def test_oauth2_client_credential_and_multiple_authentication_can_be_combined( token_cache, httpx_mock: HTTPXMock): resource_owner_password_auth = httpx_auth.OAuth2ClientCredentials( "http://provide_access_token", client_id="test_user", client_secret="test_pwd") httpx_mock.add_response( method="POST", url="http://provide_access_token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, ) api_key_auth = httpx_auth.HeaderApiKey("my_provided_api_key") api_key_auth2 = httpx_auth.HeaderApiKey("my_provided_api_key2", header_name="X-Api-Key2") header = get_header( httpx_mock, resource_owner_password_auth + (api_key_auth + api_key_auth2)) assert header.get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA" assert header.get("X-Api-Key") == "my_provided_api_key" assert header.get("X-Api-Key2") == "my_provided_api_key2"
def test_oauth2_authorization_code_and_api_key_authentication_can_be_combined( token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock): authorization_code_auth = httpx_auth.OAuth2AuthorizationCode( "http://provide_code", "http://provide_access_token") tab = browser_mock.add_response( opened_url= "http://provide_code?response_type=code&state=163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F", reply_url= "http://localhost:5000#code=SplxlOBeZQQYbYS6WxSbIA&state=163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de", ) httpx_mock.add_response( method="POST", url="http://provide_access_token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, ) api_key_auth = httpx_auth.HeaderApiKey("my_provided_api_key") header = get_header(httpx_mock, authorization_code_auth + api_key_auth) assert header.get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA" assert header.get("X-Api-Key") == "my_provided_api_key" tab.assert_success( "You are now authenticated on 163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de. You may close this tab." )
def test_basic_and_api_key_authentication_can_be_combined( httpx_mock: HTTPXMock): basic_auth = httpx_auth.Basic("test_user", "test_pwd") api_key_auth = httpx_auth.HeaderApiKey("my_provided_api_key") header = get_header(httpx_mock, basic_auth + api_key_auth) assert header.get("Authorization") == "Basic dGVzdF91c2VyOnRlc3RfcHdk" assert header.get("X-Api-Key") == "my_provided_api_key"
def test_refresh_token(token_cache, responses: RequestsMock): auth = requests_auth.OAuth2ResourceOwnerPasswordCredentials( "http://provide_access_token", username="******", password="******") # response for password grant responses.add( responses.POST, "http://provide_access_token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": "0", # let the token expire immediately after the first request "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, match=[ urlencoded_params_matcher({ "grant_type": "password", "username": "******", "password": "******", }) ], ) assert (get_header( responses, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA") assert (get_request(responses, "http://provide_access_token/").body == "grant_type=password&username=test_user&password=test_pwd") # response for refresh token grant responses.add( responses.POST, "http://provide_access_token", json={ "access_token": "rVR7Syg5bjZtZYjbZIW", "token_type": "example", "expires_in": 3600, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, match=[ urlencoded_params_matcher({ "grant_type": "refresh_token", "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", }) ], ) response = requests.get("http://authorized_only", auth=auth) assert response.request.headers.get( "Authorization") == "Bearer rVR7Syg5bjZtZYjbZIW" assert (get_request(responses, "http://provide_access_token/").body == "grant_type=refresh_token&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA")
def test_requests_negotiate_sspi_is_used_when_nothing_is_provided( monkeypatch, responses): # load requests_negociate_sspi from the file in tests/success_ntlm folder monkeypatch.syspath_prepend( os.path.join(os.path.abspath(os.path.dirname(__file__)), "success_ntlm")) assert (get_header( responses, requests_auth.NTLM()).get("Authorization") == "HttpNegotiateAuth fake")
def test_requests_ntlm_is_used_when_user_and_pass_provided( monkeypatch, responses): # load requests_ntlm from the file in tests/success_ntlm folder monkeypatch.syspath_prepend( os.path.join(os.path.abspath(os.path.dirname(__file__)), "success_ntlm")) assert (get_header(responses, requests_auth.NTLM("fake_user", "fake_pwd")).get("Authorization") == "HttpNtlmAuth fake fake_user / fake_pwd")
def test_state_change(token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock): auth = httpx_auth.OAuth2Implicit("http://provide_token") expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1) token = create_token(expiry_in_1_hour) tab = browser_mock.add_response( opened_url="http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F", reply_url="http://localhost:5000", data=f"access_token={token}&state=123456", ) assert get_header(httpx_mock, auth).get("Authorization") == f"Bearer {token}" tab.assert_success("You are now authenticated on 123456. You may close this tab.")
def test_basic_and_multiple_authentication_can_be_combined( token_cache, httpx_mock: HTTPXMock): basic_auth = httpx_auth.Basic("test_user", "test_pwd") api_key_auth2 = httpx_auth.HeaderApiKey("my_provided_api_key2", header_name="X-Api-Key2") api_key_auth3 = httpx_auth.HeaderApiKey("my_provided_api_key3", header_name="X-Api-Key3") header = get_header(httpx_mock, basic_auth & (api_key_auth2 & api_key_auth3)) assert header.get("Authorization") == "Basic dGVzdF91c2VyOnRlc3RfcHdk" assert header.get("X-Api-Key2") == "my_provided_api_key2" assert header.get("X-Api-Key3") == "my_provided_api_key3"
def test_multiple_auth_and_header_api_key_can_be_combined( token_cache, httpx_mock: HTTPXMock): api_key_auth = httpx_auth.HeaderApiKey("my_provided_api_key") api_key_auth2 = httpx_auth.HeaderApiKey("my_provided_api_key2", header_name="X-Api-Key2") api_key_auth3 = httpx_auth.HeaderApiKey("my_provided_api_key3", header_name="X-Api-Key3") header = get_header(httpx_mock, (api_key_auth & api_key_auth2) & api_key_auth3) assert header.get("X-Api-Key") == "my_provided_api_key" assert header.get("X-Api-Key2") == "my_provided_api_key2" assert header.get("X-Api-Key3") == "my_provided_api_key3"
def test_multiple_auth_and_header_api_key_can_be_combined( token_cache, responses: RequestsMock): api_key_auth = requests_auth.HeaderApiKey("my_provided_api_key") api_key_auth2 = requests_auth.HeaderApiKey("my_provided_api_key2", header_name="X-Api-Key2") api_key_auth3 = requests_auth.HeaderApiKey("my_provided_api_key3", header_name="X-Api-Key3") header = get_header(responses, (api_key_auth + api_key_auth2) + api_key_auth3) assert header.get("X-Api-Key") == "my_provided_api_key" assert header.get("X-Api-Key2") == "my_provided_api_key2" assert header.get("X-Api-Key3") == "my_provided_api_key3"
def test_basic_and_multiple_authentication_can_be_combined( token_cache, responses: RequestsMock): basic_auth = requests_auth.Basic("test_user", "test_pwd") api_key_auth2 = requests_auth.HeaderApiKey("my_provided_api_key2", header_name="X-Api-Key2") api_key_auth3 = requests_auth.HeaderApiKey("my_provided_api_key3", header_name="X-Api-Key3") header = get_header(responses, basic_auth + (api_key_auth2 + api_key_auth3)) assert header.get("Authorization") == "Basic dGVzdF91c2VyOnRlc3RfcHdk" assert header.get("X-Api-Key2") == "my_provided_api_key2" assert header.get("X-Api-Key3") == "my_provided_api_key3"
def test_oauth2_implicit_flow_token_custom_expiry( token_cache, responses: RequestsMock, browser_mock: BrowserMock ): auth = requests_auth.OAuth2Implicit("http://provide_token", early_expiry=28) # Add a token that expires in 29 seconds, so should be considered as not expired when issuing the request expiry_in_29_seconds = datetime.datetime.utcnow() + datetime.timedelta(seconds=29) token_cache._add_token( key="42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521", token=create_token(expiry_in_29_seconds), expiry=requests_auth.oauth2_tokens._to_expiry(expires_in=29), ) token = create_token(expiry_in_29_seconds) assert get_header(responses, auth).get("Authorization") == f"Bearer {token}"
def test_oauth2_implicit_flow_expects_token_in_id_token_if_response_type_in_url_is_id_token( token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock ): auth = httpx_auth.OAuth2Implicit("http://provide_token?response_type=id_token") expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1) token = create_token(expiry_in_1_hour) tab = browser_mock.add_response( opened_url="http://provide_token?response_type=id_token&state=87c4108ec0eb03599335333a40434a36674269690b6957fef684bfb6c5a849ce660ef7031aa874c44d67cd3eada8febdfce41efb1ed3bc53a0a7e716cbba025a&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F", reply_url="http://localhost:5000", data=f"id_token={token}&state=87c4108ec0eb03599335333a40434a36674269690b6957fef684bfb6c5a849ce660ef7031aa874c44d67cd3eada8febdfce41efb1ed3bc53a0a7e716cbba025a", ) assert get_header(httpx_mock, auth).get("Authorization") == f"Bearer {token}" tab.assert_success( "You are now authenticated on 87c4108ec0eb03599335333a40434a36674269690b6957fef684bfb6c5a849ce660ef7031aa874c44d67cd3eada8febdfce41efb1ed3bc53a0a7e716cbba025a. You may close this tab." )
def test_refresh_token_access_token_not_expired( token_cache, responses: RequestsMock, browser_mock: BrowserMock ): auth = requests_auth.OAuth2AuthorizationCode( "http://provide_code", "http://provide_access_token" ) tab = browser_mock.add_response( opened_url="http://provide_code?response_type=code&state=163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F", reply_url="http://localhost:5000#code=SplxlOBeZQQYbYS6WxSbIA&state=163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de", ) responses.add( responses.POST, "http://provide_access_token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, match=[ urlencoded_params_matcher( { "grant_type": "authorization_code", "redirect_uri": "http://localhost:5000/", "response_type": "code", "code": "SplxlOBeZQQYbYS6WxSbIA", } ) ], ) assert ( get_header(responses, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA" ) assert ( get_request(responses, "http://provide_access_token/").body == "grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&response_type=code&code=SplxlOBeZQQYbYS6WxSbIA" ) tab.assert_success( "You are now authenticated on 163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de. You may close this tab." ) # expect Bearer token to remain the same response = requests.get("http://authorized_only", auth=auth) assert ( response.request.headers.get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA" )
def test_okta_client_credentials_flow_token_custom_expiry( token_cache, httpx_mock: HTTPXMock): auth = httpx_auth.OktaClientCredentials("test_okta", client_id="test_user", client_secret="test_pwd", early_expiry=28) # Add a token that expires in 29 seconds, so should be considered as not expired when issuing the request token_cache._add_token( key= "f0d25aa4e496c6615328e776bb981dabe53fa77768a0a58eaf6d54215c598d80e57ffc7926fd96ec6a6a872942cb684a473e36233b593fb760d3eb6dc22ae550", token="2YotnFZFEjr1zCsicMWpAA", expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29), ) assert (get_header( httpx_mock, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_oauth2_implicit_flow_token_is_sent_in_requested_field( token_cache, responses: RequestsMock, browser_mock: BrowserMock ): auth = requests_auth.OAuth2Implicit( "http://provide_token", header_name="Bearer", header_value="{token}" ) expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1) token = create_token(expiry_in_1_hour) tab = browser_mock.add_response( opened_url="http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F", reply_url="http://localhost:5000", data=f"access_token={token}&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521", ) assert get_header(responses, auth).get("Bearer") == token tab.assert_success( "You are now authenticated on 42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521. You may close this tab." )
def test_oauth2_authorization_code_flow_get_code_custom_expiry( token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock): auth = httpx_auth.OktaAuthorizationCode( "testserver.okta-emea.com", "54239d18-c68c-4c47-8bdd-ce71ea1d50cd", early_expiry=28, ) # Add a token that expires in 29 seconds, so should be considered as not expired when issuing the request token_cache._add_token( key= "5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b", token="2YotnFZFEjr1zCsicMWpAA", expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29), ) assert (get_header( httpx_mock, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_oauth2_implicit_flow_token_is_not_reused_if_a_url_parameter_is_changing( token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock): auth1 = httpx_auth.OAuth2Implicit( "http://provide_token?response_type=custom_token&fake_param=1", token_field_name="custom_token", ) expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1) first_token = create_token(expiry_in_1_hour) tab1 = browser_mock.add_response( opened_url= "http://provide_token?response_type=custom_token&fake_param=1&state=5652a8138e3a99dab7b94532c73ed5b10f19405316035d1efdc8bf7e0713690485254c2eaff912040eac44031889ef0a5ed5730c8a111541120d64a898c31afe&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F", reply_url="http://localhost:5000", data= f"custom_token={first_token}&state=5652a8138e3a99dab7b94532c73ed5b10f19405316035d1efdc8bf7e0713690485254c2eaff912040eac44031889ef0a5ed5730c8a111541120d64a898c31afe", ) assert get_header(httpx_mock, auth1).get("Authorization") == f"Bearer {first_token}" # Ensure that the new token is different than previous one expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta( hours=1, seconds=1) auth2 = httpx_auth.OAuth2Implicit( "http://provide_token?response_type=custom_token&fake_param=2", token_field_name="custom_token", ) second_token = create_token(expiry_in_1_hour) tab2 = browser_mock.add_response( opened_url= "http://provide_token?response_type=custom_token&fake_param=2&state=5c3940ccf78ac6e7d6d8d06782d9fd95a533aa5425b616eaa38dc3ec9508fbd55152c58a0d8dd8a087e76b77902559285819a41cb78ce8713e5a3b974bf07ce9&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F", reply_url="http://localhost:5000", data= f"custom_token={second_token}&state=5c3940ccf78ac6e7d6d8d06782d9fd95a533aa5425b616eaa38dc3ec9508fbd55152c58a0d8dd8a087e76b77902559285819a41cb78ce8713e5a3b974bf07ce9", ) response = httpx.get("http://authorized_only", auth=auth2) # Return headers received on this dummy URL assert response.request.headers.get( "Authorization") == f"Bearer {second_token}" tab1.assert_success( "You are now authenticated on 5652a8138e3a99dab7b94532c73ed5b10f19405316035d1efdc8bf7e0713690485254c2eaff912040eac44031889ef0a5ed5730c8a111541120d64a898c31afe. You may close this tab." ) tab2.assert_success( "You are now authenticated on 5c3940ccf78ac6e7d6d8d06782d9fd95a533aa5425b616eaa38dc3ec9508fbd55152c58a0d8dd8a087e76b77902559285819a41cb78ce8713e5a3b974bf07ce9. You may close this tab." )
def test_oauth2_password_credentials_flow_token_custom_expiry( token_cache, httpx_mock: HTTPXMock): auth = httpx_auth.OAuth2ResourceOwnerPasswordCredentials( "http://provide_access_token", username="******", password="******", early_expiry=28, ) # Add a token that expires in 29 seconds, so should be considered as not expired when issuing the request token_cache._add_token( key= "db2be9203dd2718c7285319dde1270056808482fbf7fffa6a9362d092d1cf799b393dd15140ea13e4d76d1603e56390a6222ff7063736a1b686d317706b2c001", token="2YotnFZFEjr1zCsicMWpAA", expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29), ) assert (get_header( httpx_mock, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_expires_in_sent_as_str(token_cache, responses: RequestsMock): auth = requests_auth.OktaClientCredentials("test_okta", client_id="test_user", client_secret="test_pwd") responses.add( responses.POST, "https://test_okta/oauth2/default/v1/token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": "3600", "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, ) assert (get_header( responses, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_oauth2_client_credentials_flow_token_custom_expiry( token_cache, httpx_mock: HTTPXMock): auth = httpx_auth.OAuth2ClientCredentials( "http://provide_access_token", client_id="test_user", client_secret="test_pwd", early_expiry=28, ) # Add a token that expires in 29 seconds, so should be considered as not expired when issuing the request token_cache._add_token( key= "a8a1c17ded24b3710524306819084310b08f97e151c79f4f1979202c541f3e8506c93176f7ee816bfcd2b2f6de9c5c3e16aaff220f1ad8f08d31ee086e8618da", token="2YotnFZFEjr1zCsicMWpAA", expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29), ) assert (get_header( httpx_mock, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_expires_in_sent_as_str(token_cache, httpx_mock: HTTPXMock): auth = httpx_auth.OAuth2ClientCredentials("http://provide_access_token", client_id="test_user", client_secret="test_pwd") httpx_mock.add_response( method="POST", url="http://provide_access_token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": "3600", "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, ) assert (get_header( httpx_mock, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_oauth2_implicit_and_api_key_authentication_can_be_combined( token_cache, responses: RequestsMock, browser_mock: BrowserMock ): implicit_auth = requests_auth.OAuth2Implicit("http://provide_token") expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1) token = create_token(expiry_in_1_hour) tab = browser_mock.add_response( opened_url="http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F", reply_url="http://localhost:5000", data=f"access_token={token}&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521", ) api_key_auth = requests_auth.HeaderApiKey("my_provided_api_key") header = get_header(responses, implicit_auth & api_key_auth) assert header.get("Authorization") == f"Bearer {token}" assert header.get("X-Api-Key") == "my_provided_api_key" tab.assert_success( "You are now authenticated on 42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521. You may close this tab." )
def test_oauth2_client_credentials_flow_token_custom_expiry( token_cache, responses: RequestsMock, browser_mock: BrowserMock ): auth = requests_auth.OAuth2AuthorizationCode( "http://provide_code", "http://provide_access_token", early_expiry=28, ) # Add a token that expires in 29 seconds, so should be considered as not expired when issuing the request token_cache._add_token( key="163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de", token="2YotnFZFEjr1zCsicMWpAA", expiry=requests_auth.oauth2_tokens._to_expiry(expires_in=29), ) assert ( get_header(responses, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA" )
def test_oauth2_pkce_flow_get_code_custom_expiry(token_cache, httpx_mock: HTTPXMock, monkeypatch, browser_mock: BrowserMock): monkeypatch.setattr(httpx_auth.authentication.os, "urandom", lambda x: b"1" * 63) auth = httpx_auth.OAuth2AuthorizationCodePKCE( "http://provide_code", "http://provide_access_token", early_expiry=28) # Add a token that expires in 29 seconds, so should be considered as not expired when issuing the request token_cache._add_token( key= "163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de", token="2YotnFZFEjr1zCsicMWpAA", expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29), ) assert (get_header( httpx_mock, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_okta_pkce_flow_token_is_expired_after_30_seconds_by_default( token_cache, responses: RequestsMock, monkeypatch, browser_mock: BrowserMock): monkeypatch.setattr(requests_auth.authentication.os, "urandom", lambda x: b"1" * 63) auth = requests_auth.OktaAuthorizationCodePKCE( "testserver.okta-emea.com", "54239d18-c68c-4c47-8bdd-ce71ea1d50cd") tab = browser_mock.add_response( opened_url= "https://testserver.okta-emea.com/oauth2/default/v1/authorize?client_id=54239d18-c68c-4c47-8bdd-ce71ea1d50cd&scope=openid&response_type=code&state=5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&code_challenge=5C_ph_KZ3DstYUc965SiqmKAA-ShvKF4Ut7daKd3fjc&code_challenge_method=S256", reply_url= "http://localhost:5000#code=SplxlOBeZQQYbYS6WxSbIA&state=5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b", ) # Add a token that expires in 29 seconds, so should be considered as expired when issuing the request token_cache._add_token( key= "5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b", token="2YotnFZFEjr1zCsicMWpAA", expiry=requests_auth.oauth2_tokens._to_expiry(expires_in=29), ) # Meaning a new one will be requested responses.add( responses.POST, "https://testserver.okta-emea.com/oauth2/default/v1/token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, ) assert (get_header( responses, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA") assert ( get_request( responses, "https://testserver.okta-emea.com/oauth2/default/v1/token").body == "code_verifier=MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&client_id=54239d18-c68c-4c47-8bdd-ce71ea1d50cd&scope=openid&response_type=code&code=SplxlOBeZQQYbYS6WxSbIA" ) tab.assert_success( "You are now authenticated on 5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b. You may close this tab." )
def test_oauth2_pkce_flow_uses_provided_session(token_cache, responses: RequestsMock, monkeypatch, browser_mock: BrowserMock): session = requests.Session() session.headers.update({"x-test": "Test value"}) monkeypatch.setattr(requests_auth.authentication.os, "urandom", lambda x: b"1" * 63) auth = requests_auth.OktaAuthorizationCodePKCE( "testserver.okta-emea.com", "54239d18-c68c-4c47-8bdd-ce71ea1d50cd", session=session, ) tab = browser_mock.add_response( opened_url= "https://testserver.okta-emea.com/oauth2/default/v1/authorize?client_id=54239d18-c68c-4c47-8bdd-ce71ea1d50cd&scope=openid&response_type=code&state=5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&code_challenge=5C_ph_KZ3DstYUc965SiqmKAA-ShvKF4Ut7daKd3fjc&code_challenge_method=S256", reply_url= "http://localhost:5000#code=SplxlOBeZQQYbYS6WxSbIA&state=5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b", ) responses.add( responses.POST, "https://testserver.okta-emea.com/oauth2/default/v1/token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, ) assert (get_header( responses, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA") request = get_request( responses, "https://testserver.okta-emea.com/oauth2/default/v1/token") assert ( request.body == "code_verifier=MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&client_id=54239d18-c68c-4c47-8bdd-ce71ea1d50cd&scope=openid&response_type=code&code=SplxlOBeZQQYbYS6WxSbIA" ) assert request.headers["x-test"] == "Test value" tab.assert_success( "You are now authenticated on 5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b. You may close this tab." )
def test_oauth2_client_credentials_flow_token_is_sent_in_authorization_header_by_default( token_cache, responses: RequestsMock): auth = requests_auth.OAuth2ClientCredentials("http://provide_access_token", client_id="test_user", client_secret="test_pwd") responses.add( responses.POST, "http://provide_access_token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, ) assert (get_header( responses, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_oauth2_implicit_flow_token_can_be_requested_on_a_custom_server_port( token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock ): # TODO Should use a method to retrieve a free port instead available_port = 5002 auth = httpx_auth.OAuth2Implicit( "http://provide_token", redirect_uri_port=available_port ) expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1) token = create_token(expiry_in_1_hour) tab = browser_mock.add_response( opened_url="http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5002%2F", reply_url="http://localhost:5002", data=f"access_token={token}&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521", ) assert get_header(httpx_mock, auth).get("Authorization") == f"Bearer {token}" tab.assert_success( "You are now authenticated on 42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521. You may close this tab." )
def test_okta_client_credentials_flow_token_is_sent_in_authorization_header_by_default( token_cache, httpx_mock: HTTPXMock): auth = httpx_auth.OktaClientCredentials("test_okta", client_id="test_user", client_secret="test_pwd") httpx_mock.add_response( method="POST", url="https://test_okta/oauth2/default/v1/token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, ) assert (get_header( httpx_mock, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")