def test_openid_oauth2_preconfigured(self): default_claims = { "issuer": 'https://foo.bar', "authorization_endpoint": "https://foo.bar/authorize", "revocation_endpoint": "https://foo.bar/revoke", "introspection_endpoint": "https://foo.bar/introspect", "token_endpoint": "https://foo.bar/token" } from oauthlib.oauth2 import Server as OAuth2Server from oauthlib.openid import Server as OpenIDServer endpoint = OAuth2Server(None) metadata = MetadataEndpoint([endpoint], default_claims) oauth2_claims = metadata.claims endpoint = OpenIDServer(None) metadata = MetadataEndpoint([endpoint], default_claims) openid_claims = metadata.claims # Pure OAuth2 Authorization Metadata are similar with OpenID but # response_type not! (OIDC contains "id_token" and hybrid flows) del oauth2_claims['response_types_supported'] del openid_claims['response_types_supported'] self.maxDiff = None self.assertEqual(openid_claims, oauth2_claims)
def test_create_metadata_response(self): endpoint = TokenEndpoint(None, None, grant_types={"password": None}) metadata = MetadataEndpoint([endpoint], { "issuer": 'https://foo.bar', "token_endpoint": "https://foo.bar/token" }) headers, body, status = metadata.create_metadata_response('/', 'GET') assert headers == { 'Content-Type': 'application/json', 'Access-Control-Allow-Origin': '*', } claims = json.loads(body) assert claims['issuer'] == 'https://foo.bar'
def test_token_endpoint(self): endpoint = TokenEndpoint(None, None, grant_types={"password": None}) metadata = MetadataEndpoint([endpoint], { "issuer": 'https://foo.bar', "token_endpoint": "https://foo.bar/token" }) self.assertIn("grant_types_supported", metadata.claims) self.assertEqual(metadata.claims["grant_types_supported"], ["password"])
def test_server_metadata(self): endpoint = Server(None) metadata = MetadataEndpoint( [endpoint], { "issuer": 'https://foo.bar', "authorization_endpoint": "https://foo.bar/authorize", "introspection_endpoint": "https://foo.bar/introspect", "revocation_endpoint": "https://foo.bar/revoke", "token_endpoint": "https://foo.bar/token", "jwks_uri": "https://foo.bar/certs", "scopes_supported": ["email", "profile"] }) expected_claims = { "issuer": "https://foo.bar", "authorization_endpoint": "https://foo.bar/authorize", "introspection_endpoint": "https://foo.bar/introspect", "revocation_endpoint": "https://foo.bar/revoke", "token_endpoint": "https://foo.bar/token", "jwks_uri": "https://foo.bar/certs", "scopes_supported": ["email", "profile"], "grant_types_supported": [ "authorization_code", "password", "client_credentials", "refresh_token", "implicit" ], "token_endpoint_auth_methods_supported": ["client_secret_post", "client_secret_basic"], "response_types_supported": ["code", "token"], "response_modes_supported": ["query", "fragment"], "code_challenge_methods_supported": ["plain", "S256"], "revocation_endpoint_auth_methods_supported": ["client_secret_post", "client_secret_basic"], "introspection_endpoint_auth_methods_supported": ["client_secret_post", "client_secret_basic"] } def sort_list(claims): for k in claims.keys(): claims[k] = sorted(claims[k]) sort_list(metadata.claims) sort_list(expected_claims) self.assertEqual(sorted(metadata.claims.items()), sorted(expected_claims.items()))
def setUp(self): super().setUp() self.oauth = BottleOAuth2(self.app) self.validator = mock.MagicMock() self.server = LegacyApplicationServer(self.validator) self.metadata_endpoint = MetadataEndpoint([self.server], claims={ "issuer": "https://xx", "token_endpoint": "https://xx/token", "revocation_endpoint": "https://xx/revoke", "introspection_endpoint": "https://xx/tokeninfo" }) self.oauth.initialize(self.metadata_endpoint) self.fake_response = ({}, "", "200 fooOK")
def test_mandatory_fields(self): metadata = MetadataEndpoint([], self.metadata) self.assertIn("issuer", metadata.claims) self.assertEqual(metadata.claims["issuer"], 'https://foo.bar')