def test_begin(self):
rph_1 = RPHandler(BASE_URL,
client_configs=CLIENT_CONFIG,
keyjar=CLI_KEY,
module_dirs=['oidc'])
res = rph_1.begin(issuer_id='github')
assert set(res.keys()) == {'url', 'state'}
_github_id = iss_id('github')
client = rph_1.issuer2rp[_github_id]
assert client.client_get("service_context").get('issuer') == _github_id
part = urlsplit(res['url'])
assert part.scheme == 'https'
assert part.netloc == 'github.com'
assert part.path == '/login/oauth/authorize'
query = parse_qs(part.query)
assert set(query.keys()) == {
'nonce', 'state', 'client_id', 'redirect_uri', 'response_type',
'scope'
}
# nonce and state are created on the fly so can't check for those
assert query['client_id'] == ['eeeeeeeee']
assert query['redirect_uri'] == [
'https://example.com/rp/authz_cb/github'
]
assert query['response_type'] == ['code']
assert query['scope'] == ['user public_repo openid']
def test_userinfo_in_id_token(self):
rph_1 = RPHandler(BASE_URL,
client_configs=CLIENT_CONFIG,
keyjar=CLI_KEY,
module_dirs=['oidc'])
res = rph_1.begin(issuer_id='github')
_session = rph_1.get_session_information(res['state'])
client = rph_1.issuer2rp[_session['iss']]
#_context = client.client_get("service_context")
_nonce = _session['auth_request']['nonce']
_iss = _session['iss']
_aud = client.get_client_id()
idval = {
'nonce': _nonce,
'sub': 'EndUserSubject',
'iss': _iss,
'aud': _aud,
'given_name': 'Diana',
'family_name': 'Krall',
'occupation': 'Jazz pianist'
}
idts = IdToken(**idval)
userinfo = rph_1.userinfo_in_id_token(idts)
assert set(userinfo.keys()) == {
'sub', 'family_name', 'given_name', 'occupation'
}
def test_get_client_authn_method(self):
rph_1 = RPHandler(BASE_URL,
client_configs=CLIENT_CONFIG,
keyjar=CLI_KEY,
module_dirs=['oidc'])
res = rph_1.begin(issuer_id='github')
_session = rph_1.get_session_information(res['state'])
client = rph_1.issuer2rp[_session['iss']]
authn_method = rph_1.get_client_authn_method(client, 'token_endpoint')
assert authn_method == ''
res = rph_1.begin(issuer_id='linkedin')
_session = rph_1.get_session_information(res['state'])
client = rph_1.issuer2rp[_session['iss']]
authn_method = rph_1.get_client_authn_method(client, 'token_endpoint')
assert authn_method == 'client_secret_post'
def test_get_session_information(self):
rph_1 = RPHandler(BASE_URL,
client_configs=CLIENT_CONFIG,
keyjar=CLI_KEY,
module_dirs=['oidc'])
res = rph_1.begin(issuer_id='github')
_session = rph_1.get_session_information(res['state'])
assert rph_1.client_configs['github']['issuer'] == _session['iss']
def test_access_and_id_token_by_reference(self):
rph_1 = RPHandler(BASE_URL,
client_configs=CLIENT_CONFIG,
keyjar=CLI_KEY,
module_dirs=['oidc'])
res = rph_1.begin(issuer_id='github')
_session = rph_1.get_session_information(res['state'])
client = rph_1.issuer2rp[_session['iss']]
_context = client.client_get("service_context")
_nonce = _session['auth_request']['nonce']
_iss = _session['iss']
_aud = _context.client_id
idval = {
'nonce': _nonce,
'sub': 'EndUserSubject',
'iss': _iss,
'aud': _aud
}
_github_id = iss_id('github')
_context.keyjar.import_jwks(
GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)
idts = IdToken(**idval)
_signed_jwt = idts.to_jwt(key=GITHUB_KEY.get_signing_key(
'rsa', issuer_id=_github_id),
algorithm="RS256",
lifetime=300)
_info = {
"access_token": "accessTok",
"id_token": _signed_jwt,
"token_type": "Bearer",
"expires_in": 3600
}
at = AccessTokenResponse(**_info)
_url = "https://github.com/token"
with responses.RequestsMock() as rsps:
rsps.add("POST",
_url,
body=at.to_json(),
adding_headers={"Content-Type": "application/json"},
status=200)
client.client_get("service", 'accesstoken').endpoint = _url
_response = AuthorizationResponse(code='access_code',
state=res['state'])
_ = rph_1.finalize_auth(client, _session['iss'],
_response.to_dict())
resp = rph_1.get_access_and_id_token(state=res['state'])
assert resp['access_token'] == 'accessTok'
assert isinstance(resp['id_token'], IdToken)
def test_get_client_from_session_key(self):
rph_1 = RPHandler(BASE_URL,
client_configs=CLIENT_CONFIG,
keyjar=CLI_KEY,
module_dirs=['oidc'])
res = rph_1.begin(issuer_id='linkedin')
cli1 = rph_1.get_client_from_session_key(state=res['state'])
_session = rph_1.get_session_information(res['state'])
cli2 = rph_1.issuer2rp[_session['iss']]
assert cli1 == cli2
# redo
rph_1.do_provider_info(state=res['state'])
# get new redirect_uris
cli2.client_get("service_context").redirect_uris = []
rph_1.do_client_registration(state=res['state'])
def test_finalize_auth(self):
rph_1 = RPHandler(BASE_URL,
client_configs=CLIENT_CONFIG,
keyjar=CLI_KEY,
module_dirs=['oidc'])
res = rph_1.begin(issuer_id='linkedin')
_session = rph_1.get_session_information(res['state'])
client = rph_1.issuer2rp[_session['iss']]
auth_response = AuthorizationResponse(code='access_code',
state=res['state'])
resp = rph_1.finalize_auth(client, _session['iss'],
auth_response.to_dict())
assert set(resp.keys()) == {'state', 'code'}
aresp = client.client_get(
"service",
'authorization').client_get("service_context").state.get_item(
AuthorizationResponse, 'auth_response', res['state'])
assert set(aresp.keys()) == {'state', 'code'}