def test_authorize_no_aud(self, time, client_utcnow, utcnow):
utcnow.return_value = T1_DATE
client_utcnow.return_value = T1_DATE
time.return_value = T1
jwt = _JWTAccessCredentials(self.service_account_email,
self.signer,
private_key_id=self.private_key_id,
client_id=self.client_id)
def mock_request(uri, method='GET', body=None, headers=None,
redirections=0, connection_type=None):
self.assertEqual(uri, self.url)
bearer, token = headers[b'Authorization'].split()
payload = crypt.verify_signed_jwt_with_certs(
token,
{'key': datafile('public_cert.pem')},
audience=self.url)
self.assertEqual(payload['iss'], self.service_account_email)
self.assertEqual(payload['sub'], self.service_account_email)
self.assertEqual(payload['iat'], T1)
self.assertEqual(payload['exp'], T1_EXPIRY)
self.assertEqual(uri, self.url)
self.assertEqual(bearer, b'Bearer')
return (httplib2.Response({'status': '200'}), b'')
h = httplib2.Http()
h.request = mock_request
jwt.authorize(h)
h.request(self.url)
# Ensure we do not cache the token
self.assertIsNone(jwt.access_token)
def test_authorize_no_aud(self, time, client_utcnow, utcnow):
utcnow.return_value = T1_DATE
client_utcnow.return_value = T1_DATE
time.return_value = T1
jwt = _JWTAccessCredentials(self.service_account_email,
self.signer,
private_key_id=self.private_key_id,
client_id=self.client_id)
def mock_request(uri, method='GET', body=None, headers=None,
redirections=0, connection_type=None):
self.assertEqual(uri, self.url)
bearer, token = headers[b'Authorization'].split()
payload = crypt.verify_signed_jwt_with_certs(
token,
{'key': datafile('public_cert.pem')},
audience=self.url)
self.assertEqual(payload['iss'], self.service_account_email)
self.assertEqual(payload['sub'], self.service_account_email)
self.assertEqual(payload['iat'], T1)
self.assertEqual(payload['exp'], T1_EXPIRY)
self.assertEqual(uri, self.url)
self.assertEqual(bearer, b'Bearer')
return (httplib2.Response({'status': '200'}), b'')
h = httplib2.Http()
h.request = mock_request
jwt.authorize(h)
h.request(self.url)
# Ensure we do not cache the token
self.assertIsNone(jwt.access_token)
def setUp(self):
self.client_id = '123'
self.service_account_email = '*****@*****.**'
self.private_key_id = 'ABCDEF'
self.private_key = datafile('pem_from_pkcs12.pem')
self.signer = crypt.Signer.from_string(self.private_key)
self.url = 'https://test.url.com'
self.jwt = service_account._JWTAccessCredentials(
self.service_account_email, self.signer,
private_key_id=self.private_key_id, client_id=self.client_id,
additional_claims={'aud': self.url})
def setUp(self):
self.client_id = '123'
self.service_account_email = '*****@*****.**'
self.private_key_id = 'ABCDEF'
self.private_key = datafile('pem_from_pkcs12.pem')
self.signer = crypt.Signer.from_string(self.private_key)
self.url = 'https://test.url.com'
self.jwt = _JWTAccessCredentials(self.service_account_email,
self.signer,
private_key_id=self.private_key_id,
client_id=self.client_id,
additional_claims={'aud': self.url})
def test_authorize_no_aud(self, time, utcnow):
utcnow.return_value = T1_DATE
time.return_value = T1
jwt = service_account._JWTAccessCredentials(
self.service_account_email,
self.signer,
private_key_id=self.private_key_id,
client_id=self.client_id)
http = http_mock.HttpMockSequence([
({
'status': http_client.OK
}, b''),
])
jwt.authorize(http)
transport.request(http, self.url)
# Ensure we do not cache the token
self.assertIsNone(jwt.access_token)
# Verify mocks.
self.assertEqual(len(http.requests), 1)
info = http.requests[0]
self.assertEqual(info['method'], 'GET')
self.assertEqual(info['uri'], self.url)
self.assertIsNone(info['body'])
self.assertEqual(len(info['headers']), 1)
bearer, token = info['headers'][b'Authorization'].split()
self.assertEqual(bearer, b'Bearer')
certs = {'key': datafile('public_cert.pem')}
payload = crypt.verify_signed_jwt_with_certs(token,
certs,
audience=self.url)
self.assertEqual(len(payload), 5)
self.assertEqual(payload['iss'], self.service_account_email)
self.assertEqual(payload['sub'], self.service_account_email)
self.assertEqual(payload['iat'], T1)
self.assertEqual(payload['exp'], T1_EXPIRY)
self.assertEqual(payload['aud'], self.url)
def test_authorize_no_aud(self, time, utcnow):
utcnow.return_value = T1_DATE
time.return_value = T1
jwt = service_account._JWTAccessCredentials(
self.service_account_email, self.signer,
private_key_id=self.private_key_id, client_id=self.client_id)
http = http_mock.HttpMockSequence([
({'status': http_client.OK}, b''),
])
jwt.authorize(http)
transport.request(http, self.url)
# Ensure we do not cache the token
self.assertIsNone(jwt.access_token)
# Verify mocks.
self.assertEqual(len(http.requests), 1)
info = http.requests[0]
self.assertEqual(info['method'], 'GET')
self.assertEqual(info['uri'], self.url)
self.assertIsNone(info['body'])
self.assertEqual(len(info['headers']), 1)
bearer, token = info['headers'][b'Authorization'].split()
self.assertEqual(bearer, b'Bearer')
certs = {'key': datafile('public_cert.pem')}
payload = crypt.verify_signed_jwt_with_certs(
token, certs, audience=self.url)
self.assertEqual(len(payload), 5)
self.assertEqual(payload['iss'], self.service_account_email)
self.assertEqual(payload['sub'], self.service_account_email)
self.assertEqual(payload['iat'], T1)
self.assertEqual(payload['exp'], T1_EXPIRY)
self.assertEqual(payload['aud'], self.url)
