def test_construct_with_token(self, services): authz_service = services['authorization'] _state = authz_service.create_state('Issuer') req = AuthorizationRequest(state=_state, response_type='code', redirect_uri='https://example.com', scope=['openid']) authz_service.store_item(req, 'auth_request', _state) # Add a state and bind a code to it resp1 = AuthorizationResponse(code="auth_grant", state=_state) response = services['authorization'].parse_response( resp1.to_urlencoded(), "urlencoded") services['authorization'].update_service_context(response, key=_state) # based on state find the code and then get an access token resp2 = AccessTokenResponse(access_token="token1", token_type="Bearer", expires_in=0, state=_state) response = services['accesstoken'].parse_response( resp2.to_urlencoded(), "urlencoded") services['accesstoken'].update_service_context(response, key=_state) # and finally use the access token, bound to a state, to # construct the authorization header http_args = BearerHeader().construct(ResourceRequest(), services['accesstoken'], key=_state) assert http_args == {"headers": {"Authorization": "Bearer token1"}}
def test_json_serialize(self): at = AccessTokenResponse(access_token="SlAV32hkKG", token_type="Bearer", expires_in=3600) atj = at.serialize(method="json") atj_obj = json.loads(atj) expected_atj_obj = { "token_type": "Bearer", "access_token": "SlAV32hkKG", "expires_in": 3600, } assert atj_obj == expected_atj_obj
def test_multiple_scope(self): atr = AccessTokenResponse( access_token="2YotnFZFEjr1zCsicMWpAA", token_type="example", expires_in=3600, refresh_token="tGzv3JOkF0XG5Qx2TlKWIA", example_parameter="example_value", scope=["inner", "outer"]) assert _eq(atr["scope"], ["inner", "outer"]) uec = atr.to_urlencoded() assert "inner+outer" in uec
def test_construct_refresh_token_request(self): self.client.session_interface.create_state('issuer', 'ABCDE') auth_request = AuthorizationRequest( redirect_uri='https://example.com/cli/authz_cb', state='state') self.client.session_interface.store_item(auth_request, 'auth_request', 'ABCDE') auth_response = AuthorizationResponse(code='access_code') self.client.session_interface.store_item(auth_response, 'auth_response', 'ABCDE') token_response = AccessTokenResponse(refresh_token="refresh_with_me", access_token="access") self.client.session_interface.store_item(token_response, 'token_response', 'ABCDE') req_args = {} msg = self.client.service['refresh_token'].construct( request_args=req_args, state='ABCDE') assert isinstance(msg, RefreshAccessTokenRequest) assert msg.to_dict() == { 'client_id': 'client_1', 'client_secret': 'abcdefghijklmnop', 'grant_type': 'refresh_token', 'refresh_token': 'refresh_with_me' }
def create_request(self): self._iss = ISS client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'], 'issuer': self._iss, 'requests_dir': 'requests', 'base_url': 'https://example.com/cli/' } service_context = ServiceContext(config=client_config) service_context.keyjar = CLI_KEY service_context.behaviour = { 'userinfo_signed_response_alg': 'RS256', "userinfo_encrypted_response_alg": "RSA-OAEP", "userinfo_encrypted_response_enc": "A256GCM" } db = InMemoryStateDataBase() auth_response = AuthorizationResponse(code='access_code').to_json() idtval = { 'nonce': 'KUEYfRM2VzKDaaKD', 'sub': 'diana', 'iss': ISS, 'aud': 'client_id' } idt = create_jws(idtval) ver_idt = IdToken().from_jwt(idt, CLI_KEY) token_response = AccessTokenResponse( access_token='access_token', id_token=idt, __verified_id_token=ver_idt).to_json() db.set('abcde', State(token_response=token_response, auth_response=auth_response).to_json()) self.service = service_factory('UserInfo', ['oidc'], state_db=db, service_context=service_context)
def test_do_userinfo_request_init(self): self.client.session_interface.create_state('issuer', 'ABCDE') auth_request = AuthorizationRequest( redirect_uri='https://example.com/cli/authz_cb', state='state' ) self.client.session_interface.store_item(auth_request, 'auth_request', 'ABCDE') auth_response = AuthorizationResponse(code='access_code') self.client.session_interface.store_item(auth_response, 'auth_response', 'ABCDE') token_response = AccessTokenResponse(refresh_token="refresh_with_me", access_token="access") self.client.session_interface.store_item(token_response, 'token_response', 'ABCDE') _srv = self.client.service['userinfo'] _srv.endpoint = "https://example.com/userinfo" _info = _srv.get_request_parameters(state='ABCDE') assert _info assert _info['headers'] == {'Authorization': 'Bearer access'} assert _info['url'] == 'https://example.com/userinfo'
def test_do_userinfo_request_init(self): # Client 1 starts client_1 = RP(config=CONF) _state = client_1.client_get("service_context").state.create_state( ISSUER) auth_request = AuthorizationRequest( redirect_uri='https://example.com/cli/authz_cb', state='state') # Client 2 carries on client_2 = RP(config=CONF) _state_dump = client_1.client_get("service_context").dump() client_2.client_get("service_context").load(_state_dump) auth_response = AuthorizationResponse(code='access_code') client_2.client_get("service_context").state.store_item( auth_response, 'auth_response', _state) token_response = AccessTokenResponse(refresh_token="refresh_with_me", access_token="access") client_2.client_get("service_context").state.store_item( token_response, 'token_response', _state) # Back to Client 1 _state_dump = client_2.client_get("service_context").dump() client_1.client_get("service_context").load(_state_dump) _srv = client_1.client_get("service", 'userinfo') _srv.endpoint = "https://example.com/userinfo" _info = _srv.get_request_parameters(state=_state) assert _info assert _info['headers'] == {'Authorization': 'Bearer access'} assert _info['url'] == 'https://example.com/userinfo'
def test_id_token_nonce_match(self): self.service.store_nonce2state('nonce', 'state') resp = AccessTokenResponse() resp[verified_claim_name('id_token')] = {'nonce': 'nonce'} self.service.store_nonce2state('nonce2', 'state2') with pytest.raises(ParameterError): self.service.update_service_context(resp, key='state2')
def create_service(self): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'] } service_context = ServiceContext(config=client_config) db = InMemoryStateDataBase() auth_response = AuthorizationResponse(code='access_code') token_response = AccessTokenResponse(access_token='bearer_token', refresh_token='refresh') _state = State(auth_response=auth_response.to_json(), token_response=token_response.to_json()) db.set('abcdef', _state.to_json()) self.service = service_factory('RefreshAccessToken', ['oauth2'], state_db=db, service_context=service_context) self.service.endpoint = 'https://example.com/token'
def test_do_userinfo_request_init(self): auth_request = AuthorizationRequest( redirect_uri='https://example.com/cli/authz_cb', state='state') auth_response = AuthorizationResponse(code='access_code') token_response = AccessTokenResponse(refresh_token="refresh_with_me", access_token="access") _state = State(auth_response=auth_response.to_json(), auth_request=auth_request.to_json(), token_response=token_response.to_json()) self.client.state_db.set('ABCDE', _state.to_json()) _srv = self.client.service['userinfo'] _srv.endpoint = "https://example.com/userinfo" _info = _srv.get_request_parameters(state='ABCDE') assert _info assert _info['headers'] == {'Authorization': 'Bearer access'} assert _info['url'] == 'https://example.com/userinfo'
def test_token_parse_response(self): request_args = {'grant_type': 'client_credentials'} _srv = self.entity.client_get("service",'accesstoken') _request_info = _srv.get_request_parameters(request_args=request_args) response = AccessTokenResponse(**{ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value" }) _response = _srv.parse_response(response.to_json(), sformat="json") # since no state attribute is involved, a key is minted _key = rndstr(16) _srv.update_service_context(_response, key=_key) info = _srv.client_get("service_context").state.get_item(AccessTokenResponse, 'token_response', _key) assert '__expires_at' in info
def test_construct_refresh_token_request(self): auth_request = AuthorizationRequest( redirect_uri='https://example.com/cli/authz_cb', state='state') auth_response = AuthorizationResponse(code='access_code') token_response = AccessTokenResponse(refresh_token="refresh_with_me", access_token="access") _state = State(auth_response=auth_response.to_json(), auth_request=auth_request.to_json(), token_response=token_response.to_json()) self.client.state_db.set('ABCDE', _state.to_json()) req_args = {} msg = self.client.service['refresh_token'].construct( request_args=req_args, state='ABCDE') assert isinstance(msg, RefreshAccessTokenRequest) assert msg.to_dict() == { 'client_id': 'client_1', 'client_secret': 'abcdefghijklmnop', 'grant_type': 'refresh_token', 'refresh_token': 'refresh_with_me' }
def test_construct_with_request(self, services): authz_service = services['authorization'] authz_service.state_db.set('EEEE', State(iss='Issuer').to_json()) resp1 = AuthorizationResponse(code="auth_grant", state="EEEE") response = authz_service.parse_response(resp1.to_urlencoded(), "urlencoded") authz_service.update_service_context(response, key='EEEE') resp2 = AccessTokenResponse(access_token="token1", token_type="Bearer", expires_in=0, state="EEEE") response = services['accesstoken'].parse_response( resp2.to_urlencoded(), "urlencoded") services['accesstoken'].update_service_context(response, key='EEEE') request = ResourceRequest() BearerBody().construct(request, service=authz_service, key="EEEE") assert "access_token" in request assert request["access_token"] == "token1"
def test_to_urlencoded_extended_omit(self): atr = AccessTokenResponse( access_token="2YotnFZFEjr1zCsicMWpAA", token_type="example", expires_in=3600, refresh_token="tGzv3JOkF0XG5Qx2TlKWIA", example_parameter="example_value", scope=["inner", "outer"], extra=["local", "external"], level=3) uec = atr.to_urlencoded() assert query_string_compare(uec, "scope=inner+outer&level=3&expires_in=3600&token_type=example" "&extra=local&" "extra=external&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA&" "access_token=2YotnFZFEjr1zCsicMWpAA&example_parameter" "=example_value") del atr["extra"] ouec = atr.to_urlencoded() assert query_string_compare(ouec, "access_token=2YotnFZFEjr1zCsicMWpAA&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA&" "level=3&example_parameter=example_value&token_type=example" "&expires_in=3600&" "scope=inner+outer") assert len(uec) == (len(ouec) + len("extra=local") + len("extra=external") + 2) atr2 = AccessTokenResponse().deserialize(uec, "urlencoded") assert _eq(atr2.keys(), ['access_token', 'expires_in', 'token_type', 'scope', 'refresh_token', 'level', 'example_parameter', 'extra']) atr3 = AccessTokenResponse().deserialize(ouec, "urlencoded") assert _eq(atr3.keys(), ['access_token', 'expires_in', 'token_type', 'scope', 'refresh_token', 'level', 'example_parameter'])
def test_construct_with_request(self, entity): authz_service = entity.client_get("service", 'authorization') _cntx = authz_service.client_get("service_context") _key = _cntx.state.create_state(iss='Issuer') resp1 = AuthorizationResponse(code="auth_grant", state=_key) response = authz_service.parse_response(resp1.to_urlencoded(), "urlencoded") authz_service.update_service_context(response, key=_key) resp2 = AccessTokenResponse(access_token="token1", token_type="Bearer", expires_in=0, state=_key) _token_service = entity.client_get("service", 'accesstoken') response = _token_service.parse_response(resp2.to_urlencoded(), "urlencoded") _token_service.update_service_context(response, key=_key) request = ResourceRequest() BearerBody().construct(request, service=authz_service, key=_key) assert "access_token" in request assert request["access_token"] == "token1"
def create_service(self): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'] } entity = Entity(config=client_config) self.refresh_service = entity.client_get("service", 'refresh_token') auth_response = AuthorizationResponse(code='access_code') token_response = AccessTokenResponse(access_token='bearer_token', refresh_token='refresh') _state = self.refresh_service.client_get("service_context").state _state.store_item(auth_response, 'auth_response', 'abcdef') _state.store_item(token_response, 'token_response', 'abcdef') self.refresh_service.endpoint = 'https://example.com/token'
def create_service(self): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'] } service_context = ServiceContext(config=client_config) self.service = service_factory('RefreshAccessToken', ['oauth2'], service_context=service_context) auth_response = AuthorizationResponse(code='access_code') token_response = AccessTokenResponse(access_token='bearer_token', refresh_token='refresh') self.service.store_item(auth_response, 'auth_response', 'abcdef') self.service.store_item(token_response, 'token_response', 'abcdef') self.service.endpoint = 'https://example.com/token'
def test_construct_with_state(self, services): _srv = services['authorization'] _srv.state_db['FFFFF'] = State(iss='Issuer').to_json() resp = AuthorizationResponse(code="code", state="FFFFF") _srv.store_item(resp, 'auth_response', 'FFFFF') atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA", token_type="example", refresh_token="tGzv3JOkF0XG5Qx2TlKWIA", example_parameter="example_value", scope=["inner", "outer"]) _srv.store_item(atr, 'token_response', 'FFFFF') request = ResourceRequest() http_args = BearerBody().construct(request, service=_srv, key="FFFFF") assert request["access_token"] == "2YotnFZFEjr1zCsicMWpAA" assert http_args is None
def test_construct_refresh_token_request(self): # Client 1 starts the chain event client_1 = Client(config=CONF) _state = client_1.client_get("service_context").state.create_state( 'issuer') auth_request = AuthorizationRequest( redirect_uri='https://example.com/cli/authz_cb', state=_state) client_1.client_get("service_context").state.store_item( auth_request, 'auth_request', _state) # Client 2 carries on client_2 = Client(config=CONF) _state_dump = client_1.client_get("service_context").dump() client_2.client_get("service_context").load(_state_dump) auth_response = AuthorizationResponse(code='access_code') client_2.client_get("service_context").state.store_item( auth_response, 'auth_response', _state) token_response = AccessTokenResponse(refresh_token="refresh_with_me", access_token="access") client_2.client_get("service_context").state.store_item( token_response, 'token_response', _state) # Next up is Client 1 _state_dump = client_2.client_get("service_context").dump() client_1.client_get("service_context").load(_state_dump) req_args = {} msg = client_1.client_get("service", 'refresh_token').construct( request_args=req_args, state=_state) assert isinstance(msg, RefreshAccessTokenRequest) assert msg.to_dict() == { 'client_id': 'client_1', 'client_secret': 'abcdefghijklmnop', 'grant_type': 'refresh_token', 'refresh_token': 'refresh_with_me' }
def test_construct_with_state(self, entity): _auth_service = entity.client_get("service", 'authorization') _cntx = _auth_service.client_get("service_context") _key = _cntx.state.create_state(iss='Issuer') resp = AuthorizationResponse(code="code", state=_key) _cntx.state.store_item(resp, 'auth_response', _key) atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA", token_type="example", refresh_token="tGzv3JOkF0XG5Qx2TlKWIA", example_parameter="example_value", scope=["inner", "outer"]) _cntx.state.store_item(atr, 'token_response', _key) request = ResourceRequest() http_args = BearerBody().construct(request, service=_auth_service, key=_key) assert request["access_token"] == "2YotnFZFEjr1zCsicMWpAA" assert http_args is None
def test_2nd_refresh_token_parse_response(self): request_args = {'grant_type': 'client_credentials'} _srv = self.entity.client_get("service",'accesstoken') _request_info = _srv.get_request_parameters(request_args=request_args) response = AccessTokenResponse(**{ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value" }) _response = _srv.parse_response(response.to_json(), sformat="json") # since no state attribute is involved, a key is minted _key = rndstr(16) _srv.update_service_context(_response, key=_key) info = _srv.client_get("service_context").state.get_item(AccessTokenResponse, 'token_response', _key) assert '__expires_at' in info # Move from token to refresh token service _srv = self.entity.client_get("service",'refresh_token') _request_info = _srv.get_request_parameters(request_args=request_args, state=_key) refresh_response = AccessTokenResponse(**{ "access_token": 'wy4R01DmMoB5xkI65nNkVv1l', "token_type": "example", "expires_in": 3600, "refresh_token": 'lhNX9LSG8w1QuD6tSgc6CPfJ', }) _response = _srv.parse_response(refresh_response.to_json(), sformat="json") _srv.update_service_context(_response, key=_key) info = _srv.client_get("service_context").state.get_item(AccessTokenResponse, 'token_response', _key) assert '__expires_at' in info _request_info = _srv.get_request_parameters(request_args=request_args, state=_key) assert _request_info['headers'] == { 'Authorization': 'Bearer {}'.format(refresh_response["refresh_token"]), 'Content-Type': 'application/x-www-form-urlencoded' }