async def test_oauth1_authorize(): oauth = OAuth() dispatch = PathMapDispatch({ '/request-token': {'body': 'oauth_token=foo&oauth_verifier=baz'}, '/token': {'body': 'oauth_token=a&oauth_token_secret=b'}, }) client = oauth.register( 'dev', client_id='dev', client_secret='dev', request_token_url='https://i.b/request-token', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', client_kwargs={ 'dispatch': dispatch, } ) req_scope = {'type': 'http', 'session': {}} req = Request(req_scope) resp = await client.authorize_redirect(req, 'https://b.com/bar') assert resp.status_code == 302 url = resp.headers.get('Location') assert 'oauth_token=foo' in url req_token = req.session.get('_dev_authlib_request_token_') assert req_token is not None token = await client.authorize_access_token(req) assert token['oauth_token'] == 'a'
async def test_with_fetch_token_in_register(): async def fetch_token(request): return {'access_token': 'dev', 'token_type': 'bearer'} dispatch = PathMapDispatch({ '/user': {'body': {'sub': '123'}} }) oauth = OAuth() client = oauth.register( 'dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', fetch_token=fetch_token, client_kwargs={ 'dispatch': dispatch, } ) req_scope = {'type': 'http', 'session': {}} req = Request(req_scope) resp = await client.get('/user', request=req) assert resp.json()['sub'] == '123'
async def test_oauth2_authorize_with_metadata(): oauth = OAuth() client = oauth.register( 'dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', ) req_scope = {'type': 'http', 'session': {}} req = Request(req_scope) with pytest.raises(RuntimeError): await client.create_authorization_url(req) dispatch = PathMapDispatch({ '/.well-known/openid-configuration': {'body': { 'authorization_endpoint': 'https://i.b/authorize' }} }) client = oauth.register( 'dev2', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', server_metadata_url='https://i.b/.well-known/openid-configuration', client_kwargs={ 'dispatch': dispatch, } ) resp = await client.authorize_redirect(req, 'https://b.com/bar') assert resp.status_code == 302
async def test_oauth2_authorize(): oauth = OAuth() dispatch = PathMapDispatch({'/token': {'body': get_bearer_token()}}) client = oauth.register('dev', client_id='dev', client_secret='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', client_kwargs={ 'dispatch': dispatch, }) req_scope = {'type': 'http', 'session': {}} req = Request(req_scope) resp = await client.authorize_redirect(req, 'https://b.com/bar') assert resp.status_code == 302 url = resp.headers.get('Location') assert 'state=' in url state = req.session.get('_dev_authlib_state_') assert state is not None req_scope.update({ 'path': '/', 'query_string': f'code=a&state={state}', 'session': req.session, }) req = Request(req_scope) token = await client.authorize_access_token(req) assert token['access_token'] == 'a'
async def test_force_fetch_jwks_uri(): secret_keys = read_file_path('jwks_private.json') token = get_bearer_token() id_token = generate_id_token( token, {'sub': '123'}, secret_keys, alg='RS256', iss='https://i.b', aud='dev', exp=3600, nonce='n', ) app = PathMapDispatch( {'/jwks': { 'body': read_file_path('jwks_public.json') }}) oauth = OAuth() client = oauth.register('dev', client_id='dev', client_secret='dev', fetch_token=get_bearer_token, jwks_uri='https://i.b/jwks', issuer='https://i.b', client_kwargs={ 'app': app, }) req_scope = {'type': 'http', 'session': {'_dev_authlib_nonce_': 'n'}} req = Request(req_scope) token['id_token'] = id_token user = await client.parse_id_token(req, token) assert user.sub == '123'
async def test_request_withhold_token(): oauth = OAuth() dispatch = PathMapDispatch({'/user': {'body': {'sub': '123'}}}) client = oauth.register("dev", client_id="dev", client_secret="dev", api_base_url="https://i.b/api", access_token_url="https://i.b/token", authorize_url="https://i.b/authorize", client_kwargs={ 'dispatch': dispatch, }) req_scope = {'type': 'http', 'session': {}} req = Request(req_scope) resp = await client.get('/user', request=req, withhold_token=True) assert resp.json()['sub'] == '123'
async def test_oauth2_authorize_code_challenge(): dispatch = PathMapDispatch({ '/token': {'body': get_bearer_token()} }) oauth = OAuth() client = oauth.register( 'dev', client_id='dev', api_base_url='https://i.b/api', access_token_url='https://i.b/token', authorize_url='https://i.b/authorize', client_kwargs={ 'code_challenge_method': 'S256', 'dispatch': dispatch, }, ) req_scope = {'type': 'http', 'session': {}} req = Request(req_scope) resp = await client.authorize_redirect(req, redirect_uri='https://b.com/bar') assert resp.status_code == 302 url = resp.headers.get('Location') assert 'code_challenge=' in url assert 'code_challenge_method=S256' in url state = req.session['_dev_authlib_state_'] assert state is not None verifier = req.session['_dev_authlib_code_verifier_'] assert verifier is not None req_scope.update( { 'path': '/', 'query_string': 'code=a&state={}'.format(state).encode(), 'session': req.session, } ) req = Request(req_scope) token = await client.authorize_access_token(req) assert token['access_token'] == 'a'
async def run_fetch_userinfo(payload, compliance_fix=None): oauth = OAuth() async def fetch_token(request): return get_bearer_token() app = PathMapDispatch({'/userinfo': {'body': payload}}) client = oauth.register('dev', client_id='dev', client_secret='dev', fetch_token=fetch_token, userinfo_endpoint='https://i.b/userinfo', userinfo_compliance_fix=compliance_fix, client_kwargs={ 'app': app, }) req_scope = {'type': 'http', 'session': {}} req = Request(req_scope) user = await client.userinfo(request=req) assert user.sub == '123'