def test_provider_configuration_endpoint(self, context, frontend):
expected_capabilities = {
"response_types_supported": ["code", "id_token", "code id_token token"],
"jwks_uri": "{}/{}/jwks".format(BASE_URL, frontend.name),
"authorization_endpoint": "{}/foo_backend/{}/authorization".format(BASE_URL, frontend.name),
"token_endpoint": "{}/{}/token".format(BASE_URL, frontend.name),
"userinfo_endpoint": "{}/{}/userinfo".format(BASE_URL, frontend.name),
"id_token_signing_alg_values_supported": ["RS256"],
"response_modes_supported": ["fragment", "query"],
"subject_types_supported": ["pairwise"],
"claim_types_supported": ["normal"],
"claims_parameter_supported": True,
"request_parameter_supported": False,
"request_uri_parameter_supported": False,
"scopes_supported": ["openid", "email"],
"claims_supported": ["email"],
"grant_types_supported": ["authorization_code", "implicit"],
"issuer": BASE_URL,
"require_request_uri_registration": True,
"token_endpoint_auth_methods_supported": ["client_secret_basic"],
"version": "3.0",
}
http_response = frontend.provider_config(context)
provider_config = ProviderConfigurationResponse().deserialize(http_response.message, "json")
assert provider_config.to_dict() == expected_capabilities
def test_provider_configuration_endpoint(self, context, frontend):
expected_capabilities = {
"response_types_supported": ["code", "id_token", "code id_token token"],
"jwks_uri": "{}/{}/jwks".format(BASE_URL, frontend.name),
"authorization_endpoint": "{}/foo_backend/{}/authorization".format(BASE_URL, frontend.name),
"token_endpoint": "{}/{}/token".format(BASE_URL, frontend.name),
"userinfo_endpoint": "{}/{}/userinfo".format(BASE_URL, frontend.name),
"id_token_signing_alg_values_supported": ["RS256"],
"response_modes_supported": ["fragment", "query"],
"subject_types_supported": ["pairwise"],
"claim_types_supported": ["normal"],
"claims_parameter_supported": True,
"request_parameter_supported": False,
"request_uri_parameter_supported": False,
"claims_supported": ["email"],
"grant_types_supported": ["authorization_code", "implicit"],
"issuer": BASE_URL,
"require_request_uri_registration": False,
"token_endpoint_auth_methods_supported": ["client_secret_basic"],
"version": "3.0"
}
http_response = frontend.provider_config(context)
provider_config = ProviderConfigurationResponse().deserialize(http_response.message, "json")
provider_config_dict = provider_config.to_dict()
scopes_supported = provider_config_dict.pop("scopes_supported")
assert all(scope in scopes_supported for scope in ["openid", "email"])
assert provider_config_dict == expected_capabilities
def providerinfo_endpoint(self, environ, start_response, **kwargs):
logger.info("@providerinfo_endpoint")
try:
_response = ProviderConfigurationResponse(
issuer=self.baseurl,
token_endpoint_auth_types_supported=[
"client_secret_post",
"client_secret_basic",
"client_secret_jwt"],
scopes_supported=["openid"],
response_types_supported=["code", "token",
"id_token", "code token",
"code id_token",
"token id_token",
"code token id_token"],
user_id_types_supported=["public"],
#request_object_algs_supported=["HS256"]
)
if not self.baseurl.endswith("/"):
self.baseurl += "/"
#keys = self.keystore.keys_by_owner(owner=".")
#for cert in self.cert:
# _response["x509_url"] = "%s%s" % (self.baseurl, cert)
if self.jwk:
_response["jwk_url"] = self.jwk
#logger.info("endpoints: %s" % self.endpoints)
for endp in self.endpoints:
#logger.info("# %s, %s" % (endp, endp.name))
_response[endp.name] = "%s%s" % (self.baseurl, endp.type)
#if self.test_mode:
#print sys.stderr >> "providerinfo_endpoint.handle: %s" %
# kwargs["handle"]
logger.info("provider_info_response: %s" % (_response.to_dict(),))
headers=[("Cache-Control", "no-store"), ("x-ffo", "bar")]
if "handle" in kwargs:
(key, timestamp) = kwargs["handle"]
if key.startswith(STR) and key.endswith(STR):
cookie = self.cookie_func(self.cookie_name, key, self.seed,
self.cookie_ttl)
headers.append(cookie)
resp = Response(_response.to_json(), content="application/json",
headers=headers)
except Exception, err:
message = traceback.format_exception(*sys.exc_info())
logger.error(message)
resp = Response(message, content="html/text")
def test_provider_configuration_endpoint(self):
expected_capabilities = {
"response_types_supported": ["id_token"],
"id_token_signing_alg_values_supported": ["RS256"],
"response_modes_supported": ["fragment", "query"],
"subject_types_supported": ["public", "pairwise"],
"grant_types_supported": ["implicit"],
"claim_types_supported": ["normal"],
"claims_parameter_supported": True,
"request_parameter_supported": False,
"request_uri_parameter_supported": False,
}
http_response = self.instance._provider_config(Context())
provider_config = ProviderConfigurationResponse().deserialize(http_response.message, "json")
assert all(
item in provider_config.to_dict().items() for item in expected_capabilities.items())
assert provider_config["authorization_endpoint"] == "{}/foo_backend/authorization".format(self.ISSUER)
def providerinfo_endpoint(self, handle="", **kwargs):
_log_debug = logger.debug
_log_info = logger.info
_log_info("@providerinfo_endpoint")
try:
_response = ProviderConfigurationResponse(
issuer=self.baseurl,
token_endpoint_auth_methods_supported=[
"client_secret_post", "client_secret_basic",
"client_secret_jwt", "private_key_jwt"],
scopes_supported=["openid"],
response_types_supported=["code", "token", "id_token",
"code token", "code id_token",
"token id_token",
"code token id_token"],
subject_types_supported=["public", "pairwise"],
grant_types_supported=[
"authorization_code", "implicit",
"urn:ietf:params:oauth:grant-type:jwt-bearer"],
claim_types_supported=["normal", "aggregated", "distributed"],
claims_supported=SCOPE2CLAIMS.keys(),
claims_parameter_supported="true",
request_parameter_supported="true",
request_uri_parameter_supported="true",
#request_object_algs_supported=["HS256"]
)
sign_algs = jws.SIGNER_ALGS.keys()
for typ in ["userinfo", "id_token", "request_object",
"token_endpoint_auth"]:
_response["%s_signing_alg_values_supported" % typ] = sign_algs
algs = jwe.SUPPORTED["alg"]
for typ in ["userinfo", "id_token", "request_object"]:
_response["%s_encryption_alg_values_supported" % typ] = algs
encs = jwe.SUPPORTED["enc"]
for typ in ["userinfo", "id_token", "request_object"]:
_response["%s_encryption_enc_values_supported" % typ] = encs
if not self.baseurl.endswith("/"):
self.baseurl += "/"
#keys = self.keyjar.keys_by_owner(owner=".")
if self.jwks_uri:
_response["jwks_uri"] = self.jwks_uri
#_log_info("endpoints: %s" % self.endpoints)
for endp in self.endpoints:
#_log_info("# %s, %s" % (endp, endp.name))
_response[endp.name] = "%s%s" % (self.baseurl, endp.etype)
_log_info("provider_info_response: %s" % (_response.to_dict(),))
headers = [("Cache-Control", "no-store"), ("x-ffo", "bar")]
if handle:
(key, timestamp) = handle
if key.startswith(STR) and key.endswith(STR):
cookie = self.cookie_func(key, self.cookie_name, "pinfo",
self.sso_ttl)
headers.append(cookie)
resp = Response(_response.to_json(), content="application/json",
headers=headers)
except Exception, err:
message = traceback.format_exception(*sys.exc_info())
logger.error(message)
resp = Response(message, content="html/text")
