def test_construct_with_token(self, services):
authz_service = services['authorization']
_state = authz_service.create_state('Issuer')
req = AuthorizationRequest(state=_state,
response_type='code',
redirect_uri='https://example.com',
scope=['openid'])
authz_service.store_item(req, 'auth_request', _state)
# Add a state and bind a code to it
resp1 = AuthorizationResponse(code="auth_grant", state=_state)
response = services['authorization'].parse_response(
resp1.to_urlencoded(), "urlencoded")
services['authorization'].update_service_context(response, key=_state)
# based on state find the code and then get an access token
resp2 = AccessTokenResponse(access_token="token1",
token_type="Bearer",
expires_in=0,
state=_state)
response = services['accesstoken'].parse_response(
resp2.to_urlencoded(), "urlencoded")
services['accesstoken'].update_service_context(response, key=_state)
# and finally use the access token, bound to a state, to
# construct the authorization header
http_args = BearerHeader().construct(ResourceRequest(),
services['accesstoken'],
key=_state)
assert http_args == {"headers": {"Authorization": "Bearer token1"}}
def test_allow_unsigned_idtoken(self, allow_sign_alg_none):
req_args = {
'response_type': 'code',
'state': 'state',
'nonce': 'nonce'
}
self.service.endpoint = 'https://example.com/authorize'
self.service.get_request_parameters(request_args=req_args)
# Build an ID Token
idt = JWT(ISS_KEY, iss=ISS, lifetime=3600, sign_alg='none')
payload = {'sub': '123456789', 'aud': ['client_id']}
_idt = idt.pack(payload)
self.service.service_context.get('behaviour')["verify_args"] = {
"allow_sign_alg_none": allow_sign_alg_none
}
resp = AuthorizationResponse(state='state', code='code', id_token=_idt)
if allow_sign_alg_none:
resp = self.service.parse_response(resp.to_urlencoded())
else:
with pytest.raises(UnsupportedAlgorithm):
self.service.parse_response(resp.to_urlencoded())
def test_update_service_context_with_idtoken(self):
req_args = {'response_type': 'code', 'state': 'state', 'nonce': 'nonce'}
self.service.endpoint = 'https://example.com/authorize'
_info = self.service.get_request_parameters(request_args=req_args)
# Build an ID Token
idt = JWT(key_jar=ISS_KEY, iss=ISS, lifetime=3600)
payload = {'sub': '123456789', 'aud': ['client_id'], 'nonce': 'nonce'}
# have to calculate c_hash
alg = 'RS256'
halg = "HS%s" % alg[-3:]
payload["c_hash"] = left_hash('code', halg)
_idt = idt.pack(payload)
resp = AuthorizationResponse(state='state', code='code', id_token=_idt)
resp = self.service.parse_response(resp.to_urlencoded())
self.service.update_service_context(resp, 'state')
def test_response(self):
_state = "today"
req_args = {'response_type': 'code', 'state': _state}
self.auth_service.endpoint = 'https://example.com/authorize'
_info = self.auth_service.get_request_parameters(request_args=req_args)
assert set(_info.keys()) == {'url', 'method', 'request'}
msg = AuthorizationRequest().from_urlencoded(
self.auth_service.get_urlinfo(_info['url']))
self.auth_service.client_get("service_context").state.store_item(
msg, "auth_request", _state)
resp1 = AuthorizationResponse(code="auth_grant", state=_state)
response = self.auth_service.parse_response(resp1.to_urlencoded(),
"urlencoded",
state=_state)
self.auth_service.update_service_context(response, key=_state)
assert self.auth_service.client_get("service_context").state.get_state(
_state)
def test_construct_with_request(self, services):
authz_service = services['authorization']
authz_service.state_db.set('EEEE', State(iss='Issuer').to_json())
resp1 = AuthorizationResponse(code="auth_grant", state="EEEE")
response = authz_service.parse_response(resp1.to_urlencoded(),
"urlencoded")
authz_service.update_service_context(response, key='EEEE')
resp2 = AccessTokenResponse(access_token="token1",
token_type="Bearer",
expires_in=0,
state="EEEE")
response = services['accesstoken'].parse_response(
resp2.to_urlencoded(), "urlencoded")
services['accesstoken'].update_service_context(response, key='EEEE')
request = ResourceRequest()
BearerBody().construct(request, service=authz_service, key="EEEE")
assert "access_token" in request
assert request["access_token"] == "token1"
def test_construct_with_request(self, entity):
authz_service = entity.client_get("service", 'authorization')
_cntx = authz_service.client_get("service_context")
_key = _cntx.state.create_state(iss='Issuer')
resp1 = AuthorizationResponse(code="auth_grant", state=_key)
response = authz_service.parse_response(resp1.to_urlencoded(),
"urlencoded")
authz_service.update_service_context(response, key=_key)
resp2 = AccessTokenResponse(access_token="token1",
token_type="Bearer",
expires_in=0,
state=_key)
_token_service = entity.client_get("service", 'accesstoken')
response = _token_service.parse_response(resp2.to_urlencoded(),
"urlencoded")
_token_service.update_service_context(response, key=_key)
request = ResourceRequest()
BearerBody().construct(request, service=authz_service, key=_key)
assert "access_token" in request
assert request["access_token"] == "token1"