def test_answer_with_token(self): inst = self.target() inst.update({ 'client_id': self.client.id, 'redirect_uri': self.client.get_redirect_uri(), 'response_type': 'id_token token', 'scope': 'openid profile', 'nonce': 'noncestring', 'state': 'statestring', }) inst.validate() resp = inst.answer(self.provider, self.owner) resp.validate() token = self.store.get_access_token(resp.access_token) self.assertEqual(resp.token_type, token.get_type()) self.assertEqual(resp.scope, ' '.join(token.get_scope())) self.assertEqual(resp.expires_in, token.get_expires_in()) self.assertEqual(resp.state, 'statestring') jwt = JWT(self.jwkset.copy()) self.assertTrue(jwt.verify(resp.id_token)) id_token = json.loads(jwt.decode(resp.id_token).decode('utf8')) self.assertEqual(id_token['nonce'], 'noncestring') self.assertEqual(id_token['at_hash'], self.provider.left_hash(self.client.get_jws_alg(), resp.access_token))
def test_answer(self): inst = self.target() inst.update({ 'client_id': self.client.id, 'redirect_uri': self.client.get_redirect_uri(), 'response_type': 'id_token', 'scope': 'openid profile', 'nonce': 'noncestring', 'state': 'statestring', }) inst.validate() resp = inst.answer(self.provider, self.owner) resp.validate() self.assertEqual(resp.state, 'statestring') jwt = JWT(self.jwkset.copy()) self.assertTrue(jwt.verify(resp.id_token)) id_token = json.loads(jwt.decode(resp.id_token).decode('utf8')) self.assertEqual(id_token['nonce'], 'noncestring')
def test_answer(self): inst = self.target() inst.update({ 'client_id': self.client.id, 'grant_type': 'authorization_code', 'code': self.code.get_code(), }) inst.validate() with mock.patch.object(self.provider, 'authorize_client', return_value=True): resp = inst.answer(self.provider, self.owner) jwt = JWT(self.jwkset.copy()) self.assertTrue(jwt.verify(resp.id_token)) id_token = json.loads(jwt.decode(resp.id_token).decode('utf8')) self.assertEqual( id_token['at_hash'], self.provider.left_hash(self.client.get_jws_alg(), resp.access_token))
def jwt_verify(keys, jwt): _jwt = JWT(keys) return _jwt.verify(jwt)