def test_google_iss(app, valid_payload): """iss must be accounts.google.com or https://accounts.google.com""" valid_payload['iss'] = 'accounts.google.com' t = _encode_valid_token(app, valid_payload) idinfo = verify_google_id_token(t) logging.info('Verfied payload: %s', idinfo) valid_payload['iss'] = 'https://accounts.google.com' t = _encode_valid_token(app, valid_payload) idinfo = verify_google_id_token(t) logging.info('Verfied payload: %s', idinfo)
def test_google_verifies_signature(valid_payload): t = _encode_invalid_token(valid_payload) with pytest.raises(AppIdentityError): verify_google_id_token(t)
def test_google_basic_verify(app, valid_payload): t = _encode_valid_token(app, valid_payload) idinfo = verify_google_id_token(t) logging.info('Verfied payload: %s', idinfo)
def test_google_needs_valid_exp(app, valid_payload): valid_payload['exp'] = datetime.datetime.utcnow() - datetime.timedelta(days=200) t = _encode_valid_token(app, valid_payload) with pytest.raises(AppIdentityError): verify_google_id_token(t)
def test_google_needs_exp(app, valid_payload): del valid_payload['exp'] t = _encode_valid_token(app, valid_payload) with pytest.raises(AppIdentityError): verify_google_id_token(t)
def test_google_needs_matching_aud(app, valid_payload): valid_payload['aud'] += '.but.a.wrong.one' t = _encode_valid_token(app, valid_payload) with pytest.raises(AppIdentityError): verify_google_id_token(t)
def test_google_needs_valid_iss(app, valid_payload): valid_payload['iss'] = 'some.attacker.example.com' t = _encode_valid_token(app, valid_payload) with pytest.raises(AppIdentityError): verify_google_id_token(t)