async def test_oauth1_authorize():
oauth = OAuth()
dispatch = PathMapDispatch({
'/request-token': {'body': 'oauth_token=foo&oauth_verifier=baz'},
'/token': {'body': 'oauth_token=a&oauth_token_secret=b'},
})
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
request_token_url='https://i.b/request-token',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={
'dispatch': dispatch,
}
)
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
resp = await client.authorize_redirect(req, 'https://b.com/bar')
assert resp.status_code == 302
url = resp.headers.get('Location')
assert 'oauth_token=foo' in url
req_token = req.session.get('_dev_authlib_request_token_')
assert req_token is not None
token = await client.authorize_access_token(req)
assert token['oauth_token'] == 'a'
async def test_with_fetch_token_in_register():
async def fetch_token(request):
return {'access_token': 'dev', 'token_type': 'bearer'}
dispatch = PathMapDispatch({
'/user': {'body': {'sub': '123'}}
})
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
fetch_token=fetch_token,
client_kwargs={
'dispatch': dispatch,
}
)
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
resp = await client.get('/user', request=req)
assert resp.json()['sub'] == '123'
async def test_oauth2_authorize_with_metadata():
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
)
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
with pytest.raises(RuntimeError):
await client.create_authorization_url(req)
dispatch = PathMapDispatch({
'/.well-known/openid-configuration': {'body': {
'authorization_endpoint': 'https://i.b/authorize'
}}
})
client = oauth.register(
'dev2',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
server_metadata_url='https://i.b/.well-known/openid-configuration',
client_kwargs={
'dispatch': dispatch,
}
)
resp = await client.authorize_redirect(req, 'https://b.com/bar')
assert resp.status_code == 302
async def test_oauth2_authorize():
oauth = OAuth()
dispatch = PathMapDispatch({'/token': {'body': get_bearer_token()}})
client = oauth.register('dev',
client_id='dev',
client_secret='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={
'dispatch': dispatch,
})
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
resp = await client.authorize_redirect(req, 'https://b.com/bar')
assert resp.status_code == 302
url = resp.headers.get('Location')
assert 'state=' in url
state = req.session.get('_dev_authlib_state_')
assert state is not None
req_scope.update({
'path': '/',
'query_string': f'code=a&state={state}',
'session': req.session,
})
req = Request(req_scope)
token = await client.authorize_access_token(req)
assert token['access_token'] == 'a'
async def test_force_fetch_jwks_uri():
secret_keys = read_file_path('jwks_private.json')
token = get_bearer_token()
id_token = generate_id_token(
token,
{'sub': '123'},
secret_keys,
alg='RS256',
iss='https://i.b',
aud='dev',
exp=3600,
nonce='n',
)
app = PathMapDispatch(
{'/jwks': {
'body': read_file_path('jwks_public.json')
}})
oauth = OAuth()
client = oauth.register('dev',
client_id='dev',
client_secret='dev',
fetch_token=get_bearer_token,
jwks_uri='https://i.b/jwks',
issuer='https://i.b',
client_kwargs={
'app': app,
})
req_scope = {'type': 'http', 'session': {'_dev_authlib_nonce_': 'n'}}
req = Request(req_scope)
token['id_token'] = id_token
user = await client.parse_id_token(req, token)
assert user.sub == '123'
async def test_request_withhold_token():
oauth = OAuth()
dispatch = PathMapDispatch({'/user': {'body': {'sub': '123'}}})
client = oauth.register("dev",
client_id="dev",
client_secret="dev",
api_base_url="https://i.b/api",
access_token_url="https://i.b/token",
authorize_url="https://i.b/authorize",
client_kwargs={
'dispatch': dispatch,
})
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
resp = await client.get('/user', request=req, withhold_token=True)
assert resp.json()['sub'] == '123'
async def test_oauth2_authorize_code_challenge():
dispatch = PathMapDispatch({
'/token': {'body': get_bearer_token()}
})
oauth = OAuth()
client = oauth.register(
'dev',
client_id='dev',
api_base_url='https://i.b/api',
access_token_url='https://i.b/token',
authorize_url='https://i.b/authorize',
client_kwargs={
'code_challenge_method': 'S256',
'dispatch': dispatch,
},
)
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
resp = await client.authorize_redirect(req, redirect_uri='https://b.com/bar')
assert resp.status_code == 302
url = resp.headers.get('Location')
assert 'code_challenge=' in url
assert 'code_challenge_method=S256' in url
state = req.session['_dev_authlib_state_']
assert state is not None
verifier = req.session['_dev_authlib_code_verifier_']
assert verifier is not None
req_scope.update(
{
'path': '/',
'query_string': 'code=a&state={}'.format(state).encode(),
'session': req.session,
}
)
req = Request(req_scope)
token = await client.authorize_access_token(req)
assert token['access_token'] == 'a'
async def run_fetch_userinfo(payload, compliance_fix=None):
oauth = OAuth()
async def fetch_token(request):
return get_bearer_token()
app = PathMapDispatch({'/userinfo': {'body': payload}})
client = oauth.register('dev',
client_id='dev',
client_secret='dev',
fetch_token=fetch_token,
userinfo_endpoint='https://i.b/userinfo',
userinfo_compliance_fix=compliance_fix,
client_kwargs={
'app': app,
})
req_scope = {'type': 'http', 'session': {}}
req = Request(req_scope)
user = await client.userinfo(request=req)
assert user.sub == '123'
