def test_construct_EndSessionRequest_reqargs_state(self): self.client.grant["foo"] = Grant() self.client.grant["foo"].grant_expiration_time = int(time.time()) + 60 self.client.grant["foo"].code = "access_code" # Need a proper ID Token self.client.keyjar.add_kb(IDTOKEN["iss"], KC_SYM_S) _sig_key = self.client.keyjar.get_signing_key("oct", IDTOKEN["iss"]) _signed_jwt = IDTOKEN.to_jwt(_sig_key, algorithm="HS256") resp = AccessTokenResponse( id_token=_signed_jwt, access_token="access", scope=["openid"], token_type="bearer", ) # Need to do this to get things in place assert resp.verify(keyjar=self.client.keyjar) self.client.grant["foo"].tokens.append(Token(resp)) # state only in request_args args = {"redirect_url": "http://example.com/end", "state": "foo"} esr = self.client.construct_EndSessionRequest(request_args=args) assert _eq(esr.keys(), ["id_token", "state", "redirect_url"])
def refresh_token(self, refresh_token: str): """Requests new tokens using a refresh token. Parameters ---------- refresh_token: str refresh token issued to client after user authorization. Returns ------- Union[AccessTokenResponse, TokenErrorResponse, None] The parsed token response, or None if no token request was performed. """ request_args = { 'grant_type': 'refresh_token', 'refresh_token': refresh_token, 'redirect_uri': self._redirect_uri } client_auth_method = self._client.registration_response.get( 'token_endpoint_auth_method', 'client_secret_basic') return self._client.do_access_token_refresh( request_args=request_args, authn_method=client_auth_method, token=Token(resp={'refresh_token': refresh_token}), endpoint=self._client.token_endpoint)
def test_do_user_info_request(self): resp = AuthorizationResponse(code="code", state="state") grant = Grant(10) # expired grant grant.add_code(resp) resp2 = AccessTokenResponse( refresh_token="refresh_with_me", access_token="access", token_type="Bearer" ) token = Token(resp2) grant.tokens.append(token) self.client.grant["state0"] = grant with responses.RequestsMock() as rsps: rsps.add( responses.POST, "https://example.com/userinfo", content_type="application/json", json={ "name": "Melody Gardot", "email": "*****@*****.**", "verified": False, "nickname": "Melody", "sub": "some sub", }, ) resp3 = self.client.do_user_info_request(state="state0") assert isinstance(resp3, OpenIDSchema) assert _eq(resp3.keys(), ["name", "email", "verified", "nickname", "sub"]) assert resp3["name"] == "Melody Gardot"
def test_clean_tokens_fresh(self): self.client.grant["foo"] = Grant() self.client.grant["foo"].grant_expiration_time = time.time() + 60 self.client.grant["foo"].code = "access_code" resp = AccessTokenResponse(refresh_token="refresh_with_me", access_token="access", id_token="IDTOKEN", scope=["openid"]) self.client.grant["foo"].tokens.append(Token(resp)) self.client.clean_tokens() assert len(self.client.grant["foo"].tokens) == 1
def test_construct_CheckSessionRequest_2(self): self.client.grant["foo"] = Grant() self.client.grant["foo"].grant_expiration_time = time.time() + 60 self.client.grant["foo"].code = "access_code" resp = AccessTokenResponse( id_token="id_id_id_id", access_token="access", scope=["openid"] ) self.client.grant["foo"].tokens.append(Token(resp)) csr = self.client.construct_CheckSessionRequest(state="foo", scope=["openid"]) assert csr["id_token"] == "id_id_id_id"
def test_construct_UserInfoRequest_2_with_token(self): self.client.grant["foo"] = Grant() self.client.grant["foo"].grant_expiration_time = time.time() + 60 self.client.grant["foo"].code = "access_code" resp = AccessTokenResponse(refresh_token="refresh_with_me", access_token="access", id_token="IDTOKEN", scope=["openid"]) self.client.grant["foo"].tokens.append(Token(resp)) uir = self.client.construct_UserInfoRequest(state="foo", scope=["openid"]) assert uir["access_token"] == "access"
def test_construct_EndSessionRequest(self): self.client.grant["foo"] = Grant() self.client.grant["foo"].grant_expiration_time = time.time() + 60 self.client.grant["foo"].code = "access_code" resp = AccessTokenResponse( id_token="id_id_id_id", access_token="access", scope=["openid"] ) self.client.grant["foo"].tokens.append(Token(resp)) args = {"redirect_url": "http://example.com/end"} esr = self.client.construct_EndSessionRequest(state="foo", request_args=args) assert _eq(esr.keys(), ["id_token", "state", "redirect_url"])
def test_do_user_info_request(self): resp = AuthorizationResponse(code="code", state="state") grant = Grant(10) # expired grant grant.add_code(resp) resp2 = AccessTokenResponse( refresh_token="refresh_with_me", access_token="access", token_type="Bearer" ) token = Token(resp2) grant.tokens.append(token) self.client.grant["state0"] = grant resp3 = self.client.do_user_info_request(state="state0") assert isinstance(resp3, OpenIDSchema) assert _eq(resp3.keys(), ["name", "email", "verified", "nickname", "sub"]) assert resp3["name"] == "Melody Gardot"
def test_construct_CheckSessionRequest_2(): cli = Client() cli.userinfo_endpoint = "https://example.org/oauth2/userinfo" cli.grant["foo"] = Grant() cli.grant["foo"].grant_expiration_time = time.time() + 60 cli.grant["foo"].code = "access_code" resp = AccessTokenResponse(id_token="id_id_id_id", access_token="access", scope=["openid"]) cli.grant["foo"].tokens.append(Token(resp)) uir = cli.construct_CheckSessionRequest(state="foo", scope=["openid"]) print uir assert ("%s" % uir) == "{'id_token': 'id_id_id_id'}"
def test_construct_EndSessionRequest(): cli = Client() cli.redirect_uris = ["http://example.com/authz"] cli.grant["foo"] = Grant() cli.grant["foo"].grant_expiration_time = time.time() + 60 cli.grant["foo"].code = "access_code" resp = AccessTokenResponse(id_token="id_id_id_id", access_token="access", scope=["openid"]) cli.grant["foo"].tokens.append(Token(resp)) args = {"redirect_url": "http://example.com/end"} esr = cli.construct_EndSessionRequest(state="foo", request_args=args) print esr.keys() assert _eq(esr.keys(), ['id_token', 'state', "redirect_url"])
def test_construct_UserInfoRequest_2(): cli = Client() cli.userinfo_endpoint = "https://example.org/oauth2/userinfo" cli.grant["foo"] = Grant() cli.grant["foo"].grant_expiration_time = time.time() + 60 cli.grant["foo"].code = "access_code" resp = AccessTokenResponse(refresh_token="refresh_with_me", access_token="access", id_token="IDTOKEN", scope=["openid"]) cli.grant["foo"].tokens.append(Token(resp)) uir = cli.construct_UserInfoRequest(state="foo", scope=["openid"]) print uir assert uir.keys() == ["access_token"]
def test_get_access_token_refresh_2(self): self.client.grant["foo"] = Grant() self.client.grant["foo"].grant_expiration_time = \ utc_time_sans_frac() + 60 self.client.grant["foo"].code = "access_code" print self.client.grant["foo"] resp = AccessTokenResponse() resp["refresh_token"] = "refresh_with_me" resp["access_token"] = "access" self.client.grant["foo"].tokens.append(Token(resp)) # Uses refresh_token from previous response atr = self.client.construct_RefreshAccessTokenRequest(state="foo") assert atr.type() == "RefreshAccessTokenRequest" assert atr["grant_type"] == "refresh_token" assert atr["refresh_token"] == "refresh_with_me"
def test_do_userinfo_request_with_state(): client = Client(CLIENT_ID, client_authn_method=CLIENT_AUTHN_METHOD) client.grant["foxhound"] = Grant() resp = AccessTokenResponse(access_token="access", token_type="Bearer") _token = Token(resp) client.grant["foxhound"].tokens = [_token] method = "GET" state = "foxhound" scope = "openid" request = "openid" kwargs = {"request": request, "userinfo_endpoint": "http://example.com/userinfo"} path, body, method, h_args = client.user_info_request( method, state, scope, **kwargs ) assert path == "http://example.com/userinfo" assert h_args == {"headers": {"Authorization": "Bearer access"}} assert method == "GET" assert body is None
def test_do_user_info_request_http_errors(self): resp = AuthorizationResponse(code="code", state="state") grant = Grant(10) # expired grant grant.add_code(resp) resp2 = AccessTokenResponse( refresh_token="refresh_with_me", access_token="access", token_type="Bearer" ) token = Token(resp2) grant.tokens.append(token) self.client.grant["state0"] = grant with responses.RequestsMock() as rsps: rsps.add( responses.POST, "https://example.com/userinfo", status=405, headers={"Allow": "GET"}, ) with pytest.raises(CommunicationError) as excp: self.client.do_user_info_request(state="state0") assert excp.value.args[0] == "Server responded with HTTP Error Code 405" assert excp.value.args[1] == ["GET"]
def test_construct_CheckSessionRequest_2(self): self.client.grant["foo"] = Grant() self.client.grant["foo"].grant_expiration_time = int(time.time() + 60) self.client.grant["foo"].code = "access_code" # Need a proper ID Token self.client.keyjar.add_kb(IDTOKEN["iss"], KC_SYM_S) _sig_key = self.client.keyjar.get_signing_key("oct", IDTOKEN["iss"]) _signed_jwt = IDTOKEN.to_jwt(_sig_key, algorithm="HS256") resp = AccessTokenResponse( id_token=_signed_jwt, access_token="access", scope=["openid"], token_type="bearer", ) assert resp.verify(keyjar=self.client.keyjar) self.client.grant["foo"].tokens.append(Token(resp)) csr = self.client.construct_CheckSessionRequest(state="foo", scope=["openid"]) assert csr["id_token"] == _signed_jwt
def test_do_userinfo_request_with_state(): """ Mirrors the first lines in do_userinfo_request""" client = Client(CLIENT_ID, client_authn_method=CLIENT_AUTHN_METHOD) client.grant['foxhound'] = Grant() resp = AccessTokenResponse(access_token="access", token_type="Bearer") _token = Token(resp) client.grant["foxhound"].tokens = [_token] method = "GET" state = "foxhound" scope = "openid" request = "openid" kwargs = { "request": request, "userinfo_endpoint": 'http://example.com/userinfo' } path, body, method, h_args = client.user_info_request( method, state, scope, **kwargs) assert path == 'http://example.com/userinfo' assert h_args == {'headers': {'Authorization': 'Bearer access'}} assert method == 'GET' assert body is None