def test_oauth2_password_credentials_flow_token_is_expired_after_30_seconds_by_default(
token_cache, httpx_mock: HTTPXMock):
auth = httpx_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://provide_access_token",
username="******",
password="******")
# Add a token that expires in 29 seconds, so should be considered as expired when issuing the request
token_cache._add_token(
key=
"db2be9203dd2718c7285319dde1270056808482fbf7fffa6a9362d092d1cf799b393dd15140ea13e4d76d1603e56390a6222ff7063736a1b686d317706b2c001",
token="2YotnFZFEjr1zCsicMWpAA",
expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29),
)
# Meaning a new one will be requested
httpx_mock.add_response(
method="POST",
url="http://provide_access_token",
json={
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
match_content=
b"grant_type=password&username=test_user&password=test_pwd",
)
assert (get_header(
httpx_mock,
auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_oauth2_password_credentials_flow_uses_provided_client(
token_cache, httpx_mock: HTTPXMock):
client = httpx.Client(headers={"x-test": "Test value"})
auth = httpx_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://provide_access_token",
username="******",
password="******",
client=client,
)
httpx_mock.add_response(
method="POST",
url="http://provide_access_token",
json={
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
match_content=
b"grant_type=password&username=test_user&password=test_pwd",
match_headers={"x-test": "Test value"},
)
assert (get_header(
httpx_mock,
auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_oauth2_resource_owner_password_and_multiple_authentication_can_be_combined(
token_cache, httpx_mock: HTTPXMock
):
resource_owner_password_auth = httpx_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://provide_access_token", username="******", password="******"
)
httpx_mock.add_response(
method="POST",
url="http://provide_access_token",
json={
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
)
api_key_auth = httpx_auth.HeaderApiKey("my_provided_api_key")
api_key_auth2 = httpx_auth.HeaderApiKey(
"my_provided_api_key2", header_name="X-Api-Key2"
)
header = get_header(
httpx_mock, resource_owner_password_auth & (api_key_auth & api_key_auth2)
)
assert header.get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA"
assert header.get("X-Api-Key") == "my_provided_api_key"
assert header.get("X-Api-Key2") == "my_provided_api_key2"
def test_header_value_must_contains_token():
with pytest.raises(Exception) as exception_info:
httpx_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://test_url",
"test_user",
"test_pwd",
header_value="Bearer token")
assert str(exception_info.value
) == "header_value parameter must contains {token}."
def test_with_invalid_grant_request_no_json(token_cache,
httpx_mock: HTTPXMock):
auth = httpx_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://provide_access_token",
username="******",
password="******")
httpx_mock.add_response(method="POST",
url="http://provide_access_token",
data="failure",
status_code=400)
with pytest.raises(httpx_auth.InvalidGrantRequest) as exception_info:
httpx.get("http://authorized_only", auth=auth)
assert str(exception_info.value) == "failure"
def test_with_invalid_grant_request_invalid_request_error_and_error_description(
token_cache, httpx_mock: HTTPXMock):
auth = httpx_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://provide_access_token",
username="******",
password="******")
httpx_mock.add_response(
method="POST",
url="http://provide_access_token",
json={
"error": "invalid_request",
"error_description": "desc of the error"
},
status_code=400,
)
with pytest.raises(httpx_auth.InvalidGrantRequest) as exception_info:
httpx.get("http://authorized_only", auth=auth)
assert str(exception_info.value) == "invalid_request: desc of the error"
def test_oauth2_password_credentials_flow_token_custom_expiry(
token_cache, httpx_mock: HTTPXMock):
auth = httpx_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://provide_access_token",
username="******",
password="******",
early_expiry=28,
)
# Add a token that expires in 29 seconds, so should be considered as not expired when issuing the request
token_cache._add_token(
key=
"db2be9203dd2718c7285319dde1270056808482fbf7fffa6a9362d092d1cf799b393dd15140ea13e4d76d1603e56390a6222ff7063736a1b686d317706b2c001",
token="2YotnFZFEjr1zCsicMWpAA",
expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29),
)
assert (get_header(
httpx_mock,
auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_with_invalid_grant_request_unsupported_grant_type_error(
token_cache, httpx_mock: HTTPXMock):
auth = httpx_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://provide_access_token",
username="******",
password="******")
httpx_mock.add_response(
method="POST",
url="http://provide_access_token",
json={"error": "unsupported_grant_type"},
status_code=400,
)
with pytest.raises(httpx_auth.InvalidGrantRequest) as exception_info:
httpx.get("http://authorized_only", auth=auth)
assert (
str(exception_info.value) ==
"unsupported_grant_type: The authorization grant type is not supported by the "
"authorization server.")
def test_with_invalid_grant_request_invalid_scope_error(
token_cache, httpx_mock: HTTPXMock):
auth = httpx_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://provide_access_token",
username="******",
password="******")
httpx_mock.add_response(
method="POST",
url="http://provide_access_token",
json={"error": "invalid_scope"},
status_code=400,
)
with pytest.raises(httpx_auth.InvalidGrantRequest) as exception_info:
httpx.get("http://authorized_only", auth=auth)
assert (
str(exception_info.value) ==
"invalid_scope: The requested scope is invalid, unknown, malformed, or "
"exceeds the scope granted by the resource owner.")
def test_with_invalid_grant_request_invalid_request_error(
token_cache, httpx_mock: HTTPXMock):
auth = httpx_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://provide_access_token",
username="******",
password="******")
httpx_mock.add_response(
method="POST",
url="http://provide_access_token",
json={"error": "invalid_request"},
status_code=400,
)
with pytest.raises(httpx_auth.InvalidGrantRequest) as exception_info:
httpx.get("http://authorized_only", auth=auth)
assert (
str(exception_info.value) ==
"invalid_request: The request is missing a required parameter, includes an "
"unsupported parameter value (other than grant type), repeats a parameter, "
"includes multiple credentials, utilizes more than one mechanism for "
"authenticating the client, or is otherwise malformed.")
def test_expires_in_sent_as_str(token_cache, httpx_mock: HTTPXMock):
auth = httpx_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://provide_access_token",
username="******",
password="******")
httpx_mock.add_response(
method="POST",
url="http://provide_access_token",
json={
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": "3600",
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
match_content=
b"grant_type=password&username=test_user&password=test_pwd")
assert (get_header(
httpx_mock,
auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_with_invalid_grant_request_invalid_grant_error(
token_cache, httpx_mock: HTTPXMock):
auth = httpx_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://provide_access_token",
username="******",
password="******")
httpx_mock.add_response(
method="POST",
url="http://provide_access_token",
json={"error": "invalid_grant"},
status_code=400,
)
with pytest.raises(httpx_auth.InvalidGrantRequest) as exception_info:
httpx.get("http://authorized_only", auth=auth)
assert (
str(exception_info.value) ==
"invalid_grant: The provided authorization grant (e.g., authorization code, "
"resource owner credentials) or refresh token is invalid, expired, revoked, "
"does not match the redirection URI used in the authorization request, or was "
"issued to another client.")
def test_with_invalid_grant_request_invalid_request_error_and_error_description_and_uri_and_other_fields(
token_cache, httpx_mock: HTTPXMock):
auth = httpx_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://provide_access_token",
username="******",
password="******")
httpx_mock.add_response(
method="POST",
url="http://provide_access_token",
json={
"error": "invalid_request",
"error_description": "desc of the error",
"error_uri": "http://test_url",
"other": "other info",
},
status_code=400,
)
with pytest.raises(httpx_auth.InvalidGrantRequest) as exception_info:
httpx.get("http://authorized_only", auth=auth)
assert (
str(exception_info.value) ==
f"invalid_request: desc of the error\nMore information can be found on http://test_url\nAdditional information: {{'other': 'other info'}}"
)
def test_with_invalid_grant_request_invalid_client_error(
token_cache, httpx_mock: HTTPXMock):
auth = httpx_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://provide_access_token",
username="******",
password="******")
httpx_mock.add_response(
method="POST",
url="http://provide_access_token",
json={"error": "invalid_client"},
status_code=400,
)
with pytest.raises(httpx_auth.InvalidGrantRequest) as exception_info:
httpx.get("http://authorized_only", auth=auth)
assert (
str(exception_info.value) ==
"invalid_client: Client authentication failed (e.g., unknown client, no "
"client authentication included, or unsupported authentication method). The "
"authorization server MAY return an HTTP 401 (Unauthorized) status code to "
"indicate which HTTP authentication schemes are supported. If the client "
'attempted to authenticate via the "Authorization" request header field, the '
"authorization server MUST respond with an HTTP 401 (Unauthorized) status "
'code and include the "WWW-Authenticate" response header field matching the '
"authentication scheme used by the client.")
def test_without_expected_token(token_cache, httpx_mock: HTTPXMock):
auth = httpx_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://provide_access_token",
username="******",
password="******",
token_field_name="not_provided",
)
httpx_mock.add_response(
method="POST",
url="http://provide_access_token",
json={
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
)
with pytest.raises(httpx_auth.GrantNotProvided) as exception_info:
httpx.get("http://authorized_only", auth=auth)
assert (
str(exception_info.value) ==
"not_provided not provided within {'access_token': '2YotnFZFEjr1zCsicMWpAA', 'token_type': 'example', 'expires_in': 3600, 'refresh_token': 'tGzv3JOkF0XG5Qx2TlKWIA', 'example_parameter': 'example_value'}."
)
def test_password_is_mandatory():
with pytest.raises(Exception) as exception_info:
httpx_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://test_url", "test_user", "")
assert str(exception_info.value) == "Password is mandatory."
def test_token_url_is_mandatory():
with pytest.raises(Exception) as exception_info:
httpx_auth.OAuth2ResourceOwnerPasswordCredentials(
"", "test_user", "test_pwd")
assert str(exception_info.value) == "Token URL is mandatory."
