def test_construct_with_token(self, services):
authz_service = services['authorization']
_state = authz_service.create_state('Issuer')
req = AuthorizationRequest(state=_state,
response_type='code',
redirect_uri='https://example.com',
scope=['openid'])
authz_service.store_item(req, 'auth_request', _state)
# Add a state and bind a code to it
resp1 = AuthorizationResponse(code="auth_grant", state=_state)
response = services['authorization'].parse_response(
resp1.to_urlencoded(), "urlencoded")
services['authorization'].update_service_context(response, key=_state)
# based on state find the code and then get an access token
resp2 = AccessTokenResponse(access_token="token1",
token_type="Bearer",
expires_in=0,
state=_state)
response = services['accesstoken'].parse_response(
resp2.to_urlencoded(), "urlencoded")
services['accesstoken'].update_service_context(response, key=_state)
# and finally use the access token, bound to a state, to
# construct the authorization header
http_args = BearerHeader().construct(ResourceRequest(),
services['accesstoken'],
key=_state)
assert http_args == {"headers": {"Authorization": "Bearer token1"}}
def test_json_serialize(self):
at = AccessTokenResponse(access_token="SlAV32hkKG", token_type="Bearer", expires_in=3600)
atj = at.serialize(method="json")
atj_obj = json.loads(atj)
expected_atj_obj = {
"token_type": "Bearer",
"access_token": "SlAV32hkKG",
"expires_in": 3600,
}
assert atj_obj == expected_atj_obj
def test_multiple_scope(self):
atr = AccessTokenResponse(
access_token="2YotnFZFEjr1zCsicMWpAA",
token_type="example",
expires_in=3600,
refresh_token="tGzv3JOkF0XG5Qx2TlKWIA",
example_parameter="example_value",
scope=["inner", "outer"])
assert _eq(atr["scope"], ["inner", "outer"])
uec = atr.to_urlencoded()
assert "inner+outer" in uec
def test_construct_refresh_token_request(self):
self.client.session_interface.create_state('issuer', 'ABCDE')
auth_request = AuthorizationRequest(
redirect_uri='https://example.com/cli/authz_cb', state='state')
self.client.session_interface.store_item(auth_request, 'auth_request',
'ABCDE')
auth_response = AuthorizationResponse(code='access_code')
self.client.session_interface.store_item(auth_response,
'auth_response', 'ABCDE')
token_response = AccessTokenResponse(refresh_token="refresh_with_me",
access_token="access")
self.client.session_interface.store_item(token_response,
'token_response', 'ABCDE')
req_args = {}
msg = self.client.service['refresh_token'].construct(
request_args=req_args, state='ABCDE')
assert isinstance(msg, RefreshAccessTokenRequest)
assert msg.to_dict() == {
'client_id': 'client_1',
'client_secret': 'abcdefghijklmnop',
'grant_type': 'refresh_token',
'refresh_token': 'refresh_with_me'
}
def create_request(self):
self._iss = ISS
client_config = {
'client_id': 'client_id', 'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb'],
'issuer': self._iss, 'requests_dir': 'requests',
'base_url': 'https://example.com/cli/'
}
service_context = ServiceContext(config=client_config)
service_context.keyjar = CLI_KEY
service_context.behaviour = {
'userinfo_signed_response_alg': 'RS256',
"userinfo_encrypted_response_alg": "RSA-OAEP",
"userinfo_encrypted_response_enc": "A256GCM"
}
db = InMemoryStateDataBase()
auth_response = AuthorizationResponse(code='access_code').to_json()
idtval = {
'nonce': 'KUEYfRM2VzKDaaKD', 'sub': 'diana',
'iss': ISS, 'aud': 'client_id'
}
idt = create_jws(idtval)
ver_idt = IdToken().from_jwt(idt, CLI_KEY)
token_response = AccessTokenResponse(
access_token='access_token', id_token=idt,
__verified_id_token=ver_idt).to_json()
db.set('abcde', State(token_response=token_response,
auth_response=auth_response).to_json())
self.service = service_factory('UserInfo', ['oidc'], state_db=db,
service_context=service_context)
def test_do_userinfo_request_init(self):
self.client.session_interface.create_state('issuer', 'ABCDE')
auth_request = AuthorizationRequest(
redirect_uri='https://example.com/cli/authz_cb',
state='state'
)
self.client.session_interface.store_item(auth_request,
'auth_request', 'ABCDE')
auth_response = AuthorizationResponse(code='access_code')
self.client.session_interface.store_item(auth_response,
'auth_response', 'ABCDE')
token_response = AccessTokenResponse(refresh_token="refresh_with_me",
access_token="access")
self.client.session_interface.store_item(token_response,
'token_response', 'ABCDE')
_srv = self.client.service['userinfo']
_srv.endpoint = "https://example.com/userinfo"
_info = _srv.get_request_parameters(state='ABCDE')
assert _info
assert _info['headers'] == {'Authorization': 'Bearer access'}
assert _info['url'] == 'https://example.com/userinfo'
def test_do_userinfo_request_init(self):
# Client 1 starts
client_1 = RP(config=CONF)
_state = client_1.client_get("service_context").state.create_state(
ISSUER)
auth_request = AuthorizationRequest(
redirect_uri='https://example.com/cli/authz_cb', state='state')
# Client 2 carries on
client_2 = RP(config=CONF)
_state_dump = client_1.client_get("service_context").dump()
client_2.client_get("service_context").load(_state_dump)
auth_response = AuthorizationResponse(code='access_code')
client_2.client_get("service_context").state.store_item(
auth_response, 'auth_response', _state)
token_response = AccessTokenResponse(refresh_token="refresh_with_me",
access_token="access")
client_2.client_get("service_context").state.store_item(
token_response, 'token_response', _state)
# Back to Client 1
_state_dump = client_2.client_get("service_context").dump()
client_1.client_get("service_context").load(_state_dump)
_srv = client_1.client_get("service", 'userinfo')
_srv.endpoint = "https://example.com/userinfo"
_info = _srv.get_request_parameters(state=_state)
assert _info
assert _info['headers'] == {'Authorization': 'Bearer access'}
assert _info['url'] == 'https://example.com/userinfo'
def test_id_token_nonce_match(self):
self.service.store_nonce2state('nonce', 'state')
resp = AccessTokenResponse()
resp[verified_claim_name('id_token')] = {'nonce': 'nonce'}
self.service.store_nonce2state('nonce2', 'state2')
with pytest.raises(ParameterError):
self.service.update_service_context(resp, key='state2')
def create_service(self):
client_config = {
'client_id': 'client_id',
'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb']
}
service_context = ServiceContext(config=client_config)
db = InMemoryStateDataBase()
auth_response = AuthorizationResponse(code='access_code')
token_response = AccessTokenResponse(access_token='bearer_token',
refresh_token='refresh')
_state = State(auth_response=auth_response.to_json(),
token_response=token_response.to_json())
db.set('abcdef', _state.to_json())
self.service = service_factory('RefreshAccessToken', ['oauth2'],
state_db=db,
service_context=service_context)
self.service.endpoint = 'https://example.com/token'
def test_do_userinfo_request_init(self):
auth_request = AuthorizationRequest(
redirect_uri='https://example.com/cli/authz_cb', state='state')
auth_response = AuthorizationResponse(code='access_code')
token_response = AccessTokenResponse(refresh_token="refresh_with_me",
access_token="access")
_state = State(auth_response=auth_response.to_json(),
auth_request=auth_request.to_json(),
token_response=token_response.to_json())
self.client.state_db.set('ABCDE', _state.to_json())
_srv = self.client.service['userinfo']
_srv.endpoint = "https://example.com/userinfo"
_info = _srv.get_request_parameters(state='ABCDE')
assert _info
assert _info['headers'] == {'Authorization': 'Bearer access'}
assert _info['url'] == 'https://example.com/userinfo'
def test_token_parse_response(self):
request_args = {'grant_type': 'client_credentials'}
_srv = self.entity.client_get("service",'accesstoken')
_request_info = _srv.get_request_parameters(request_args=request_args)
response = AccessTokenResponse(**{
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value"
})
_response = _srv.parse_response(response.to_json(), sformat="json")
# since no state attribute is involved, a key is minted
_key = rndstr(16)
_srv.update_service_context(_response, key=_key)
info = _srv.client_get("service_context").state.get_item(AccessTokenResponse, 'token_response', _key)
assert '__expires_at' in info
def test_construct_refresh_token_request(self):
auth_request = AuthorizationRequest(
redirect_uri='https://example.com/cli/authz_cb', state='state')
auth_response = AuthorizationResponse(code='access_code')
token_response = AccessTokenResponse(refresh_token="refresh_with_me",
access_token="access")
_state = State(auth_response=auth_response.to_json(),
auth_request=auth_request.to_json(),
token_response=token_response.to_json())
self.client.state_db.set('ABCDE', _state.to_json())
req_args = {}
msg = self.client.service['refresh_token'].construct(
request_args=req_args, state='ABCDE')
assert isinstance(msg, RefreshAccessTokenRequest)
assert msg.to_dict() == {
'client_id': 'client_1',
'client_secret': 'abcdefghijklmnop',
'grant_type': 'refresh_token',
'refresh_token': 'refresh_with_me'
}
def test_construct_with_request(self, services):
authz_service = services['authorization']
authz_service.state_db.set('EEEE', State(iss='Issuer').to_json())
resp1 = AuthorizationResponse(code="auth_grant", state="EEEE")
response = authz_service.parse_response(resp1.to_urlencoded(),
"urlencoded")
authz_service.update_service_context(response, key='EEEE')
resp2 = AccessTokenResponse(access_token="token1",
token_type="Bearer",
expires_in=0,
state="EEEE")
response = services['accesstoken'].parse_response(
resp2.to_urlencoded(), "urlencoded")
services['accesstoken'].update_service_context(response, key='EEEE')
request = ResourceRequest()
BearerBody().construct(request, service=authz_service, key="EEEE")
assert "access_token" in request
assert request["access_token"] == "token1"
def test_to_urlencoded_extended_omit(self):
atr = AccessTokenResponse(
access_token="2YotnFZFEjr1zCsicMWpAA",
token_type="example",
expires_in=3600,
refresh_token="tGzv3JOkF0XG5Qx2TlKWIA",
example_parameter="example_value",
scope=["inner", "outer"],
extra=["local", "external"],
level=3)
uec = atr.to_urlencoded()
assert query_string_compare(uec,
"scope=inner+outer&level=3&expires_in=3600&token_type=example"
"&extra=local&"
"extra=external&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA&"
"access_token=2YotnFZFEjr1zCsicMWpAA&example_parameter"
"=example_value")
del atr["extra"]
ouec = atr.to_urlencoded()
assert query_string_compare(ouec,
"access_token=2YotnFZFEjr1zCsicMWpAA&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA&"
"level=3&example_parameter=example_value&token_type=example"
"&expires_in=3600&"
"scope=inner+outer")
assert len(uec) == (len(ouec) + len("extra=local") +
len("extra=external") + 2)
atr2 = AccessTokenResponse().deserialize(uec, "urlencoded")
assert _eq(atr2.keys(), ['access_token', 'expires_in', 'token_type',
'scope', 'refresh_token', 'level',
'example_parameter', 'extra'])
atr3 = AccessTokenResponse().deserialize(ouec, "urlencoded")
assert _eq(atr3.keys(), ['access_token', 'expires_in', 'token_type',
'scope', 'refresh_token', 'level',
'example_parameter'])
def test_construct_with_request(self, entity):
authz_service = entity.client_get("service", 'authorization')
_cntx = authz_service.client_get("service_context")
_key = _cntx.state.create_state(iss='Issuer')
resp1 = AuthorizationResponse(code="auth_grant", state=_key)
response = authz_service.parse_response(resp1.to_urlencoded(),
"urlencoded")
authz_service.update_service_context(response, key=_key)
resp2 = AccessTokenResponse(access_token="token1",
token_type="Bearer",
expires_in=0,
state=_key)
_token_service = entity.client_get("service", 'accesstoken')
response = _token_service.parse_response(resp2.to_urlencoded(),
"urlencoded")
_token_service.update_service_context(response, key=_key)
request = ResourceRequest()
BearerBody().construct(request, service=authz_service, key=_key)
assert "access_token" in request
assert request["access_token"] == "token1"
def create_service(self):
client_config = {
'client_id': 'client_id',
'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb']
}
entity = Entity(config=client_config)
self.refresh_service = entity.client_get("service", 'refresh_token')
auth_response = AuthorizationResponse(code='access_code')
token_response = AccessTokenResponse(access_token='bearer_token',
refresh_token='refresh')
_state = self.refresh_service.client_get("service_context").state
_state.store_item(auth_response, 'auth_response', 'abcdef')
_state.store_item(token_response, 'token_response', 'abcdef')
self.refresh_service.endpoint = 'https://example.com/token'
def create_service(self):
client_config = {
'client_id': 'client_id',
'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb']
}
service_context = ServiceContext(config=client_config)
self.service = service_factory('RefreshAccessToken', ['oauth2'],
service_context=service_context)
auth_response = AuthorizationResponse(code='access_code')
token_response = AccessTokenResponse(access_token='bearer_token',
refresh_token='refresh')
self.service.store_item(auth_response, 'auth_response', 'abcdef')
self.service.store_item(token_response, 'token_response', 'abcdef')
self.service.endpoint = 'https://example.com/token'
def test_construct_with_state(self, services):
_srv = services['authorization']
_srv.state_db['FFFFF'] = State(iss='Issuer').to_json()
resp = AuthorizationResponse(code="code", state="FFFFF")
_srv.store_item(resp, 'auth_response', 'FFFFF')
atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA",
token_type="example",
refresh_token="tGzv3JOkF0XG5Qx2TlKWIA",
example_parameter="example_value",
scope=["inner", "outer"])
_srv.store_item(atr, 'token_response', 'FFFFF')
request = ResourceRequest()
http_args = BearerBody().construct(request, service=_srv, key="FFFFF")
assert request["access_token"] == "2YotnFZFEjr1zCsicMWpAA"
assert http_args is None
def test_construct_refresh_token_request(self):
# Client 1 starts the chain event
client_1 = Client(config=CONF)
_state = client_1.client_get("service_context").state.create_state(
'issuer')
auth_request = AuthorizationRequest(
redirect_uri='https://example.com/cli/authz_cb', state=_state)
client_1.client_get("service_context").state.store_item(
auth_request, 'auth_request', _state)
# Client 2 carries on
client_2 = Client(config=CONF)
_state_dump = client_1.client_get("service_context").dump()
client_2.client_get("service_context").load(_state_dump)
auth_response = AuthorizationResponse(code='access_code')
client_2.client_get("service_context").state.store_item(
auth_response, 'auth_response', _state)
token_response = AccessTokenResponse(refresh_token="refresh_with_me",
access_token="access")
client_2.client_get("service_context").state.store_item(
token_response, 'token_response', _state)
# Next up is Client 1
_state_dump = client_2.client_get("service_context").dump()
client_1.client_get("service_context").load(_state_dump)
req_args = {}
msg = client_1.client_get("service", 'refresh_token').construct(
request_args=req_args, state=_state)
assert isinstance(msg, RefreshAccessTokenRequest)
assert msg.to_dict() == {
'client_id': 'client_1',
'client_secret': 'abcdefghijklmnop',
'grant_type': 'refresh_token',
'refresh_token': 'refresh_with_me'
}
def test_construct_with_state(self, entity):
_auth_service = entity.client_get("service", 'authorization')
_cntx = _auth_service.client_get("service_context")
_key = _cntx.state.create_state(iss='Issuer')
resp = AuthorizationResponse(code="code", state=_key)
_cntx.state.store_item(resp, 'auth_response', _key)
atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA",
token_type="example",
refresh_token="tGzv3JOkF0XG5Qx2TlKWIA",
example_parameter="example_value",
scope=["inner", "outer"])
_cntx.state.store_item(atr, 'token_response', _key)
request = ResourceRequest()
http_args = BearerBody().construct(request,
service=_auth_service,
key=_key)
assert request["access_token"] == "2YotnFZFEjr1zCsicMWpAA"
assert http_args is None
def test_2nd_refresh_token_parse_response(self):
request_args = {'grant_type': 'client_credentials'}
_srv = self.entity.client_get("service",'accesstoken')
_request_info = _srv.get_request_parameters(request_args=request_args)
response = AccessTokenResponse(**{
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value"
})
_response = _srv.parse_response(response.to_json(), sformat="json")
# since no state attribute is involved, a key is minted
_key = rndstr(16)
_srv.update_service_context(_response, key=_key)
info = _srv.client_get("service_context").state.get_item(AccessTokenResponse, 'token_response', _key)
assert '__expires_at' in info
# Move from token to refresh token service
_srv = self.entity.client_get("service",'refresh_token')
_request_info = _srv.get_request_parameters(request_args=request_args, state=_key)
refresh_response = AccessTokenResponse(**{
"access_token": 'wy4R01DmMoB5xkI65nNkVv1l',
"token_type": "example",
"expires_in": 3600,
"refresh_token": 'lhNX9LSG8w1QuD6tSgc6CPfJ',
})
_response = _srv.parse_response(refresh_response.to_json(), sformat="json")
_srv.update_service_context(_response, key=_key)
info = _srv.client_get("service_context").state.get_item(AccessTokenResponse, 'token_response', _key)
assert '__expires_at' in info
_request_info = _srv.get_request_parameters(request_args=request_args, state=_key)
assert _request_info['headers'] == {
'Authorization': 'Bearer {}'.format(refresh_response["refresh_token"]),
'Content-Type': 'application/x-www-form-urlencoded'
}
