def test_client_registration_delete(self):
args = {
"redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"],
"client_name": "My Example Client",
"client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D",
"token_endpoint_auth_method": "client_secret_basic",
"scope": "read write dolphin",
}
request = RegistrationRequest(**args)
resp = self.provider.registration_endpoint(request=request.to_json(), environ={})
_resp = ClientInfoResponse().from_json(resp.message)
resp = self.provider.client_info_endpoint(
request=request.to_json(),
environ={"HTTP_AUTHORIZATION": "Bearer %s" % (_resp["registration_access_token"],)},
method="DELETE",
query="client_id=%s" % _resp["client_id"],
)
assert isinstance(resp, NoContent)
# A read should fail
resp = self.provider.client_info_endpoint(
"",
environ={"HTTP_AUTHORIZATION": "Bearer %s" % (_resp["registration_access_token"],)},
query="client_id=%s" % _resp["client_id"],
)
assert isinstance(resp, Unauthorized)
def registration_endpoint(self, **kwargs):
"""
:param request: The request
:param authn: Client authentication information
:param kwargs: extra keyword arguments
:return: A Response instance
"""
_request = RegistrationRequest().deserialize(kwargs["request"], "json")
try:
_request.verify()
except InvalidRedirectUri as err:
msg = ClientRegistrationError(error="invalid_redirect_uri", error_description="%s" % err)
return BadRequest(msg.to_json(), content="application/json")
except (MissingPage, VerificationError) as err:
msg = ClientRegistrationError(error="invalid_client_metadata", error_description="%s" % err)
return BadRequest(msg.to_json(), content="application/json")
# authenticated client
if self.authn_at_registration:
try:
_ = self.verify_client(kwargs["environ"], _request, self.authn_at_registration)
except (AuthnFailure, UnknownAssertionType):
return Unauthorized()
client_id = self.create_new_client(_request)
return self.client_info(client_id)
def test_registration_endpoint(self):
request = RegistrationRequest(client_name="myself", redirect_uris=["https://example.com/rp"])
resp = self.provider.registration_endpoint(request=request.to_json())
assert isinstance(resp, Response)
data = json.loads(resp.message)
assert data["client_name"] == "myself"
assert _eq(data["redirect_uris"], ["https://example.com/rp"])
_resp = ClientInfoResponse().from_json(resp.message)
assert "client_id" in _resp
def test_client_registration_utf_8_client_name(self):
args = {
"redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"],
"client_name": "My Example Client",
"client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D",
"token_endpoint_auth_method": "client_secret_basic",
"scope": "read write dolphin",
}
request = RegistrationRequest(**args)
resp = self.provider.registration_endpoint(request=request.to_json())
_resp = ClientInfoResponse().from_json(resp.message)
assert _resp["client_name#ja-Jpan-JP"] == "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D"
assert _resp["client_name"] == "My Example Client"
def test_client_registration_update(self):
args = {
"redirect_uris": ["https://client.example.org/callback",
"https://client.example.org/callback2"],
"client_name": "My Example Client",
"client_name#ja-Jpan-JP":
"\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D",
"token_endpoint_auth_method": "client_secret_basic",
"scope": "read write dolphin",
}
request = RegistrationRequest(**args)
resp = self.provider.registration_endpoint(request=request.to_json(),
environ={})
_resp = ClientInfoResponse().from_json(resp.message)
update = {
"client_id": _resp["client_id"],
"client_secret": _resp["client_secret"],
"redirect_uris": ["https://client.example.org/callback",
"https://client.example.org/alt"],
"scope": "read write dolphin",
"grant_types": ["authorization_code", "refresh_token"],
"token_endpoint_auth_method": "client_secret_basic",
"jwks_uri": "https://client.example.org/my_public_keys.jwks",
"client_name": "My New Example",
"client_name#fr": "Mon Nouvel Exemple",
}
update_req = RegistrationRequest(**update)
resp = self.provider.client_info_endpoint(
request=update_req.to_json(),
environ={"HTTP_AUTHORIZATION": "Bearer %s" % (
_resp["registration_access_token"],)},
method="PUT",
query="client_id=%s" % _resp["client_id"])
_resp_up = ClientInfoResponse().from_json(resp.message)
assert _resp_up["client_id"] == update["client_id"]
assert _resp_up["client_secret"] == update["client_secret"]
assert _resp_up["redirect_uris"] == update["redirect_uris"]
assert _resp_up["scope"] == update["scope"].split()
assert _resp_up["grant_types"] == update["grant_types"]
assert _resp_up["token_endpoint_auth_method"] == update[
"token_endpoint_auth_method"]
assert _resp_up["jwks_uri"] == update["jwks_uri"]
assert _resp_up["client_name"] == update["client_name"]
assert _resp_up["client_name#fr"] == update["client_name#fr"]
def test_registration_uri_error(self):
args = {
"redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"],
"client_name": "My Example Client",
"client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D",
"token_endpoint_auth_method": "client_secret_basic",
"scope": "read write dolphin",
# invalid logo_uri
"logo_uri": "https://client.example.org/logo.png",
"jwks_uri": "https://client.example.org/my_public_keys.jwks",
}
request = RegistrationRequest(**args)
resp = self.provider.registration_endpoint(request=request.to_json())
_resp = ClientRegistrationError().from_json(resp.message)
assert "error" in _resp
assert _resp["error"] == "invalid_client_metadata"
def test_client_registration_with_software_statement(self):
jwks, keyjar, kidd = build_keyjar(KEYS)
fed_operator = 'https://fedop.example.org'
self.provider.keyjar[fed_operator] = keyjar['']
ss = make_software_statement(keyjar, fed_operator, client_id='foxtrot')
args = {
"redirect_uris": ["https://client.example.org/callback",
"https://client.example.org/callback2"],
"client_name": "XYZ Service B",
"token_endpoint_auth_method": "client_secret_basic",
"scope": "read write dolphin",
'software_statement': ss
}
request = RegistrationRequest(**args)
resp = self.provider.registration_endpoint(request=request.to_json(),
environ={})
cli_resp = ClientInfoResponse().from_json(resp.message)
assert cli_resp
def test_client_user_info_get(self):
args = {
"redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"],
"client_name": "My Example Client",
"client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D",
"token_endpoint_auth_method": "client_secret_basic",
"scope": "read write dolphin",
}
request = RegistrationRequest(**args)
resp = self.provider.registration_endpoint(request=request.to_json())
_resp = ClientInfoResponse().from_json(resp.message)
resp = self.provider.client_info_endpoint(
"GET",
environ={"HTTP_AUTHORIZATION": "Bearer %s" % (_resp["registration_access_token"],)},
query="client_id=%s" % _resp["client_id"],
request=request.to_json(),
)
_resp_cir = ClientInfoResponse().from_json(resp.message)
assert _resp == _resp_cir
