def test_valid_id_token(app): """ Create a token and then validate it and make sure there are no exceptions """ issuer = app.config.get('BASE_URL') keypair = app.keypairs[0] client_id = "client_12345" user = User(username='******', is_admin=False) expires_in = 2592000 nonce = "a1b2c3d4e5f6g7h8i9j0k!l@#n$%^q&*stuvwxyz" max_age = None signed_token = create_id_token( user=user, keypair=keypair, expires_in=expires_in, client_id=client_id, audiences=[client_id], auth_time=None, max_age=max_age, nonce=nonce ) unsigned_token = UnsignedIDToken.from_signed_and_encoded_token( signed_token, client_id=client_id, issuer=issuer, max_age=max_age, nonce=nonce) unsigned_token.validate( issuer=issuer, client_id=client_id, max_age=max_age, nonce=nonce ) assert True
def test_valid_id_token_without_nonce(app): """ Create a token and then validate it and make sure there are no exceptions when a nonce is not provided. """ issuer = app.config.get('BASE_URL') keypair = app.keypairs[0] client_id = "client_12345" user = User(username='******', is_admin=False) expires_in = 2592000 nonce = None max_age = None signed_token = create_id_token( user=user, keypair=keypair, expires_in=expires_in, client_id=client_id, audiences=[client_id], auth_time=None, max_age=max_age, nonce=nonce ) unsigned_token = UnsignedIDToken.from_signed_and_encoded_token( signed_token, client_id=client_id, issuer=issuer, max_age=max_age, nonce=nonce) unsigned_token.validate( issuer=issuer, client_id=client_id, max_age=max_age, nonce=nonce ) assert not unsigned_token.token.get("nonce")
def test_valid_id_token_without_nonce(app): """ Create a token and then validate it and make sure there are no exceptions when a nonce is not provided. """ issuer = config.get("BASE_URL") keypair = app.keypairs[0] client_id = "client_12345" user = User(username="******", is_admin=False) expires_in = 2592000 nonce = None max_age = None token_result = generate_signed_id_token( keypair.kid, keypair.private_key, user, expires_in, client_id, audiences=[client_id], auth_time=None, max_age=None, nonce=None, ) unsigned_token = UnsignedIDToken.from_signed_and_encoded_token( token_result.token, client_id=client_id, issuer=issuer, max_age=max_age, nonce=nonce, ) unsigned_token.validate() assert not unsigned_token.get("nonce")
def test_valid_id_token(app): """ Create a token and then validate it and make sure there are no exceptions """ issuer = config.get("BASE_URL") keypair = app.keypairs[0] client_id = "client_12345" user = User(username="******", is_admin=False) expires_in = 2592000 nonce = "a1b2c3d4e5f6g7h8i9j0k!l@#n$%^q&*stuvwxyz" max_age = None token_result = generate_signed_id_token( keypair.kid, keypair.private_key, user, expires_in, client_id, audiences=[client_id], auth_time=None, max_age=None, nonce=None, ) unsigned_token = UnsignedIDToken.from_signed_and_encoded_token( token_result.token, client_id=client_id, issuer=issuer, max_age=max_age, nonce=nonce, ) unsigned_token.validate()
def test_recode_id_token(app, kid, rsa_private_key): """ Test that after signing, unsigning, re-signing, and unsigning again, the contents of the ID Token that should be the same, are. """ issuer = config.get("BASE_URL") keypair = app.keypairs[0] client_id = "client_12345" user = User(username="******", is_admin=False) expires_in = 2592000 nonce = "a1b2c3d4e5f6g7h8i9j0k!l@#n$%^q&*stuvwxyz" max_age = None original_signed_token = generate_signed_id_token( keypair.kid, keypair.private_key, user, expires_in, client_id, audiences=[client_id], auth_time=None, max_age=max_age, nonce=nonce, ) original_unsigned_token = UnsignedIDToken.from_signed_and_encoded_token( original_signed_token.token, client_id=client_id, issuer=issuer, max_age=max_age, nonce=nonce, ) new_signed_token = original_unsigned_token.get_signed_and_encoded_token( kid, rsa_private_key) new_unsigned_token = UnsignedIDToken.from_signed_and_encoded_token( new_signed_token, client_id=client_id, issuer=issuer, max_age=max_age, nonce=nonce, ) assert original_unsigned_token.iss == new_unsigned_token.iss assert original_unsigned_token.sub == new_unsigned_token.sub assert original_unsigned_token.aud == new_unsigned_token.aud assert original_unsigned_token.azp == new_unsigned_token.azp assert original_unsigned_token.nonce == new_unsigned_token.nonce
def test_recode_id_token(app, private_key): """ Test that after signing, unsigning, re-signing, and unsigning again, the contents of the ID Token that should be the same, are. """ kid = test_settings.JWT_KEYPAIR_FILES.keys()[0] issuer = app.config.get('BASE_URL') keypair = app.keypairs[0] client_id = "client_12345" user = User(username='******', is_admin=False) expires_in = 2592000 nonce = "a1b2c3d4e5f6g7h8i9j0k!l@#n$%^q&*stuvwxyz" max_age = None original_signed_token = create_id_token( user=user, keypair=keypair, expires_in=expires_in, client_id=client_id, audiences=[client_id], auth_time=None, max_age=max_age, nonce=nonce ) original_unsigned_token = UnsignedIDToken.from_signed_and_encoded_token( original_signed_token, client_id=client_id, issuer=issuer, max_age=max_age, nonce=nonce) new_signed_token = original_unsigned_token.get_signed_and_encoded_token( kid, private_key ) new_unsigned_token = UnsignedIDToken.from_signed_and_encoded_token( new_signed_token, client_id=client_id, issuer=issuer, max_age=max_age, nonce=nonce ) assert original_unsigned_token.iss == new_unsigned_token.iss assert original_unsigned_token.sub == new_unsigned_token.sub assert original_unsigned_token.aud == new_unsigned_token.aud assert original_unsigned_token.azp == new_unsigned_token.azp assert original_unsigned_token.nonce == new_unsigned_token.nonce