def test_openid_request_with_request_2(self): areq = self.client.construct_AuthorizationRequest( request_args={ "scope": "openid", "response_type": ["code"], "claims": { "id_token": { "sub": { "value": "248289761001" } } } }, request_param="request") print areq assert areq assert areq.request jwtreq = OpenIDRequest().deserialize(areq["request"], "jwt", keyjar=self.client.keyjar) print print jwtreq print jwtreq.keys() assert _eq(jwtreq.keys(), [ 'claims', 'state', 'redirect_uri', 'response_type', 'client_id', 'scope' ])
def id_token_claims(session): """ Pick the IdToken claims from the request :param session: Session information :return: The IdToken claims """ itc = None try: authzreq = AuthorizationRequest().deserialize( session["authzreq"], 'json') itc = authzreq["claims"]["id_token"] logger.debug("ID Token claims: %s" % itc) except KeyError: pass try: oidreq = OpenIDRequest().deserialize(session["oidreq"], "json") itc_or = oidreq["claims"]["id_token"] if itc: itc.update(itc_or) logger.debug("ID Token claims: %s" % itc) except KeyError: pass return itc
def test_parse_open_id_request(self): userinfo_claims = Claims(name={"essential": True}, nickname=None, email={"essential": True}, email_verified={"essential": True}, picture=None) id_token_claims = Claims(auth_time={ "essential": True, "acr": { "values": ["urn:mace:incommon:iap:silver"] } }) claims_req = ClaimsRequest(userinfo=userinfo_claims, id_token=id_token_claims) oidreq = OpenIDRequest(response_type=["code", "id_token"], client_id=CLIENT_ID, redirect_uri="https://client.example.com/cb", scope="openid profile", state="n-0S6_WzA2Mj", nonce="af0ifjsldkj", max_age=86400, claims=claims_req) request = self.srv.parse_open_id_request(data=oidreq.to_json(), sformat="json") assert isinstance(request, OpenIDRequest) assert _eq(request.keys(), [ 'nonce', 'claims', 'state', 'redirect_uri', 'response_type', 'client_id', 'scope', 'max_age' ]) assert request["nonce"] == "af0ifjsldkj" assert "email" in request["claims"]["userinfo"]
def id_token_claims(self, session): """ Pick the IdToken claims from the request :param session: Session information :return: The IdToken claims """ try: oidreq = OpenIDRequest().deserialize(session["oidreq"], "json") itc = oidreq["claims"]["id_token"] logger.debug("ID Token claims: %s" % itc) return itc except KeyError: return None
def test_openid_request_with_id_token_claims_request(self): areq = self.client.construct_AuthorizationRequest( request_args={ "scope": "openid", "response_type": ["code"], "claims": {"id_token": {"sub": {"value": "248289761001"}}}, }, request_param="request", ) jwtreq = OpenIDRequest().deserialize( areq["request"], "jwt", keyjar=self.client.keyjar ) assert _eq( jwtreq.keys(), ["claims", "redirect_uri", "response_type", "client_id", "scope"], )
def make_openid_request(arq, keys=None, userinfo_claims=None, idtoken_claims=None, algorithm=None, **kwargs): """ Construct the specification of what I want returned. The request will be signed :param arq: The Authorization request :param keys: Keys to use for signing/encrypting :param userinfo_claims: UserInfo claims :param idtoken_claims: IdToken claims :param algorithm: Which signing/encrypting algorithm to use :return: JWT encoded OpenID request """ oir_args = {} for prop in OpenIDRequest.c_param.keys(): try: oir_args[prop] = arq[prop] except KeyError: pass for attr in ["scope", "response_type"]: if attr in oir_args: oir_args[attr] = " ".join(oir_args[attr]) c_args = {} if userinfo_claims is not None: # UserInfoClaims c_args["userinfo"] = Claims(**userinfo_claims) if idtoken_claims is not None: #IdTokenClaims c_args["id_token"] = Claims(**idtoken_claims) if c_args: oir_args["claims"] = ClaimsRequest(**c_args) oir = OpenIDRequest(**oir_args) return oir.to_jwt(key=keys, algorithm=algorithm)
email_verified={"essential": True}, picture=None) IDT2 = Claims(auth_time={ "essential": True, "acr": { "values": ["urn:mace:incommon:iap:silver"] } }) CLAIMS = ClaimsRequest(userinfo=UINFO, id_token=IDT2) OIDREQ = OpenIDRequest(response_type=["code", "id_token"], client_id=CLIENT_ID, redirect_uri="https://client.example.com/cb", scope="openid profile", state="n-0S6_WzA2Mj", nonce="af0ifjsldkj", max_age=86400, claims=CLAIMS) def test_server_init(): srv = Server() assert srv srv = Server() assert srv def test_parse_urlencoded(): loc = "http://example.com/userinfo?access_token=access_token"
AREQ = AuthorizationRequest(response_type="code", client_id="client1", redirect_uri="http://example.com/authz", scope=["openid"], state="state000") AREQN = AuthorizationRequest(response_type="code", client_id="client1", redirect_uri="http://example.com/authz", scope=["openid"], state="state000", nonce="something") OIDR = OpenIDRequest(response_type="code", client_id="client1", redirect_uri="http://example.com/authz", scope=["openid"], state="state000") OAUTH2_AREQ = AuthorizationRequest(response_type="code", client_id="client1", redirect_uri="http://example.com/authz", scope=["openid"], state="state000") BASE_URL = "https://exampl.com/" def test_token(): sdb = SessionDB(BASE_URL) sid = sdb.token.key(areq=AREQ)