def test_cache_scopes():
scope_a = "scope_a"
scope_b = "scope_b"
scope_ab = scope_a + " " + scope_b
expected_tokens = {
scope_a: {"access_token": scope_a, "expires_in": 1 << 31, "ext_expires_in": 1 << 31, "token_type": "Bearer"},
scope_b: {"access_token": scope_b, "expires_in": 1 << 31, "ext_expires_in": 1 << 31, "token_type": "Bearer"},
scope_ab: {"access_token": scope_ab, "expires_in": 1 << 31, "ext_expires_in": 1 << 31, "token_type": "Bearer"},
}
def mock_send(request, **kwargs):
token = expected_tokens[request.data["resource"]]
return mock_response(json_payload=token)
client = AuthnClient(endpoint="http://foo", transport=Mock(send=mock_send))
# if the cache has a token for a & b, it should hit for a, b, a & b
token = client.request_token([scope_a, scope_b], form_data={"resource": scope_ab})
assert token.token == scope_ab
for scope in (scope_a, scope_b):
assert client.get_cached_token([scope]).token == scope_ab
assert client.get_cached_token([scope_a, scope_b]).token == scope_ab
# if the cache has only tokens for a and b alone, a & b should miss
client = AuthnClient(endpoint="http://foo", transport=Mock(send=mock_send))
for scope in (scope_a, scope_b):
token = client.request_token([scope], form_data={"resource": scope})
assert token.token == scope
assert client.get_cached_token([scope]).token == scope
assert not client.get_cached_token([scope_a, scope_b])
def test_cache_expiry():
access_token = "token"
now = 42
expires_in = 1800
expires_on = now + expires_in
expected_token = AccessToken(access_token, expires_on)
token_payload = {"access_token": access_token, "expires_in": expires_in, "token_type": "Bearer"}
mock_send = Mock(return_value=mock_response(json_payload=token_payload))
client = AuthnClient(endpoint="http://foo", transport=Mock(send=mock_send))
with patch("azure.identity._authn_client.time.time") as mock_time:
# populate the cache with a valid token
mock_time.return_value = now
token = client.request_token("scope")
assert token.token == expected_token.token
assert token.expires_on == expected_token.expires_on
cached_token = client.get_cached_token("scope")
assert cached_token == expected_token
# advance time past the cached token's expires_on
mock_time.return_value = expires_on + 3600
cached_token = client.get_cached_token("scope")
assert not cached_token
# request a new token
new_token = "new token"
token_payload["access_token"] = new_token
token = client.request_token("scope")
assert token.token == new_token
# it should be cached
cached_token = client.get_cached_token("scope")
assert cached_token.token == new_token
def test_caching_when_only_expires_in_set():
"""the cache should function when auth responses don't include an explicit expires_on"""
access_token = "token"
now = 42
expires_in = 1800
expires_on = now + expires_in
expected_token = AccessToken(access_token, expires_on)
mock_send = Mock(return_value=mock_response(
json_payload={
"access_token": access_token,
"expires_in": expires_in,
"token_type": "Bearer"
}))
client = AuthnClient(endpoint="http://foo", transport=Mock(send=mock_send))
with patch("azure.identity._authn_client.time.time") as mock_time:
mock_time.return_value = 42
token = client.request_token(["scope"])
assert token.token == expected_token.token
assert token.expires_on == expected_token.expires_on
cached_token = client.get_cached_token(["scope"])
assert cached_token == expected_token
def test_caching_when_only_expires_in_set():
"""the cache should function when auth responses don't include an explicit expires_on"""
access_token = "token"
now = 42
expires_in = 1800
expires_on = now + expires_in
expected_token = AccessToken(access_token, expires_on)
mock_response = Mock(
text=lambda: json.dumps({"access_token": access_token, "expires_in": expires_in, "token_type": "Bearer"}),
headers={"content-type": "application/json"},
status_code=200,
content_type="application/json",
)
mock_send = Mock(return_value=mock_response)
client = AuthnClient(endpoint="http://foo", transport=Mock(send=mock_send))
with patch("azure.identity._authn_client.time.time") as mock_time:
mock_time.return_value = 42
token = client.request_token(["scope"])
assert token.token == expected_token.token
assert token.expires_on == expected_token.expires_on
cached_token = client.get_cached_token(["scope"])
assert cached_token == expected_token
def test_cache_expiry():
access_token = "token"
now = 42
expires_in = 1800
expires_on = now + expires_in
expected_token = AccessToken(access_token, expires_on)
token_payload = {
"access_token": access_token,
"expires_in": expires_in,
"token_type": "Bearer"
}
mock_response = Mock(
text=lambda: json.dumps(token_payload),
headers={"content-type": "application/json"},
status_code=200,
content_type=["application/json"],
)
mock_send = Mock(return_value=mock_response)
client = AuthnClient("http://foo", transport=Mock(send=mock_send))
with patch("azure.identity._authn_client.time.time") as mock_time:
# populate the cache with a valid token
mock_time.return_value = now
token = client.request_token("scope")
assert token.token == expected_token.token
assert token.expires_on == expected_token.expires_on
cached_token = client.get_cached_token("scope")
assert cached_token == expected_token
# advance time past the cached token's expires_on
mock_time.return_value = expires_on + 3600
cached_token = client.get_cached_token("scope")
assert not cached_token
# request a new token
new_token = "new token"
token_payload["access_token"] = new_token
token = client.request_token("scope")
assert token.token == new_token
# it should be cached
cached_token = client.get_cached_token("scope")
assert cached_token.token == new_token
