def test_request_body_no_initial_private_key(self, t): t.return_value = time() self.token['expires_at'] = self.token['expires_in'] + t.return_value client = ServiceApplicationClient( self.client_id, private_key=None) # Basic with private key provided body = client.prepare_request_body(issuer=self.issuer, subject=self.subject, audience=self.audience, body=self.body, private_key=self.private_key) r = Request('https://a.b', body=body) self.assertEqual(r.isnot, 'empty') self.assertEqual(r.grant_type, ServiceApplicationClient.grant_type) claim = jwt.decode(r.assertion, self.public_key, audience=self.audience, algorithms=['RS256']) self.assertEqual(claim['iss'], self.issuer) # audience verification is handled during decode now self.assertEqual(claim['sub'], self.subject) self.assertEqual(claim['iat'], int(t.return_value)) # No private key provided self.assertRaises(ValueError, client.prepare_request_body, issuer=self.issuer, subject=self.subject, audience=self.audience, body=self.body)
def test_request_body(self, t): t.return_value = time() self.token['expires_at'] = self.token['expires_in'] + t.return_value client = ServiceApplicationClient( self.client_id, private_key=self.private_key) # Basic with min required params body = client.prepare_request_body(issuer=self.issuer, subject=self.subject, audience=self.audience, body=self.body) r = Request('https://a.b', body=body) self.assertEqual(r.isnot, 'empty') self.assertEqual(r.grant_type, ServiceApplicationClient.grant_type) claim = jwt.decode(r.assertion, self.public_key, audience=self.audience, algorithms=['RS256']) self.assertEqual(claim['iss'], self.issuer) # audience verification is handled during decode now self.assertEqual(claim['sub'], self.subject) self.assertEqual(claim['iat'], int(t.return_value)) self.assertNotIn('nbf', claim) self.assertNotIn('jti', claim) # Missing issuer parameter self.assertRaises(ValueError, client.prepare_request_body, issuer=None, subject=self.subject, audience=self.audience, body=self.body) # Missing subject parameter self.assertRaises(ValueError, client.prepare_request_body, issuer=self.issuer, subject=None, audience=self.audience, body=self.body) # Missing audience parameter self.assertRaises(ValueError, client.prepare_request_body, issuer=self.issuer, subject=self.subject, audience=None, body=self.body) # Optional kwargs not_before = time() - 3600 jwt_id = '8zd15df4s35f43sd' body = client.prepare_request_body(issuer=self.issuer, subject=self.subject, audience=self.audience, body=self.body, not_before=not_before, jwt_id=jwt_id) r = Request('https://a.b', body=body) self.assertEqual(r.isnot, 'empty') self.assertEqual(r.grant_type, ServiceApplicationClient.grant_type) claim = jwt.decode(r.assertion, self.public_key, audience=self.audience, algorithms=['RS256']) self.assertEqual(claim['iss'], self.issuer) # audience verification is handled during decode now self.assertEqual(claim['sub'], self.subject) self.assertEqual(claim['iat'], int(t.return_value)) self.assertEqual(claim['nbf'], not_before) self.assertEqual(claim['jti'], jwt_id)
def test_parse_token_response(self, t): t.return_value = time() self.token['expires_at'] = self.token['expires_in'] + t.return_value client = ServiceApplicationClient(self.client_id) # Parse code and state response = client.parse_request_body_response(self.token_json, scope=self.scope) self.assertEqual(response, self.token) self.assertEqual(client.access_token, response.get("access_token")) self.assertEqual(client.refresh_token, response.get("refresh_token")) self.assertEqual(client.token_type, response.get("token_type")) # Mismatching state self.assertRaises(Warning, client.parse_request_body_response, self.token_json, scope="invalid")
def test_parse_token_response(self, t): t.return_value = time() self.token['expires_at'] = self.token['expires_in'] + t.return_value client = ServiceApplicationClient(self.client_id) # Parse code and state response = client.parse_request_body_response(self.token_json, scope=self.scope) self.assertEqual(response, self.token) self.assertEqual(client.access_token, response.get("access_token")) self.assertEqual(client.refresh_token, response.get("refresh_token")) self.assertEqual(client.token_type, response.get("token_type")) # Mismatching state self.assertRaises(Warning, client.parse_request_body_response, self.token_json, scope="invalid") os.environ['OAUTHLIB_RELAX_TOKEN_SCOPE'] = '2' token = client.parse_request_body_response(self.token_json, scope="invalid") self.assertTrue(token.scope_changed) del os.environ['OAUTHLIB_RELAX_TOKEN_SCOPE']
def test_request_body(self, t): t.return_value = time() self.token['expires_at'] = self.token['expires_in'] + t.return_value client = ServiceApplicationClient(self.client_id, private_key=self.private_key) # Basic with min required params body = client.prepare_request_body(issuer=self.issuer, subject=self.subject, audience=self.audience, body=self.body) r = Request('https://a.b', body=body) self.assertEqual(r.isnot, 'empty') self.assertEqual(r.grant_type, ServiceApplicationClient.grant_type) key = RSA.importKey(self.private_key).publickey() claim = jwt.decode(r.assertion, key) self.assertEqual(claim['iss'], self.issuer) self.assertEqual(claim['aud'], self.audience) self.assertEqual(claim['sub'], self.subject) self.assertEqual(claim['iat'], int(t.return_value))
def test_request_body(self, t): t.return_value = time() self.token['expires_at'] = self.token['expires_in'] + t.return_value client = ServiceApplicationClient( self.client_id, private_key=self.private_key) # Basic with min required params body = client.prepare_request_body(issuer=self.issuer, subject=self.subject, audience=self.audience, body=self.body) r = Request('https://a.b', body=body) self.assertEqual(r.isnot, 'empty') self.assertEqual(r.grant_type, ServiceApplicationClient.grant_type) key = RSA.importKey(self.private_key).publickey() claim = jwt.decode(r.assertion, key) self.assertEqual(claim['iss'], self.issuer) self.assertEqual(claim['aud'], self.audience) self.assertEqual(claim['sub'], self.subject) self.assertEqual(claim['iat'], int(t.return_value))
def test_jwt_bearer_token_flow(get_oauth_info): client = ServiceApplicationClient( get_oauth_info.oauth_client_id, open(get_oauth_info.key_file).read(), get_oauth_info.username, get_oauth_info.oauth_client_id, audience='https://{0}.salesforce.com'.format( 'test' if get_oauth_info.sandbox else 'login')) session = SalesforceOAuth2Session(get_oauth_info.oauth_client_id, None, get_oauth_info.username, sandbox=get_oauth_info.sandbox, oauth2client=client) response = session.get('/services/data/vXX.X/sobjects/Contact').json() assert u'objectDescribe' in response