def as_setup(jconf): _module = importlib.import_module('oic.utils.authn.user') ab = AuthnBroker() for _id, authn in jconf["authn"].items(): cls = getattr(_module, authn["class"]) if "template_lookup" in authn["kwargs"]: authn["kwargs"]["template_lookup"] = lookup(jconf["template_root"]) ci = cls(None, **authn["kwargs"]) ab.add(_id, ci, authn["level"], authn["authn_authority"]) _base = jconf["configuration"]["issuer"] cauth = dict([(x, CLIENT_AUTHN_METHOD[x]) for x in jconf["client_auth_methods"]]) return { "name": _base, "sdb": {}, "cdb": {}, "authn_broker": ab, "authz": Implicit("PERMISSION"), "client_authn": verify_client, "symkey": "1234567890123456", "client_authn_methods": cauth, "client_info_url": jconf["client_info_url"], "default_acr": jconf["default_acr"], "keyjar": None }
def test_pkce_verify_256(self, session_db_factory): _cli = Client( config={"code_challenge": { "method": "S256", "length": 64 }}) args, cv = _cli.add_code_challenge() authn_broker = AuthnBroker() authn_broker.add("UNDEFINED", DummyAuthn(None, "username")) _prov = Provider( "as", session_db_factory("https://connect-op.heroku.com"), {}, authn_broker, Implicit(), verify_client, ) assert _prov.verify_code_challenge(cv, args["code_challenge"]) is True assert _prov.verify_code_challenge(cv, args["code_challenge"], "S256") is True resp = _prov.verify_code_challenge("XXX", args["code_challenge"]) assert isinstance(resp, Response) assert resp.info()["status_code"] == 401
def test_pkce_verify_512(): _cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}}) args, cv = _cli.add_code_challenge() authn_broker = AuthnBroker() authn_broker.add("UNDEFINED", DummyAuthn(None, "username")) _prov = Provider("as", sdb.SessionDB(SERVER_INFO["issuer"]), CDB, authn_broker, Implicit(), verify_client) assert _prov.verify_code_challenge(cv, args['code_challenge'], 'S512') is True
def test_pkce_verify_512(self, session_db_factory): _cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}}) args, cv = _cli.add_code_challenge() authn_broker = AuthnBroker() authn_broker.add("UNDEFINED", DummyAuthn(None, "username")) _prov = Provider("as", session_db_factory('https://connect-op.heroku.com'), {}, authn_broker, Implicit(), verify_client) assert _prov.verify_code_challenge(cv, args['code_challenge'], 'S512') is True resp = _prov.verify_code_challenge('XXX', args['code_challenge']) assert isinstance(resp, Response) assert resp.info()['status_code'] == 401
def create_provider(self): authn_broker = AuthnBroker() authn_broker.add("UNDEFINED", DummyAuthn(None, "username")) self.provider = Provider("pyoicserv", sdb.SessionDB( TestProvider.SERVER_INFO["issuer"]), TestProvider.CDB, authn_broker, Implicit(), verify_client, client_info_url="https://example.com/as", client_authn_methods={ "client_secret_post": ClientSecretPost, "client_secret_basic": ClientSecretBasic, "bearer_header": BearerHeader})
def test_pkce_verify_256(session_db_factory): _cli = Client(config={'code_challenge': {'method': 'S256', 'length': 64}}) args, cv = _cli.add_code_challenge() authn_broker = AuthnBroker() authn_broker.add("UNDEFINED", DummyAuthn(None, "username")) _prov = Provider("as", session_db_factory(SERVER_INFO["issuer"]), CDB, authn_broker, Implicit(), verify_client) assert _prov.verify_code_challenge(cv, args['code_challenge']) is True assert _prov.verify_code_challenge(cv, args['code_challenge'], 'S256') is True resp = _prov.verify_code_challenge('XXX', args['code_challenge']) assert isinstance(resp, Response) assert resp.info()['status_code'] == 401
def test_pkce_verify_512(session_db_factory): _cli = Client(config={"code_challenge": {"method": "S512", "length": 96}}) args, cv = _cli.add_code_challenge() authn_broker = AuthnBroker() authn_broker.add("UNDEFINED", DummyAuthn(None, "username")) _prov = Provider( "as", session_db_factory(SERVER_INFO["issuer"]), CDB, authn_broker, Implicit(), verify_client, ) assert _prov.verify_code_challenge(cv, args["code_challenge"], "S512") is True resp = _prov.verify_code_challenge("XXX", args["code_challenge"]) assert isinstance(resp, Response) assert resp.info()["status_code"] == 401
import json import socket from mako.lookup import TemplateLookup from oic.utils.authn.authn_context import AuthnBroker from oic.utils.authn.client import verify_client from oic.utils.authn.user import UserAuthnMethod, UsernamePasswordMako from oic.utils.authn.user import BasicAuthn from oic.utils.authz import Implicit from oic.utils.keyio import keyjar_init from oic.utils.sdb import SessionDB from oic.utils.userinfo import UserInfo from uma import authzsrv __author__ = 'roland' AUTHZ = Implicit("PERMISSION") CDB = {} AUTHZSRV = None PASSWD = { "linda": "krall", "hans": "thetake", } USER_DB = { "hans": { "name": "Hans Granberg", "sub": "*****@*****.**" }, "linda": { "name": "Linda Lindgren",
:param prefix: prefix string :param lista: list of claims=value :return: list of possible strings """ assert msg.startswith(prefix) qsl = [ '{}={}'.format(k, v[0]) for k, v in parse_qs(msg[len(prefix):]).items() ] return set(qsl) == set(lista) AUTHN_BROKER = AuthnBroker() AUTHN_BROKER.add("UNDEFINED", DummyAuthn(None, "username")) # dealing with authorization AUTHZ = Implicit() class TestProvider(object): @pytest.fixture(autouse=True) def create_provider(self, session_db_factory): self.provider = Provider("pyoicserv", session_db_factory(ISSUER), CDB, AUTHN_BROKER, AUTHZ, verify_client, baseurl='https://example.com/as') def test_init(self, session_db_factory): provider = Provider("pyoicserv", session_db_factory(ISSUER), CDB,
config.issuer = config.issuer % args.port config.SERVICE_URL = config.SERVICE_URL % args.port for cnf in config.AUTHN_METHOD.values(): try: cnf["config"]["return_to"] = cnf["config"]["return_to"] % args.port except KeyError: pass # Initiate the authentication broker. This is the service that # chooses which authentication method that is to be used. broker = authn_setup(config) # dealing with authorization, this is just everything goes. authz = Implicit() # Initiate the OAuth2 provider instance OAS = Provider(config.issuer, SessionDB(), cdb, broker, authz, client_authn=verify_client, symkey=config.SYM_KEY) # set some parameters try: OAS.cookie_ttl = config.COOKIETTL except AttributeError: pass