def test_valid_id_token(app):
"""
Create a token and then validate it and make sure there are no exceptions
"""
issuer = app.config.get('BASE_URL')
keypair = app.keypairs[0]
client_id = "client_12345"
user = User(username='******', is_admin=False)
expires_in = 2592000
nonce = "a1b2c3d4e5f6g7h8i9j0k!l@#n$%^q&*stuvwxyz"
max_age = None
signed_token = create_id_token(
user=user, keypair=keypair, expires_in=expires_in,
client_id=client_id, audiences=[client_id],
auth_time=None, max_age=max_age, nonce=nonce
)
unsigned_token = UnsignedIDToken.from_signed_and_encoded_token(
signed_token, client_id=client_id, issuer=issuer,
max_age=max_age, nonce=nonce)
unsigned_token.validate(
issuer=issuer, client_id=client_id, max_age=max_age, nonce=nonce
)
assert True
def test_valid_id_token_without_nonce(app):
"""
Create a token and then validate it and make sure there are no exceptions
when a nonce is not provided.
"""
issuer = app.config.get('BASE_URL')
keypair = app.keypairs[0]
client_id = "client_12345"
user = User(username='******', is_admin=False)
expires_in = 2592000
nonce = None
max_age = None
signed_token = create_id_token(
user=user, keypair=keypair, expires_in=expires_in,
client_id=client_id, audiences=[client_id],
auth_time=None, max_age=max_age, nonce=nonce
)
unsigned_token = UnsignedIDToken.from_signed_and_encoded_token(
signed_token, client_id=client_id, issuer=issuer,
max_age=max_age, nonce=nonce)
unsigned_token.validate(
issuer=issuer, client_id=client_id, max_age=max_age, nonce=nonce
)
assert not unsigned_token.token.get("nonce")
def test_valid_id_token_without_nonce(app):
"""
Create a token and then validate it and make sure there are no exceptions
when a nonce is not provided.
"""
issuer = config.get("BASE_URL")
keypair = app.keypairs[0]
client_id = "client_12345"
user = User(username="******", is_admin=False)
expires_in = 2592000
nonce = None
max_age = None
token_result = generate_signed_id_token(
keypair.kid,
keypair.private_key,
user,
expires_in,
client_id,
audiences=[client_id],
auth_time=None,
max_age=None,
nonce=None,
)
unsigned_token = UnsignedIDToken.from_signed_and_encoded_token(
token_result.token,
client_id=client_id,
issuer=issuer,
max_age=max_age,
nonce=nonce,
)
unsigned_token.validate()
assert not unsigned_token.get("nonce")
def test_valid_id_token(app):
"""
Create a token and then validate it and make sure there are no exceptions
"""
issuer = config.get("BASE_URL")
keypair = app.keypairs[0]
client_id = "client_12345"
user = User(username="******", is_admin=False)
expires_in = 2592000
nonce = "a1b2c3d4e5f6g7h8i9j0k!l@#n$%^q&*stuvwxyz"
max_age = None
token_result = generate_signed_id_token(
keypair.kid,
keypair.private_key,
user,
expires_in,
client_id,
audiences=[client_id],
auth_time=None,
max_age=None,
nonce=None,
)
unsigned_token = UnsignedIDToken.from_signed_and_encoded_token(
token_result.token,
client_id=client_id,
issuer=issuer,
max_age=max_age,
nonce=nonce,
)
unsigned_token.validate()
def test_recode_id_token(app, kid, rsa_private_key):
"""
Test that after signing, unsigning, re-signing, and unsigning again,
the contents of the ID Token that should be the same, are.
"""
issuer = config.get("BASE_URL")
keypair = app.keypairs[0]
client_id = "client_12345"
user = User(username="******", is_admin=False)
expires_in = 2592000
nonce = "a1b2c3d4e5f6g7h8i9j0k!l@#n$%^q&*stuvwxyz"
max_age = None
original_signed_token = generate_signed_id_token(
keypair.kid,
keypair.private_key,
user,
expires_in,
client_id,
audiences=[client_id],
auth_time=None,
max_age=max_age,
nonce=nonce,
)
original_unsigned_token = UnsignedIDToken.from_signed_and_encoded_token(
original_signed_token.token,
client_id=client_id,
issuer=issuer,
max_age=max_age,
nonce=nonce,
)
new_signed_token = original_unsigned_token.get_signed_and_encoded_token(
kid, rsa_private_key)
new_unsigned_token = UnsignedIDToken.from_signed_and_encoded_token(
new_signed_token,
client_id=client_id,
issuer=issuer,
max_age=max_age,
nonce=nonce,
)
assert original_unsigned_token.iss == new_unsigned_token.iss
assert original_unsigned_token.sub == new_unsigned_token.sub
assert original_unsigned_token.aud == new_unsigned_token.aud
assert original_unsigned_token.azp == new_unsigned_token.azp
assert original_unsigned_token.nonce == new_unsigned_token.nonce
def test_recode_id_token(app, private_key):
"""
Test that after signing, unsigning, re-signing, and unsigning again,
the contents of the ID Token that should be the same, are.
"""
kid = test_settings.JWT_KEYPAIR_FILES.keys()[0]
issuer = app.config.get('BASE_URL')
keypair = app.keypairs[0]
client_id = "client_12345"
user = User(username='******', is_admin=False)
expires_in = 2592000
nonce = "a1b2c3d4e5f6g7h8i9j0k!l@#n$%^q&*stuvwxyz"
max_age = None
original_signed_token = create_id_token(
user=user, keypair=keypair, expires_in=expires_in,
client_id=client_id, audiences=[client_id],
auth_time=None, max_age=max_age, nonce=nonce
)
original_unsigned_token = UnsignedIDToken.from_signed_and_encoded_token(
original_signed_token, client_id=client_id, issuer=issuer,
max_age=max_age, nonce=nonce)
new_signed_token = original_unsigned_token.get_signed_and_encoded_token(
kid, private_key
)
new_unsigned_token = UnsignedIDToken.from_signed_and_encoded_token(
new_signed_token, client_id=client_id, issuer=issuer,
max_age=max_age, nonce=nonce
)
assert original_unsigned_token.iss == new_unsigned_token.iss
assert original_unsigned_token.sub == new_unsigned_token.sub
assert original_unsigned_token.aud == new_unsigned_token.aud
assert original_unsigned_token.azp == new_unsigned_token.azp
assert original_unsigned_token.nonce == new_unsigned_token.nonce