def test_openid_request_with_request_2(self):
areq = self.client.construct_AuthorizationRequest(
request_args={
"scope": "openid",
"response_type": ["code"],
"claims": {
"id_token": {
"sub": {
"value": "248289761001"
}
}
}
},
request_param="request")
print areq
assert areq
assert areq.request
jwtreq = OpenIDRequest().deserialize(areq["request"],
"jwt",
keyjar=self.client.keyjar)
print
print jwtreq
print jwtreq.keys()
assert _eq(jwtreq.keys(), [
'claims', 'state', 'redirect_uri', 'response_type', 'client_id',
'scope'
])
def id_token_claims(session):
"""
Pick the IdToken claims from the request
:param session: Session information
:return: The IdToken claims
"""
itc = None
try:
authzreq = AuthorizationRequest().deserialize(
session["authzreq"], 'json')
itc = authzreq["claims"]["id_token"]
logger.debug("ID Token claims: %s" % itc)
except KeyError:
pass
try:
oidreq = OpenIDRequest().deserialize(session["oidreq"], "json")
itc_or = oidreq["claims"]["id_token"]
if itc:
itc.update(itc_or)
logger.debug("ID Token claims: %s" % itc)
except KeyError:
pass
return itc
def test_parse_open_id_request(self):
userinfo_claims = Claims(name={"essential": True},
nickname=None,
email={"essential": True},
email_verified={"essential": True},
picture=None)
id_token_claims = Claims(auth_time={
"essential": True,
"acr": {
"values": ["urn:mace:incommon:iap:silver"]
}
})
claims_req = ClaimsRequest(userinfo=userinfo_claims,
id_token=id_token_claims)
oidreq = OpenIDRequest(response_type=["code", "id_token"],
client_id=CLIENT_ID,
redirect_uri="https://client.example.com/cb",
scope="openid profile",
state="n-0S6_WzA2Mj",
nonce="af0ifjsldkj",
max_age=86400,
claims=claims_req)
request = self.srv.parse_open_id_request(data=oidreq.to_json(),
sformat="json")
assert isinstance(request, OpenIDRequest)
assert _eq(request.keys(), [
'nonce', 'claims', 'state', 'redirect_uri', 'response_type',
'client_id', 'scope', 'max_age'
])
assert request["nonce"] == "af0ifjsldkj"
assert "email" in request["claims"]["userinfo"]
def id_token_claims(self, session):
"""
Pick the IdToken claims from the request
:param session: Session information
:return: The IdToken claims
"""
try:
oidreq = OpenIDRequest().deserialize(session["oidreq"], "json")
itc = oidreq["claims"]["id_token"]
logger.debug("ID Token claims: %s" % itc)
return itc
except KeyError:
return None
def test_openid_request_with_id_token_claims_request(self):
areq = self.client.construct_AuthorizationRequest(
request_args={
"scope": "openid",
"response_type": ["code"],
"claims": {"id_token": {"sub": {"value": "248289761001"}}},
},
request_param="request",
)
jwtreq = OpenIDRequest().deserialize(
areq["request"], "jwt", keyjar=self.client.keyjar
)
assert _eq(
jwtreq.keys(),
["claims", "redirect_uri", "response_type", "client_id", "scope"],
)
def make_openid_request(arq,
keys=None,
userinfo_claims=None,
idtoken_claims=None,
algorithm=None,
**kwargs):
"""
Construct the specification of what I want returned.
The request will be signed
:param arq: The Authorization request
:param keys: Keys to use for signing/encrypting
:param userinfo_claims: UserInfo claims
:param idtoken_claims: IdToken claims
:param algorithm: Which signing/encrypting algorithm to use
:return: JWT encoded OpenID request
"""
oir_args = {}
for prop in OpenIDRequest.c_param.keys():
try:
oir_args[prop] = arq[prop]
except KeyError:
pass
for attr in ["scope", "response_type"]:
if attr in oir_args:
oir_args[attr] = " ".join(oir_args[attr])
c_args = {}
if userinfo_claims is not None:
# UserInfoClaims
c_args["userinfo"] = Claims(**userinfo_claims)
if idtoken_claims is not None:
#IdTokenClaims
c_args["id_token"] = Claims(**idtoken_claims)
if c_args:
oir_args["claims"] = ClaimsRequest(**c_args)
oir = OpenIDRequest(**oir_args)
return oir.to_jwt(key=keys, algorithm=algorithm)
email_verified={"essential": True},
picture=None)
IDT2 = Claims(auth_time={
"essential": True,
"acr": {
"values": ["urn:mace:incommon:iap:silver"]
}
})
CLAIMS = ClaimsRequest(userinfo=UINFO, id_token=IDT2)
OIDREQ = OpenIDRequest(response_type=["code", "id_token"],
client_id=CLIENT_ID,
redirect_uri="https://client.example.com/cb",
scope="openid profile",
state="n-0S6_WzA2Mj",
nonce="af0ifjsldkj",
max_age=86400,
claims=CLAIMS)
def test_server_init():
srv = Server()
assert srv
srv = Server()
assert srv
def test_parse_urlencoded():
loc = "http://example.com/userinfo?access_token=access_token"
AREQ = AuthorizationRequest(response_type="code",
client_id="client1",
redirect_uri="http://example.com/authz",
scope=["openid"],
state="state000")
AREQN = AuthorizationRequest(response_type="code",
client_id="client1",
redirect_uri="http://example.com/authz",
scope=["openid"],
state="state000",
nonce="something")
OIDR = OpenIDRequest(response_type="code",
client_id="client1",
redirect_uri="http://example.com/authz",
scope=["openid"],
state="state000")
OAUTH2_AREQ = AuthorizationRequest(response_type="code",
client_id="client1",
redirect_uri="http://example.com/authz",
scope=["openid"],
state="state000")
BASE_URL = "https://exampl.com/"
def test_token():
sdb = SessionDB(BASE_URL)
sid = sdb.token.key(areq=AREQ)
