Python Consumer.client_secret Beispiele

Beispiel #1

def test_userinfo_endpoint():
    server = provider_init

    _session_db = {}
    cons = Consumer(_session_db,
                    CONSUMER_CONFIG,
                    CLIENT_CONFIG,
                    server_info=SERVER_INFO)
    cons.debug = True
    cons.client_secret = "drickyoughurt"
    cons.config["response_type"] = ["token"]
    cons.config["request_method"] = "parameter"
    cons.keyjar[""] = KC_RSA

    state, location = cons.begin("openid",
                                 "token",
                                 path="http://localhost:8087")

    resp = server.authorization_endpoint(request=location.split("?")[1])

    line = resp.message
    path, query = line.split("#")

    # redirect
    atr = AuthorizationResponse().deserialize(query, "urlencoded")

    uir = UserInfoRequest(access_token=atr["access_token"], schema="openid")

    resp3 = server.userinfo_endpoint(request=uir.to_urlencoded())
    ident = OpenIDSchema().deserialize(resp3.message, "json")
    print ident.keys()
    assert _eq(ident.keys(), ['nickname', 'sub', 'name', 'email'])

Beispiel #2

Datei: test_oic_consumer.py Projekt: minhoryang/pyoidc

def test_faulty_idtoken_from_accesstoken_endpoint():
    consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
                        CLIENT_CONFIG, SERVER_INFO)
    consumer.keyjar = CLIKEYS
    mfos = MITMServer("http://localhost:8088")
    mfos.keyjar = SRVKEYS
    consumer.http_request = mfos.http_request
    consumer.redirect_uris = ["http://example.com/authz"]
    _state = "state0"
    consumer.nonce = rndstr()
    consumer.client_secret = "hemlig"
    consumer.secret_type = "basic"
    consumer.config["response_type"] = ["id_token"]

    args = {
        "client_id": consumer.client_id,
        "response_type": consumer.config["response_type"],
        "scope": ["openid"],
    }

    result = consumer.do_authorization_request(state=_state, request_args=args)
    consumer._backup("state0")

    assert result.status_code == 302
    # assert result.location.startswith(consumer.redirect_uri[0])
    _, query = result.headers["location"].split("?")
    print query
    try:
        consumer.parse_authz(query=query)
    except BadSignature:
        pass
    else:
        assert False

Beispiel #3

Datei: test_oic_consumer.py Projekt: ghedin/pyoidc

def test_complete_secret_auth():
    consumer = Consumer(SessionDB(), CONFIG, CLIENT_CONFIG, SERVER_INFO)
    mfos = MyFakeOICServer("http://localhost:8088")
    mfos.keyjar = SRVKEYS
    consumer.http_request = mfos.http_request
    consumer.redirect_uris = ["http://example.com/authz"]
    consumer.state = "state0"
    consumer.nonce = rndstr()
    consumer.client_secret = "hemlig"
    consumer.secret_type = "basic"
    del consumer.config["password"]

    args = {
        "client_id": consumer.client_id,
        "response_type": "code",
        "scope": ["openid"],
    }

    result = consumer.do_authorization_request(state=consumer.state,
                                               request_args=args)
    assert result.status_code == 302
    assert result.headers["location"].startswith(consumer.redirect_uris[0])
    _, query = result.headers["location"].split("?")

    consumer.parse_response(AuthorizationResponse, info=query,
                            sformat="urlencoded")

    resp = consumer.complete()
    print resp
    assert resp.type() == "AccessTokenResponse"
    print resp.keys()
    assert _eq(resp.keys(), ['token_type', 'state', 'access_token',
                             'scope', 'expires_in', 'refresh_token'])

    assert resp["state"] == consumer.state

Beispiel #4

Datei: test_oic_provider.py Projekt: biancini/pyoidc

def test_userinfo_endpoint():
    server = provider_init

    _session_db = {}
    cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG,
                    server_info=SERVER_INFO)
    cons.debug = True
    cons.client_secret = "drickyoughurt"
    cons.config["response_type"] = ["token"]
    cons.config["request_method"] = "parameter"
    cons.keyjar[""] = KC_RSA

    location = cons.begin("openid", "token", path="http://localhost:8087")

    resp = server.authorization_endpoint(request=location.split("?")[1])

    line = resp.message
    path, query = line.split("?")

    # redirect
    atr = AuthorizationResponse().deserialize(query, "urlencoded")

    uir = UserInfoRequest(access_token=atr["access_token"], schema="openid")

    resp3 = server.userinfo_endpoint(request=uir.to_urlencoded())
    ident = OpenIDSchema().deserialize(resp3.message, "json")
    print ident.keys()
    assert _eq(ident.keys(), ['nickname', 'sub', 'name', 'email'])
    assert ident["sub"] == USERDB["username"]["sub"]

Beispiel #5

Datei: FakeOp.py Projekt: borgand/SATOSA

    def setup_userinfo_endpoint(self):
        cons = Consumer({}, CONSUMER_CONFIG, {"client_id": CLIENT_ID},
                        server_info=SERVER_INFO, )
        cons.behaviour = {
            "request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]}
        cons.keyjar[""] = KC_RSA

        cons.client_secret = "drickyoughurt"
        state, location = cons.begin("openid", "token",
                                     path=TestConfiguration.get_instance().rp_base)

        resp = self.provider.authorization_endpoint(
            request=urlparse(location).query)

        # redirect
        atr = AuthorizationResponse().deserialize(
            urlparse(resp.message).fragment, "urlencoded")

        uir = UserInfoRequest(access_token=atr["access_token"], schema="openid")
        resp = self.provider.userinfo_endpoint(request=uir.to_urlencoded())
        responses.add(
            responses.POST,
            self.op_base + "userinfo",
            body=resp.message,
            status=200,
            content_type='application/json')

Beispiel #6

Datei: test_oic_consumer.py Projekt: imsoftware/pyoidc

def test_userinfo():
    consumer = Consumer(SessionDB(), CONFIG, CLIENT_CONFIG, SERVER_INFO)
    mfos = MyFakeOICServer(SRVKEYS, "http://localhost:8088")
    consumer.http_request = mfos.http_request
    consumer.redirect_uris = ["http://example.com/authz"]
    consumer.state = "state0"
    consumer.nonce = rndstr()
    consumer.client_secret = "hemlig"
    consumer.secret_type = "basic"

    args = {
        "client_id": consumer.client_id,
        "response_type": "code",
        "scope": ["openid"],
    }

    result = consumer.do_authorization_request(state=consumer.state,
                                               request_args=args)
    assert result.status_code == 302
    assert result.headers["location"].startswith(consumer.redirect_uris[0])
    _, query = result.headers["location"].split("?")

    consumer.parse_response(AuthorizationResponse, info=query,
                            format="urlencoded")

    consumer.complete()

    result = consumer.get_user_info()
    print result
    assert result.type() == "OpenIDSchema"
    assert _eq(result.keys(), ['name', 'email', 'verified', 'nickname'])

Beispiel #7

Datei: test_oic_consumer.py Projekt: programDEV/pyoidc

def test_complete_secret_auth():
    consumer = Consumer(SessionDB(), CONFIG, CLIENT_CONFIG, SERVER_INFO)
    mfos = MyFakeOICServer("http://localhost:8088")
    mfos.keyjar = SRVKEYS
    consumer.http_request = mfos.http_request
    consumer.redirect_uris = ["http://example.com/authz"]
    consumer.state = "state0"
    consumer.nonce = rndstr()
    consumer.client_secret = "hemlig"
    consumer.secret_type = "basic"
    del consumer.config["password"]

    args = {
        "client_id": consumer.client_id,
        "response_type": "code",
        "scope": ["openid"],
    }

    result = consumer.do_authorization_request(state=consumer.state,
                                               request_args=args)
    assert result.status_code == 302
    assert result.headers["location"].startswith(consumer.redirect_uris[0])
    _, query = result.headers["location"].split("?")

    consumer.parse_response(AuthorizationResponse, info=query,
                            sformat="urlencoded")

    resp = consumer.complete()
    print resp
    assert resp.type() == "AccessTokenResponse"
    print resp.keys()
    assert _eq(resp.keys(), ['token_type', 'state', 'access_token',
                             'scope', 'expires_in', 'refresh_token'])

    assert resp["state"] == consumer.state

Beispiel #8

Datei: FakeOp.py Projekt: borgand/SATOSA

    def setup_userinfo_endpoint(self):
        cons = Consumer(
            {},
            CONSUMER_CONFIG,
            {"client_id": CLIENT_ID},
            server_info=SERVER_INFO,
        )
        cons.behaviour = {
            "request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]
        }
        cons.keyjar[""] = KC_RSA

        cons.client_secret = "drickyoughurt"
        state, location = cons.begin(
            "openid", "token", path=TestConfiguration.get_instance().rp_base)

        resp = self.provider.authorization_endpoint(
            request=urlparse(location).query)

        # redirect
        atr = AuthorizationResponse().deserialize(
            urlparse(resp.message).fragment, "urlencoded")

        uir = UserInfoRequest(access_token=atr["access_token"],
                              schema="openid")
        resp = self.provider.userinfo_endpoint(request=uir.to_urlencoded())
        responses.add(responses.POST,
                      self.op_base + "userinfo",
                      body=resp.message,
                      status=200,
                      content_type='application/json')

Beispiel #9

Datei: test_oic_consumer.py Projekt: dallerbarn/pyoidc

def test_faulty_idtoken_from_accesstoken_endpoint():
    consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
                        CLIENT_CONFIG, SERVER_INFO)
    consumer.keyjar = CLIKEYS
    mfos = MITMServer("http://localhost:8088")
    mfos.keyjar = SRVKEYS
    consumer.http_request = mfos.http_request
    consumer.redirect_uris = ["http://example.com/authz"]
    _state = "state0"
    consumer.nonce = rndstr()
    consumer.client_secret = "hemlig"
    consumer.secret_type = "basic"
    consumer.config["response_type"] = ["id_token"]

    args = {
        "client_id": consumer.client_id,
        "response_type": consumer.config["response_type"],
        "scope": ["openid"],
    }

    result = consumer.do_authorization_request(state=_state,
                                               request_args=args)
    consumer._backup("state0")

    assert result.status_code == 302
    # assert result.location.startswith(consumer.redirect_uri[0])
    _, query = result.headers["location"].split("?")
    print query
    try:
        consumer.parse_authz(query=query)
    except BadSignature:
        pass
    else:
        assert False

Beispiel #10

Datei: test_oic_consumer.py Projekt: minhoryang/pyoidc

def test_complete_auth_token_idtoken():
    consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
                        CLIENT_CONFIG, SERVER_INFO)
    consumer.keyjar = CLIKEYS
    mfos = MyFakeOICServer("http://localhost:8088")
    mfos.keyjar = SRVKEYS
    consumer.http_request = mfos.http_request
    consumer.redirect_uris = ["http://example.com/authz"]
    _state = "state0"
    consumer.nonce = rndstr()
    consumer.client_secret = "hemlig"
    consumer.secret_type = "basic"
    consumer.config["response_type"] = ["id_token", "token"]
    consumer.registration_response = {
        "id_token_signed_response_alg": "RS256",
    }
    consumer.provider_info = {"issuer": "http://localhost:8088/"}  # abs min
    consumer.authz_req = {}  # Store AuthzReq with state as key

    args = {
        "client_id": consumer.client_id,
        "response_type": consumer.config["response_type"],
        "scope": ["openid"],
    }

    result = consumer.do_authorization_request(state=_state, request_args=args)
    # consumer._backup("state0")

    assert result.status_code == 302
    #assert result.location.startswith(consumer.redirect_uri[0])
    _, query = result.headers["location"].split("?")
    print query
    part = consumer.parse_authz(query=query,
                                algs=consumer.sign_enc_algs("id_token"))
    print part
    auth = part[0]
    atr = part[1]
    assert part[2] is None

    #print auth.dictionary()
    #print acc.dictionary()
    assert auth is None
    assert atr.type() == "AccessTokenResponse"
    assert _eq(atr.keys(), [
        'access_token', 'id_token', 'expires_in', 'token_type', 'state',
        'scope'
    ])

    consumer.verify_id_token(atr["id_token"], consumer.authz_req[atr["state"]])

Beispiel #11

Datei: test_oic_consumer.py Projekt: dallerbarn/pyoidc

def test_complete_auth_token_idtoken():
    consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
                        CLIENT_CONFIG, SERVER_INFO)
    consumer.keyjar = CLIKEYS
    mfos = MyFakeOICServer("http://localhost:8088")
    mfos.keyjar = SRVKEYS
    consumer.http_request = mfos.http_request
    consumer.redirect_uris = ["http://example.com/authz"]
    _state = "state0"
    consumer.nonce = rndstr()
    consumer.client_secret = "hemlig"
    consumer.secret_type = "basic"
    consumer.config["response_type"] = ["id_token", "token"]
    consumer.registration_response = {
        "id_token_signed_response_alg": "RS256",
    }
    consumer.provider_info = {"issuer": "http://localhost:8088/"}  # abs min
    consumer.authz_req = {}  # Store AuthzReq with state as key

    args = {
        "client_id": consumer.client_id,
        "response_type": consumer.config["response_type"],
        "scope": ["openid"],
    }

    result = consumer.do_authorization_request(state=_state,
                                               request_args=args)
    # consumer._backup("state0")

    assert result.status_code == 302
    #assert result.location.startswith(consumer.redirect_uri[0])
    _, query = result.headers["location"].split("?")
    print query
    part = consumer.parse_authz(query=query,
                                algs=consumer.sign_enc_algs("id_token"))
    print part
    auth = part[0]
    atr = part[1]
    assert part[2] is None


    #print auth.dictionary()
    #print acc.dictionary()
    assert auth is None
    assert atr.type() == "AccessTokenResponse"
    assert _eq(atr.keys(), ['access_token', 'id_token', 'expires_in',
                            'token_type', 'state', 'scope'])

    consumer.verify_id_token(atr["id_token"], consumer.authz_req[atr["state"]])

Beispiel #12

Datei: test_oic_consumer.py Projekt: minhoryang/pyoidc

def test_complete_auth_token():
    consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
                        CLIENT_CONFIG, SERVER_INFO)
    mfos = MyFakeOICServer("http://localhost:8088")
    mfos.keyjar = SRVKEYS
    consumer.http_request = mfos.http_request
    consumer.redirect_uris = ["http://example.com/authz"]
    _state = "state0"
    consumer.nonce = rndstr()
    consumer.client_secret = "hemlig"
    consumer.secret_type = "basic"
    consumer.config["response_type"] = ["code", "token"]

    args = {
        "client_id": consumer.client_id,
        "response_type": consumer.config["response_type"],
        "scope": ["openid"],
    }

    result = consumer.do_authorization_request(state=_state, request_args=args)
    consumer._backup("state0")

    assert result.status_code == 302
    # assert result.location.startswith(consumer.redirect_uri[0])
    _, query = result.headers["location"].split("?")
    print query
    part = consumer.parse_authz(query=query)
    print part
    auth = part[0]
    acc = part[1]
    assert part[2] is None

    #print auth.dictionary()
    #print acc.dictionary()
    assert auth.type() == "AuthorizationResponse"
    assert acc.type() == "AccessTokenResponse"
    print auth.keys()
    assert _eq(auth.keys(), [
        'code', 'access_token', 'expires_in', 'token_type', 'state', 'scope',
        'refresh_token'
    ])
    assert _eq(acc.keys(), [
        'token_type', 'state', 'access_token', 'scope', 'expires_in',
        'refresh_token'
    ])

Beispiel #13

Datei: test_oic_provider.py Projekt: asheidan/pyoidc

def test_userinfo_endpoint():
    server = provider_init

    _session_db = {}
    cons = Consumer(_session_db, CONSUMER_CONFIG, CLIENT_CONFIG,
                    server_info=SERVER_INFO)
    cons.debug = True
    cons.client_secret = "drickyoughurt"
    cons.config["response_type"] = ["token"]
    cons.config["request_method"] = "parameter"
    cons.keyjar[""] = KC_RSA

    environ = BASE_ENVIRON

    location = cons.begin(environ, start_response)

    environ = BASE_ENVIRON.copy()
    environ["QUERY_STRING"] = location.split("?")[1]

    resp = server.authorization_endpoint(environ, start_response)

    sid = resp[0][len("<form>"):-len("</form>")]
    environ2 = create_return_form_env("user", "password", sid)

    resp2 = server.authenticated(environ2, start_response)
    line = resp2[0]
    start = line.index("<title>")
    start += len("<title>Redirecting to ")
    stop = line.index("</title>")
    path, query = line[start:stop].split("?")

    # redirect
    atr = AuthorizationResponse().deserialize(query, "urlencoded")

    uir = UserInfoRequest(access_token=atr["access_token"], schema="openid")

    environ = BASE_ENVIRON.copy()
    environ["QUERY_STRING"] = uir.to_urlencoded()

    resp3 = server.userinfo_endpoint(environ, start_response)
    ident = OpenIDSchema().deserialize(resp3[0], "json")
    print ident.keys()
    assert _eq(ident.keys(), ['nickname', 'sub', 'name', 'email'])
    assert ident["sub"] == USERDB["user"]["sub"]

Beispiel #14

Datei: test_oic_consumer.py Projekt: asheidan/pyoidc

def test_complete_auth_token():
    consumer = Consumer(SessionDB(), CONFIG, CLIENT_CONFIG, SERVER_INFO)
    mfos = MyFakeOICServer("http://localhost:8088")
    mfos.keyjar = SRVKEYS
    consumer.http_request = mfos.http_request
    consumer.redirect_uris = ["http://example.com/authz"]
    consumer.state = "state0"
    consumer.nonce = rndstr()
    consumer.client_secret = "hemlig"
    consumer.secret_type = "basic"
    consumer.config["response_type"] = ["code", "token"]
    
    args = {
        "client_id": consumer.client_id,
        "response_type": consumer.config["response_type"],
        "scope": ["openid"],
    }

    result = consumer.do_authorization_request(state=consumer.state,
                                               request_args=args)
    consumer._backup("state0")

    assert result.status_code == 302
    #assert result.location.startswith(consumer.redirect_uri[0])
    _, query = result.headers["location"].split("?")
    print query
    environ = redirect_environment(query)

    part = consumer.parse_authz(environ, start_response)
    print part
    auth = part[0]
    acc = part[1]
    assert part[2] is None

    #print auth.dictionary()
    #print acc.dictionary()
    assert auth.type() == "AuthorizationResponse"
    assert acc.type() == "AccessTokenResponse"
    print auth.keys()
    assert _eq(auth.keys(), ['nonce', 'code', 'access_token', 'expires_in',
                             'token_type', 'state', 'scope', 'refresh_token'])
    assert _eq(acc.keys(), ['token_type', 'state', 'access_token', 'scope',
                            'expires_in', 'refresh_token'])

Beispiel #15

Datei: test_oic_consumer_logout.py Projekt: smkent/pyoidc

    def test_sso_db_dict(self):
        client_config = {
            "client_id": CLIENT_ID,
            "client_authn_method": CLIENT_AUTHN_METHOD,
        }

        _consumer = Consumer({}, CONFIG, client_config, SERVER_INFO, sso_db={})
        _consumer.keyjar = CLIKEYS
        _consumer.redirect_uris = ["https://example.com/authz"]
        _consumer.client_secret = "hemlig"
        _consumer.secret_type = "basic"
        _consumer.issuer = ISSUER_ID

        # Simulate an authorization
        sid, request_location = _consumer.begin("openid",
                                                "code",
                                                path="https://example.com")
        resp = self.provider.authorization_endpoint(request=request_location)
        part = _consumer.parse_authz(resp.message)
        assert isinstance(part, tuple)
        aresp = part[0]
        assert aresp

        assert _consumer.sdb[sid]["issuer"] == self.provider.baseurl

        # Simulate an accesstoken request
        areq = AccessTokenRequest(
            code=aresp["code"],
            client_id=CLIENT_ID,
            redirect_uri="http://example.com/authz",
            client_secret=_consumer.client_secret,
            grant_type="authorization_code",
        )
        token_resp = self.provider.code_grant_type(areq)
        tresp = _consumer.parse_response(AccessTokenResponse,
                                         token_resp.message,
                                         sformat="json")

        # Now, for the backchannel logout. This happens on the OP
        logout_info = {
            "sub": tresp["id_token"]["sub"],
            "events": {
                BACK_CHANNEL_LOGOUT_EVENT: {}
            },
        }
        alg = "RS256"
        _jws = JWT(
            self.provider.keyjar,
            iss=self.provider.baseurl,
            lifetime=86400,
            sign_alg=alg,
        )
        logout_token = _jws.pack(aud=CLIENT_ID, **logout_info)

        # The logout request that gets sent to the RP
        request = BackChannelLogoutRequest(logout_token=logout_token)

        # The RP evaluates the request. If everything is OK a session ID (== original state
        # value) is returned.
        _sid = _consumer.backchannel_logout(request_args=request.to_dict())
        assert _sid == sid