def test_token_endpoint_malformed(self):
authreq = AuthorizationRequest(state="state",
redirect_uri="http://example.com/authz",
client_id=CLIENT_ID,
response_type="code",
scope=["openid"])
_sdb = self.provider.sdb
sid = _sdb.access_token.key(user="******", areq=authreq)
access_grant = _sdb.access_token(sid=sid)
ae = AuthnEvent("user", "salt")
_sdb[sid] = {
"oauth_state": "authz",
"authn_event": ae,
"authzreq": authreq.to_json(),
"client_id": CLIENT_ID,
"code": access_grant,
"code_used": False,
"scope": ["openid"],
"redirect_uri": "http://example.com/authz",
}
_sdb.do_sub(sid, "client_salt")
# Construct Access token request
areq = AccessTokenRequest(code=access_grant[0:len(access_grant) - 1],
client_id=CLIENT_ID,
redirect_uri="http://example.com/authz",
client_secret=CLIENT_SECRET,
grant_type='authorization_code')
txt = areq.to_urlencoded()
resp = self.provider.token_endpoint(request=txt)
atr = TokenErrorResponse().deserialize(resp.message, "json")
assert atr['error'] == "access_denied"
def test_token_endpoint_malformed(self):
authreq = AuthorizationRequest(state="state",
redirect_uri="http://example.com/authz",
client_id=CLIENT_ID,
response_type="code",
scope=["openid"])
_sdb = self.provider.sdb
sid = _sdb.access_token.key(user="******", areq=authreq)
access_grant = _sdb.access_token(sid=sid)
ae = AuthnEvent("user", "salt")
_sdb[sid] = {
"oauth_state": "authz",
"authn_event": ae,
"authzreq": authreq.to_json(),
"client_id": CLIENT_ID,
"code": access_grant,
"code_used": False,
"scope": ["openid"],
"redirect_uri": "http://example.com/authz",
}
_sdb.do_sub(sid, "client_salt")
# Construct Access token request
areq = AccessTokenRequest(code=access_grant[0:len(access_grant) - 1],
client_id=CLIENT_ID,
redirect_uri="http://example.com/authz",
client_secret=CLIENT_SECRET,
grant_type='authorization_code')
txt = areq.to_urlencoded()
resp = self.provider.token_endpoint(request=txt)
atr = TokenErrorResponse().deserialize(resp.message, "json")
assert atr['error'] == "invalid_request"
def test_server_parse_token_request():
atr = AccessTokenRequest(grant_type="authorization_code",
code="SplxlOBeZQQYbYS6WxSbIA",
redirect_uri="https://client.example.com/cb",
client_id=CLIENT_ID, extra="foo")
uenc = atr.to_urlencoded()
srv = Server()
srv.keyjar = KEYJ
tr = srv.parse_token_request(body=uenc)
print tr.keys()
assert tr.type() == "AccessTokenRequest"
assert _eq(tr.keys(), ['code', 'redirect_uri', 'grant_type', 'client_id',
'extra'])
assert tr["grant_type"] == "authorization_code"
assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA"
tr = srv.parse_token_request(body=uenc)
print tr.keys()
assert tr.type() == "AccessTokenRequest"
assert _eq(tr.keys(), ['code', 'grant_type', 'client_id', 'redirect_uri',
'extra'])
assert tr["extra"] == "foo"
def test_token_endpoint():
server = provider_init
authreq = AuthorizationRequest(state="state",
redirect_uri="http://example.com/authz",
client_id=CLIENT_ID)
_sdb = server.sdb
sid = _sdb.token.key(user="******", areq=authreq)
access_grant = _sdb.token(sid=sid)
_sdb[sid] = {
"oauth_state": "authz",
"sub": "user_id",
"authzreq": "",
"client_id": CLIENT_ID,
"code": access_grant,
"code_used": False,
"scope": ["openid"],
"redirect_uri": "http://example.com/authz"
}
# Construct Access token request
areq = AccessTokenRequest(code=access_grant, client_id=CLIENT_ID,
redirect_uri="http://example.com/authz",
client_secret=CLIENT_SECRET)
txt = areq.to_urlencoded()
resp = server.token_endpoint(request=txt)
print resp
atr = AccessTokenResponse().deserialize(resp.message, "json")
print atr.keys()
assert _eq(atr.keys(), ['token_type', 'id_token', 'access_token', 'scope',
'expires_in', 'refresh_token'])
def setup_token_endpoint(self):
authreq = AuthorizationRequest(state="state",
redirect_uri=self.redirect_urls[0],
client_id=CLIENT_ID,
response_type="code",
scope=["openid"])
_sdb = self.provider.sdb
sid = _sdb.token.key(user="******", areq=authreq)
access_grant = _sdb.token(sid=sid)
ae = AuthnEvent("user", "salt")
_sdb[sid] = {
"oauth_state": "authz",
"authn_event": ae,
"authzreq": authreq.to_json(),
"client_id": CLIENT_ID,
"code": access_grant,
"code_used": False,
"scope": ["openid"],
"redirect_uri": self.redirect_urls[0],
}
_sdb.do_sub(sid, "client_salt")
# Construct Access token request
areq = AccessTokenRequest(code=access_grant,
client_id=CLIENT_ID,
redirect_uri=self.redirect_urls[0],
client_secret="client_secret_1")
txt = areq.to_urlencoded()
resp = self.provider.token_endpoint(request=txt)
responses.add(responses.POST,
self.op_base + "token",
body=resp.message,
status=200,
content_type='application/json')
def test_server_parse_token_request():
atr = AccessTokenRequest(
grant_type="authorization_code",
code="SplxlOBeZQQYbYS6WxSbIA",
redirect_uri="https://client.example.com/cb",
client_id="client_id",
extra="foo",
)
uenc = atr.to_urlencoded()
srv = Server()
tr = srv.parse_token_request(body=uenc)
print tr.keys()
assert tr.type() == "AccessTokenRequest"
assert _eq(tr.keys(), ["code", "redirect_uri", "grant_type", "client_id", "extra"])
assert tr["grant_type"] == "authorization_code"
assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA"
tr = srv.parse_token_request(body=uenc)
print tr.keys()
assert tr.type() == "AccessTokenRequest"
assert _eq(tr.keys(), ["code", "grant_type", "client_id", "redirect_uri", "extra"])
assert tr["extra"] == "foo"
def test_server_parse_token_request():
atr = AccessTokenRequest(grant_type="authorization_code",
code="SplxlOBeZQQYbYS6WxSbIA",
redirect_uri="https://client.example.com/cb",
client_id=CLIENT_ID,
extra="foo")
uenc = atr.to_urlencoded()
srv = Server()
srv.keyjar = KEYJ
tr = srv.parse_token_request(body=uenc)
print tr.keys()
assert tr.type() == "AccessTokenRequest"
assert _eq(tr.keys(),
['code', 'redirect_uri', 'grant_type', 'client_id', 'extra'])
assert tr["grant_type"] == "authorization_code"
assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA"
tr = srv.parse_token_request(body=uenc)
print tr.keys()
assert tr.type() == "AccessTokenRequest"
assert _eq(tr.keys(),
['code', 'grant_type', 'client_id', 'redirect_uri', 'extra'])
assert tr["extra"] == "foo"
def test_token_endpoint_unauth(self):
authreq = AuthorizationRequest(state="state",
redirect_uri="http://example.com/authz",
client_id="client_1")
_sdb = self.provider.sdb
sid = _sdb.token.key(user="******", areq=authreq)
access_grant = _sdb.token(sid=sid)
ae = AuthnEvent("user", "salt")
_sdb[sid] = {
"authn_event": ae,
"oauth_state": "authz",
"authzreq": "",
"client_id": "client_1",
"code": access_grant,
"code_used": False,
"scope": ["openid"],
"redirect_uri": "http://example.com/authz"
}
_sdb.do_sub(sid, "client_salt")
# Construct Access token request
areq = AccessTokenRequest(code=access_grant,
redirect_uri="http://example.com/authz",
client_id="client_1",
client_secret="secret", )
txt = areq.to_urlencoded()
resp = self.provider.token_endpoint(request=txt, remote_user="******",
request_method="POST")
atr = TokenErrorResponse().deserialize(resp.message, "json")
assert atr["error"] == "unauthorized_client"
def test_token_endpoint_unauth(self):
authreq = AuthorizationRequest(state="state",
redirect_uri="http://example.com/authz",
client_id="client_1")
_sdb = self.server.sdb
sid = _sdb.token.key(user="******", areq=authreq)
access_grant = _sdb.token(sid=sid)
ae = AuthnEvent("user")
_sdb[sid] = {
"authn_event": ae,
"oauth_state": "authz",
"authzreq": "",
"client_id": "client_1",
"code": access_grant,
"code_used": False,
"scope": ["openid"],
"redirect_uri": "http://example.com/authz"
}
_sdb.do_sub(sid)
# Construct Access token request
areq = AccessTokenRequest(code=access_grant,
redirect_uri="http://example.com/authz",
client_id="client_1", client_secret="secret", )
print areq.to_dict()
txt = areq.to_urlencoded()
resp = self.server.token_endpoint(request=txt, remote_user="******",
request_method="POST")
print resp
atr = TokenErrorResponse().deserialize(resp.message, "json")
print atr.keys()
assert _eq(atr.keys(), ['error'])
def setup_token_endpoint(self):
authreq = AuthorizationRequest(state="state",
redirect_uri=self.redirect_urls[0],
client_id=CLIENT_ID,
response_type="code",
scope=["openid"])
_sdb = self.provider.sdb
sid = _sdb.token.key(user="******", areq=authreq)
access_grant = _sdb.token(sid=sid)
ae = AuthnEvent("user", "salt")
_sdb[sid] = {
"oauth_state": "authz",
"authn_event": ae,
"authzreq": authreq.to_json(),
"client_id": CLIENT_ID,
"code": access_grant,
"code_used": False,
"scope": ["openid"],
"redirect_uri": self.redirect_urls[0],
}
_sdb.do_sub(sid, "client_salt")
# Construct Access token request
areq = AccessTokenRequest(code=access_grant, client_id=CLIENT_ID,
redirect_uri=self.redirect_urls[0],
client_secret="client_secret_1")
txt = areq.to_urlencoded()
resp = self.provider.token_endpoint(request=txt)
responses.add(
responses.POST,
self.op_base + "token",
body=resp.message,
status=200,
content_type='application/json')
def test_token_endpoint(self):
authreq = AuthorizationRequest(state="state",
redirect_uri="http://example.com/authz",
client_id=CLIENT_ID,
response_type="code",
scope=["openid"])
_sdb = self.provider.sdb
sid = _sdb.token.key(user="******", areq=authreq)
access_grant = _sdb.token(sid=sid)
ae = AuthnEvent("user", "salt")
_sdb[sid] = {
"oauth_state": "authz",
"authn_event": ae,
"authzreq": authreq.to_json(),
"client_id": CLIENT_ID,
"code": access_grant,
"code_used": False,
"scope": ["openid"],
"redirect_uri": "http://example.com/authz",
}
_sdb.do_sub(sid, "client_salt")
# Construct Access token request
areq = AccessTokenRequest(code=access_grant, client_id=CLIENT_ID,
redirect_uri="http://example.com/authz",
client_secret=CLIENT_SECRET)
txt = areq.to_urlencoded()
resp = self.provider.token_endpoint(request=txt)
atr = AccessTokenResponse().deserialize(resp.message, "json")
assert _eq(atr.keys(),
['token_type', 'id_token', 'access_token', 'scope',
'expires_in', 'refresh_token'])
def test_parse_token_request(self):
treq = AccessTokenRequest(code="code",
redirect_uri="http://example.com/authz",
client_id=CLIENT_ID)
qdict = self.srv.parse_token_request(body=treq.to_urlencoded())
assert isinstance(qdict, AccessTokenRequest)
assert _eq(qdict.keys(),
['code', 'redirect_uri', 'client_id', 'grant_type'])
assert qdict["client_id"] == CLIENT_ID
assert qdict["code"] == "code"
def test_parse_token_request(self):
treq = AccessTokenRequest(code="code",
redirect_uri="http://example.com/authz",
client_id=CLIENT_ID)
qdict = self.srv.parse_token_request(body=treq.to_urlencoded())
assert isinstance(qdict, AccessTokenRequest)
assert _eq(qdict.keys(), ['code', 'redirect_uri', 'client_id',
'grant_type'])
assert qdict["client_id"] == CLIENT_ID
assert qdict["code"] == "code"
def _pop_token_req(self, authz_resp):
pop_key = base64.urlsafe_b64encode(
json.dumps(self._get_rsa_jwk()).encode("utf-8")).decode("utf-8")
areq = AccessTokenRequest(code=authz_resp["code"],
redirect_uri="http://localhost:8087/authz",
client_id="client1",
client_secret="drickyoghurt",
token_type="pop",
key=pop_key)
resp = self.provider.token_endpoint(request=areq.to_urlencoded(),
request_method="POST")
return AccessTokenResponse().deserialize(resp.message, "json")
def test_refresh_access_token_request(self):
authreq = AuthorizationRequest(state="state",
redirect_uri="http://example.com/authz",
client_id=CLIENT_ID,
response_type="code",
scope=["openid", 'offline_access'],
prompt='consent')
_sdb = self.provider.sdb
sid = _sdb.access_token.key(user="******", areq=authreq)
access_grant = _sdb.access_token(sid=sid)
ae = AuthnEvent("user", "salt")
_sdb[sid] = {
"oauth_state": "authz",
"authn_event": ae.to_json(),
"authzreq": authreq.to_json(),
"client_id": CLIENT_ID,
"code": access_grant,
"code_used": False,
"scope": ["openid", 'offline_access'],
"redirect_uri": "http://example.com/authz",
}
_sdb.do_sub(sid, "client_salt")
# Construct Access token request
areq = AccessTokenRequest(code=access_grant,
client_id=CLIENT_ID,
redirect_uri="http://example.com/authz",
client_secret=CLIENT_SECRET,
grant_type='authorization_code')
txt = areq.to_urlencoded()
resp = self.provider.token_endpoint(request=txt)
atr = AccessTokenResponse().deserialize(resp.message, "json")
rareq = RefreshAccessTokenRequest(grant_type="refresh_token",
refresh_token=atr['refresh_token'],
client_id=CLIENT_ID,
client_secret=CLIENT_SECRET,
scope=['openid'])
resp = self.provider.token_endpoint(request=rareq.to_urlencoded())
atr2 = AccessTokenResponse().deserialize(resp.message, "json")
assert atr2['access_token'] != atr['access_token']
assert atr2['refresh_token'] == atr['refresh_token']
assert atr2['token_type'] == 'Bearer'
def test_server_parse_token_request(self):
atr = AccessTokenRequest(grant_type="authorization_code",
code="SplxlOBeZQQYbYS6WxSbIA",
redirect_uri="https://client.example.com/cb",
client_id=CLIENT_ID, extra="foo")
uenc = atr.to_urlencoded()
tr = self.srv.parse_token_request(body=uenc)
assert isinstance(tr, AccessTokenRequest)
assert _eq(tr.keys(),
['code', 'redirect_uri', 'grant_type', 'client_id',
'extra'])
assert tr["grant_type"] == "authorization_code"
assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA"
assert tr["extra"] == "foo"
def test_server_parse_token_request(self):
atr = AccessTokenRequest(grant_type="authorization_code",
code="SplxlOBeZQQYbYS6WxSbIA",
redirect_uri="https://client.example.com/cb",
client_id=CLIENT_ID, extra="foo")
uenc = atr.to_urlencoded()
tr = self.srv.parse_token_request(body=uenc)
assert isinstance(tr, AccessTokenRequest)
assert _eq(tr.keys(),
['code', 'redirect_uri', 'grant_type', 'client_id',
'extra'])
assert tr["grant_type"] == "authorization_code"
assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA"
assert tr["extra"] == "foo"
def test_token_endpoint():
server = provider_init
authreq = AuthorizationRequest(state="state",
redirect_uri="http://example.com/authz",
client_id=CLIENT_ID)
_sdb = server.sdb
sid = _sdb.token.key(user="******", areq=authreq)
access_grant = _sdb.token(sid=sid)
_sdb[sid] = {
"oauth_state": "authz",
"sub": "user_id",
"authzreq": "",
"client_id": CLIENT_ID,
"code": access_grant,
"code_used": False,
"scope": ["openid"],
"redirect_uri":"http://example.com/authz"
}
# Construct Access token request
areq = AccessTokenRequest(code=access_grant, client_id=CLIENT_ID,
redirect_uri="http://example.com/authz",
client_secret=CLIENT_SECRET)
str = areq.to_urlencoded()
fil = StringIO.StringIO(buf=str)
environ = BASE_ENVIRON.copy()
environ["REQUEST_METHOD"] = "POST"
environ["CONTENT_LENGTH"] = len(str)
environ["wsgi.input"] = fil
environ["REMOTE_USER"] = CLIENT_ID
resp = server.token_endpoint(environ, start_response)
print resp
atr = AccessTokenResponse().deserialize(resp[0], "json")
print atr.keys()
assert _eq(atr.keys(), ['token_type', 'id_token', 'access_token', 'scope',
'expires_in', 'refresh_token'])
def test_token_endpoint_unauth():
server = provider_init
authreq = AuthorizationRequest(state="state",
redirect_uri="http://example.com/authz",
client_id="client_1")
_sdb = server.sdb
sid = _sdb.token.key(user="******", areq=authreq)
access_grant = _sdb.token(sid=sid)
_sdb[sid] = {
"oauth_state": "authz",
"sub": "sub",
"authzreq": "",
"client_id": "client_1",
"code": access_grant,
"code_used": False,
"scope": ["openid"],
"redirect_uri": "http://example.com/authz"
}
# Construct Access token request
areq = AccessTokenRequest(
code=access_grant,
redirect_uri="http://example.com/authz",
client_id="client_1",
client_secret="secret",
)
print areq.to_dict()
txt = areq.to_urlencoded()
resp = server.token_endpoint(request=txt,
remote_user="******",
request_method="POST")
print resp
atr = TokenErrorResponse().deserialize(resp.message, "json")
print atr.keys()
assert _eq(atr.keys(), ['error'])
def test_token_endpoint():
server = provider_init
authreq = AuthorizationRequest(state="state",
redirect_uri="http://example.com/authz",
client_id=CLIENT_ID)
_sdb = server.sdb
sid = _sdb.token.key(user="******", areq=authreq)
access_grant = _sdb.token(sid=sid)
_sdb[sid] = {
"oauth_state": "authz",
"sub": "sub",
"authzreq": "",
"client_id": CLIENT_ID,
"code": access_grant,
"code_used": False,
"scope": ["openid"],
"redirect_uri": "http://example.com/authz"
}
# Construct Access token request
areq = AccessTokenRequest(code=access_grant,
client_id=CLIENT_ID,
redirect_uri="http://example.com/authz",
client_secret=CLIENT_SECRET)
txt = areq.to_urlencoded()
resp = server.token_endpoint(request=txt)
print resp
atr = AccessTokenResponse().deserialize(resp.message, "json")
print atr.keys()
assert _eq(atr.keys(), [
'token_type', 'id_token', 'access_token', 'scope', 'expires_in',
'refresh_token'
])
def test_token_endpoint_unauth(self):
state = 'state'
authreq = AuthorizationRequest(state=state,
redirect_uri="http://example.com/authz",
client_id="client_1")
_sdb = self.provider.sdb
sid = _sdb.access_token.key(user="******", areq=authreq)
access_grant = _sdb.access_token(sid=sid)
ae = AuthnEvent("user", "salt")
_sdb[sid] = {
"authn_event": ae,
"oauth_state": "authz",
"authzreq": "",
"client_id": "client_1",
"code": access_grant,
"code_used": False,
"scope": ["openid"],
"redirect_uri": "http://example.com/authz",
'state': state
}
_sdb.do_sub(sid, "client_salt")
# Construct Access token request
areq = AccessTokenRequest(code=access_grant,
redirect_uri="http://example.com/authz",
client_id="client_1",
client_secret="secret",
state=state,
grant_type='authorization_code')
txt = areq.to_urlencoded()
resp = self.provider.token_endpoint(request=txt, remote_user="******",
request_method="POST")
atr = TokenErrorResponse().deserialize(resp.message, "json")
assert atr["error"] == "unauthorized_client"
