Ejemplo n.º 1
0
def test_valid_id_token(app):
    """
    Create a token and then validate it and make sure there are no exceptions
    """
    issuer = app.config.get('BASE_URL')
    keypair = app.keypairs[0]
    client_id = "client_12345"
    user = User(username='******', is_admin=False)
    expires_in = 2592000
    nonce = "a1b2c3d4e5f6g7h8i9j0k!l@#n$%^q&*stuvwxyz"
    max_age = None

    signed_token = create_id_token(
        user=user, keypair=keypair, expires_in=expires_in,
        client_id=client_id, audiences=[client_id],
        auth_time=None, max_age=max_age, nonce=nonce
    )

    unsigned_token = UnsignedIDToken.from_signed_and_encoded_token(
        signed_token, client_id=client_id, issuer=issuer,
        max_age=max_age, nonce=nonce)

    unsigned_token.validate(
        issuer=issuer, client_id=client_id, max_age=max_age, nonce=nonce
    )

    assert True
Ejemplo n.º 2
0
def test_valid_id_token_without_nonce(app):
    """
    Create a token and then validate it and make sure there are no exceptions
    when a nonce is not provided.
    """
    issuer = app.config.get('BASE_URL')
    keypair = app.keypairs[0]
    client_id = "client_12345"
    user = User(username='******', is_admin=False)
    expires_in = 2592000
    nonce = None
    max_age = None

    signed_token = create_id_token(
        user=user, keypair=keypair, expires_in=expires_in,
        client_id=client_id, audiences=[client_id],
        auth_time=None, max_age=max_age, nonce=nonce
    )

    unsigned_token = UnsignedIDToken.from_signed_and_encoded_token(
        signed_token, client_id=client_id, issuer=issuer,
        max_age=max_age, nonce=nonce)

    unsigned_token.validate(
        issuer=issuer, client_id=client_id, max_age=max_age, nonce=nonce
    )

    assert not unsigned_token.token.get("nonce")
Ejemplo n.º 3
0
def test_valid_id_token_without_nonce(app):
    """
    Create a token and then validate it and make sure there are no exceptions
    when a nonce is not provided.
    """
    issuer = config.get("BASE_URL")
    keypair = app.keypairs[0]
    client_id = "client_12345"
    user = User(username="******", is_admin=False)
    expires_in = 2592000
    nonce = None
    max_age = None
    token_result = generate_signed_id_token(
        keypair.kid,
        keypair.private_key,
        user,
        expires_in,
        client_id,
        audiences=[client_id],
        auth_time=None,
        max_age=None,
        nonce=None,
    )
    unsigned_token = UnsignedIDToken.from_signed_and_encoded_token(
        token_result.token,
        client_id=client_id,
        issuer=issuer,
        max_age=max_age,
        nonce=nonce,
    )
    unsigned_token.validate()
    assert not unsigned_token.get("nonce")
Ejemplo n.º 4
0
def test_valid_id_token(app):
    """
    Create a token and then validate it and make sure there are no exceptions
    """
    issuer = config.get("BASE_URL")
    keypair = app.keypairs[0]
    client_id = "client_12345"
    user = User(username="******", is_admin=False)
    expires_in = 2592000
    nonce = "a1b2c3d4e5f6g7h8i9j0k!l@#n$%^q&*stuvwxyz"
    max_age = None
    token_result = generate_signed_id_token(
        keypair.kid,
        keypair.private_key,
        user,
        expires_in,
        client_id,
        audiences=[client_id],
        auth_time=None,
        max_age=None,
        nonce=None,
    )
    unsigned_token = UnsignedIDToken.from_signed_and_encoded_token(
        token_result.token,
        client_id=client_id,
        issuer=issuer,
        max_age=max_age,
        nonce=nonce,
    )
    unsigned_token.validate()
Ejemplo n.º 5
0
def test_recode_id_token(app, kid, rsa_private_key):
    """
    Test that after signing, unsigning, re-signing, and unsigning again,
    the contents of the ID Token that should be the same, are.
    """
    issuer = config.get("BASE_URL")
    keypair = app.keypairs[0]
    client_id = "client_12345"
    user = User(username="******", is_admin=False)
    expires_in = 2592000
    nonce = "a1b2c3d4e5f6g7h8i9j0k!l@#n$%^q&*stuvwxyz"
    max_age = None

    original_signed_token = generate_signed_id_token(
        keypair.kid,
        keypair.private_key,
        user,
        expires_in,
        client_id,
        audiences=[client_id],
        auth_time=None,
        max_age=max_age,
        nonce=nonce,
    )
    original_unsigned_token = UnsignedIDToken.from_signed_and_encoded_token(
        original_signed_token.token,
        client_id=client_id,
        issuer=issuer,
        max_age=max_age,
        nonce=nonce,
    )

    new_signed_token = original_unsigned_token.get_signed_and_encoded_token(
        kid, rsa_private_key)
    new_unsigned_token = UnsignedIDToken.from_signed_and_encoded_token(
        new_signed_token,
        client_id=client_id,
        issuer=issuer,
        max_age=max_age,
        nonce=nonce,
    )

    assert original_unsigned_token.iss == new_unsigned_token.iss
    assert original_unsigned_token.sub == new_unsigned_token.sub
    assert original_unsigned_token.aud == new_unsigned_token.aud
    assert original_unsigned_token.azp == new_unsigned_token.azp
    assert original_unsigned_token.nonce == new_unsigned_token.nonce
Ejemplo n.º 6
0
def test_recode_id_token(app, private_key):
    """
    Test that after signing, unsigning, re-signing, and unsigning again,
    the contents of the ID Token that should be the same, are.
    """
    kid = test_settings.JWT_KEYPAIR_FILES.keys()[0]
    issuer = app.config.get('BASE_URL')
    keypair = app.keypairs[0]
    client_id = "client_12345"
    user = User(username='******', is_admin=False)
    expires_in = 2592000
    nonce = "a1b2c3d4e5f6g7h8i9j0k!l@#n$%^q&*stuvwxyz"
    max_age = None

    original_signed_token = create_id_token(
        user=user, keypair=keypair, expires_in=expires_in,
        client_id=client_id, audiences=[client_id],
        auth_time=None, max_age=max_age, nonce=nonce
    )
    original_unsigned_token = UnsignedIDToken.from_signed_and_encoded_token(
        original_signed_token, client_id=client_id, issuer=issuer,
        max_age=max_age, nonce=nonce)

    new_signed_token = original_unsigned_token.get_signed_and_encoded_token(
        kid, private_key
    )
    new_unsigned_token = UnsignedIDToken.from_signed_and_encoded_token(
        new_signed_token, client_id=client_id, issuer=issuer,
        max_age=max_age, nonce=nonce
    )

    assert original_unsigned_token.iss == new_unsigned_token.iss
    assert original_unsigned_token.sub == new_unsigned_token.sub
    assert original_unsigned_token.aud == new_unsigned_token.aud
    assert original_unsigned_token.azp == new_unsigned_token.azp
    assert original_unsigned_token.nonce == new_unsigned_token.nonce