwkest>=1.3.6",
+         "mako",
+         "cryptography",
+diff --git a/src/oic/utils/settings.py b/src/oic/utils/settings.py
+index c4cda7e2..0a2730e2 100644
+--- a/src/oic/utils/settings.py
++++ b/src/oic/utils/settings.py
+@@ -8,48 +8,97 @@ Settings for oic objects.
+ 
+ In order to configure some objects in PyOIDC, you need a settings object.
+ If you need to add some settings, make sure that you settings class inherits from the appropriate class in this module.
+-
+-The settings make use of `pydantic <https://docs.pydantic.dev/usage/settings/>`_ library.
+-It is possible to instance them directly or use environment values to fill the settings.
+ """
++import typing
+ from typing import Optional
+ from typing import Tuple
+ from typing import Union
+ 
+ import requests
+-from pydantic import BaseSettings
+ 
+ 
+-class PyoidcSettings(BaseSettings):
+-    """Main class for all settings shared among consumer and client."""
++class SettingsException(Exception):
++    """Exception raised by misconfigured settings class."""
+ 
+-    verify_ssl: Union[bool, str] = True
+-    """
+-    Control TLS server certificate validation:
+ 
+-    * If set to True the certificate is validated against the global settings,
+-    * If set to False, no validation is performed.
+-    * If set to a filename this is used as a certificate bundle in openssl format.
+-    * If set to a directory name this is used as a CA directory in the openssl format.
+-    """
+-    client_cert: Union[None, str, Tuple[str, str]] = None
++class PyoidcSettings:
+     """
+-    Local cert to use as client side certificate.
+-    Can be a single file (containing the private key and the certificate) or a tuple of both file's path.
+-    """
+-    timeout: Union[float, Tuple[float, float]] = 5
+-    """
+-    Timeout for requests library.
+-    Can be specified either as a single float or as a tuple of floats.
+-    For more details, refer to ``requests`` documentation.
++    Main class for all settings shared among consumer and client.
++
++    Keyword Args:
++        verify_ssl
++            Control TLS server certificate validation.
++            If set to True the certificate is validated against the global settings,
++            if set to False, no validation is performed.
++            If set to a filename this is used as a certificate bundle in openssl format.
++            If set to a directory name this is used as a CA directory in the openssl format.
++        client_cert
++            Local cert to use as client side certificate.
++            Can be a single file (containing the private key and the certificate) or a tuple of both file's path.
++        timeout
++            Timeout for requests library.
++            Can be specified either as a single float or as a tuple of floats.
++            For more details, refer to ``requests`` documentation.
++
+     """
+ 
++    def __init__(
++        self,
++        verify_ssl: Union[bool, str] = True,
++        client_cert: Union[None, str, Tuple[str, str]] = None,
++        timeout: Union[float, Tuple[float, float]] = 5,
++    ):
++        self.verify_ssl = verify_ssl
++        self.client_cert = client_cert
++        self.timeout = timeout
++
++    def __setattr__(self, name, value):
++        """This attempts to check if value matches the expected value."""
++        annotation = typing.get_type_hints(self.__init__)[name]  # type: ignore
++        # Expand Union -> Since 3.8, this can be written as typing.get_origin
++        if getattr(annotation, "__origin__", annotation) is Union:
++            expanded = tuple(an for an in annotation.__args__)
++        else:
++            expanded = (annotation,)
++        # Convert Generics
++        # FIXME: this doesn't check the args of the generic
++        resolved = tuple(getattr(an, "__origin__", an) for an in expanded)
++        # Add int if float is present
++        if float in resolved:
++            resolved = resolved + (int,)
++        # FIXME: Add more valid substitution
++        if isinstance(value, resolved):
++            # FIXME: Handle bool being an instance of int...
++            super().__setattr__(name, value)
++        else:
++            raise SettingsException(
++                "%s has a type of %s, expected any of %s."
++                % (name, type(value), resolved),
++            )
++
+ 
+ class ClientSettings(PyoidcSettings):
+-    """Base settings for consumer shared among OAuth 2.0 and OpenID Connect."""
++    """
++    Base settings for consumer shared among OAuth 2.0 and OpenID Connect.
++
++    Keyword Args:
++        requests_session
++            Instance of `requests.Session` with configuration options.
+ 
+-    requests_session: Optional[requests.Session] = None
+-    """Instance of `requests.Session` with configuration options."""
++    """
++
++    def __init__(
++        self,
++        verify_ssl: Union[bool, str] = True,
++        client_cert: Union[None, str, Tuple[str, str]] = None,
++        timeout: Union[float, Tuple[float, float]] = 5,
++        requests_session: Optional[requests.Session] = None,
++    ):
++        super().__init__(
++            verify_ssl=verify_ssl, client_cert=client_cert, timeout=timeout
++        )
++        # For session persistence
++        self.requests_session = requests_session
+ 
+ 
+ class OauthClientSettings(ClientSettings):
+@@ -82,3 +131,6 @@ class OauthProviderSettings(OauthServerSettings):
+ 
+ class OicProviderSettings(OicServerSettings):
+     """Specific settings for OpenID Connect provider."""
++
++    # TODO: Decide on inheritance...
++    # It might be better to have a mixin providing OIC specific stuff?
+-- 
+2.34.1
+

python/python3-pyoidc/debian/all/deb_folder/patches/series

@@ -0,0 +1,2 @@
+0001-Revert-move-to-pydantic-settings-from-pydantic.patch
+0002-Revert-improve-settings-by-using-pydantic.patch

python/python3-pyoidc/debian/all/deb_folder/python3-pyoidc.dirs

@@ -0,0 +1,2 @@
+usr/bin
+usr/lib

python/python3-pyoidc/debian/all/deb_folder/source/format

@@ -0,0 +1 @@
+3.0 (native)

python/python3-pyoidc/debian/all/meta_data.yaml

@@ -0,0 +1,10 @@
+---
+debname: pyoidc
+debver: 1.6.1
+dl_path:
+  name: pyoidc-1.6.1.tar.gz
+  url: https://github.com/CZ-NIC/pyoidc/archive/refs/tags/1.6.1.tar.gz
+  sha256sum: f62e44dce989df45eb429d1e7d50c6435b19cceff857c038a36ee68712e697ec
+revision:
+  dist: $STX_DIST
+  PKG_GITREVCOUNT: true