def test_logout_handles_provider_without_end_session_endpoint(self):
post_logout_uri = 'https://client.example.com/post_logout'
authn = OIDCAuthentication(self.app,
provider_configuration_info={'issuer': ISSUER},
client_registration_info={'client_id': 'foo',
'post_logout_redirect_uris': [post_logout_uri]})
id_token = IdToken(**{'sub': 'sub1', 'nonce': 'nonce'})
with self.app.test_request_context('/logout'):
flask.session['access_token'] = 'abcde'
flask.session['userinfo'] = {'foo': 'bar', 'abc': 'xyz'}
flask.session['id_token'] = id_token.to_dict()
flask.session['id_token_jwt'] = id_token.to_jwt()
end_session_redirect = authn._logout()
assert all(k not in flask.session for k in ['access_token', 'userinfo', 'id_token', 'id_token_jwt'])
assert end_session_redirect is None
def test_logout_handles_provider_without_end_session_endpoint(self):
post_logout_uri = 'https://client.example.com/post_logout'
authn = OIDCAuthentication(
self.app,
provider_configuration_info={'issuer': ISSUER},
client_registration_info={
'client_id': 'foo',
'post_logout_redirect_uris': [post_logout_uri]
})
id_token = IdToken(**{'sub': 'sub1', 'nonce': 'nonce'})
with self.app.test_request_context('/logout'):
flask.session['access_token'] = 'abcde'
flask.session['userinfo'] = {'foo': 'bar', 'abc': 'xyz'}
flask.session['id_token'] = id_token.to_dict()
flask.session['id_token_jwt'] = id_token.to_jwt()
end_session_redirect = authn._logout()
assert all(
k not in flask.session for k in
['access_token', 'userinfo', 'id_token', 'id_token_jwt'])
assert end_session_redirect is None
def test_logout(self):
end_session_endpoint = 'https://provider.example.com/end_session'
post_logout_uri = 'https://client.example.com/post_logout'
authn = OIDCAuthentication(self.app,
provider_configuration_info={
'issuer': ISSUER,
'end_session_endpoint':
end_session_endpoint
},
client_registration_info={
'client_id':
'foo',
'post_logout_redirect_uris':
[post_logout_uri]
})
id_token = IdToken(**{'sub': 'sub1', 'nonce': 'nonce'})
with self.app.test_request_context('/logout'):
flask.session['access_token'] = 'abcde'
flask.session['userinfo'] = {'foo': 'bar', 'abc': 'xyz'}
flask.session['id_token'] = id_token.to_dict()
flask.session['id_token_jwt'] = id_token.to_jwt()
end_session_redirect = authn._logout()
assert all(
k not in flask.session for k in
['access_token', 'userinfo', 'id_token', 'id_token_jwt'])
assert end_session_redirect.status_code == 303
assert end_session_redirect.headers['Location'].startswith(
end_session_endpoint)
parsed_request = dict(
parse_qsl(
urlparse(end_session_redirect.headers['Location']).query))
assert parsed_request['state'] == flask.session[
'end_session_state']
assert parsed_request['id_token_hint'] == id_token.to_jwt()
assert parsed_request[
'post_logout_redirect_uri'] == post_logout_uri
def test_logout(self):
end_session_endpoint = 'https://provider.example.com/end_session'
post_logout_uri = 'https://client.example.com/post_logout'
authn = OIDCAuthentication(self.app,
provider_configuration_info={'issuer': ISSUER,
'end_session_endpoint': end_session_endpoint},
client_registration_info={'client_id': 'foo',
'post_logout_redirect_uris': [post_logout_uri]})
id_token = IdToken(**{'sub': 'sub1', 'nonce': 'nonce'})
with self.app.test_request_context('/logout'):
flask.session['access_token'] = 'abcde'
flask.session['userinfo'] = {'foo': 'bar', 'abc': 'xyz'}
flask.session['id_token'] = id_token.to_dict()
flask.session['id_token_jwt'] = id_token.to_jwt()
end_session_redirect = authn._logout()
assert all(k not in flask.session for k in ['access_token', 'userinfo', 'id_token', 'id_token_jwt'])
assert end_session_redirect.status_code == 303
assert end_session_redirect.headers['Location'].startswith(end_session_endpoint)
parsed_request = dict(parse_qsl(urlparse(end_session_redirect.headers['Location']).query))
assert parsed_request['state'] == flask.session['end_session_state']
assert parsed_request['id_token_hint'] == id_token.to_jwt()
assert parsed_request['post_logout_redirect_uri'] == post_logout_uri
