def test_access_token_srv_conf():
client_config = {
'client_id': 'client_id',
'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb']
}
service_context = ServiceContext(config=client_config)
db = InMemoryStateDataBase()
auth_request = AuthorizationRequest(
redirect_uri='https://example.com/cli/authz_cb', state='state')
auth_response = AuthorizationResponse(code='access_code')
_state = State(auth_request=auth_request.to_json(),
auth_response=auth_response.to_json())
db.set('state', _state.to_json())
service = service_factory(
'AccessToken', ['oauth2'],
state_db=db,
service_context=service_context,
conf={'default_authn_method': 'client_secret_post'})
req_args = {
'redirect_uri': 'https://example.com/cli/authz_cb',
'code': 'access_code'
}
service.endpoint = 'https://example.com/authorize'
_info = service.get_request_parameters(request_args=req_args,
state='state')
assert _info
msg = AccessTokenRequest().from_urlencoded(
service.get_urlinfo(_info['body']))
assert 'client_secret' in msg
def test_authorization_and_pkce(self):
auth_serv = self.service["authorization"]
_state = State(iss='Issuer')
auth_serv.state_db.set('state', _state.to_json())
request = auth_serv.construct_request({"state": 'state', "response_type": "code"})
assert set(request.keys()) == {'client_id', 'code_challenge',
'code_challenge_method', 'state',
'redirect_uri', 'response_type'}
def test_add_code_challenge_default_values(self):
auth_serv = self.service["authorization"]
_state = State(iss='Issuer')
auth_serv.state_db.set('state', _state.to_json())
request_args, _ = add_code_challenge({'state': 'state'}, auth_serv)
# default values are length:64 method:S256
assert set(request_args.keys()) == {'code_challenge', 'code_challenge_method',
'state'}
assert request_args['code_challenge_method'] == 'S256'
request_args = add_code_verifier({}, auth_serv, state='state')
assert len(request_args['code_verifier']) == 64
def create_request(self):
self._iss = ISS
client_config = {
'client_id': 'client_id', 'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb'],
'issuer': self._iss, 'requests_dir': 'requests',
'base_url': 'https://example.com/cli/'
}
service_context = ServiceContext(config=client_config)
service_context.keyjar = CLI_KEY
service_context.behaviour = {
'userinfo_signed_response_alg': 'RS256',
"userinfo_encrypted_response_alg": "RSA-OAEP",
"userinfo_encrypted_response_enc": "A256GCM"
}
db = InMemoryStateDataBase()
auth_response = AuthorizationResponse(code='access_code').to_json()
idtval = {
'nonce': 'KUEYfRM2VzKDaaKD', 'sub': 'diana',
'iss': ISS, 'aud': 'client_id'
}
idt = create_jws(idtval)
ver_idt = IdToken().from_jwt(idt, CLI_KEY)
token_response = AccessTokenResponse(
access_token='access_token', id_token=idt,
__verified_id_token=ver_idt).to_json()
db.set('abcde', State(token_response=token_response,
auth_response=auth_response).to_json())
self.service = service_factory('UserInfo', ['oidc'], state_db=db,
service_context=service_context)
def create_service(self):
client_config = {
'client_id': 'client_id',
'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb']
}
service_context = ServiceContext(config=client_config)
db = InMemoryStateDataBase()
auth_request = AuthorizationRequest(
redirect_uri='https://example.com/cli/authz_cb', state='state')
auth_response = AuthorizationResponse(code='access_code')
_state = State(auth_response=auth_response.to_json(),
auth_request=auth_request.to_json())
db.set('state', _state.to_json())
self.service = service_factory('AccessToken', ['oauth2'],
state_db=db,
service_context=service_context)
def create_service(self):
client_config = {
'client_id': 'client_id',
'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb']
}
service_context = ServiceContext(config=client_config)
db = InMemoryStateDataBase()
auth_response = AuthorizationResponse(code='access_code')
token_response = AccessTokenResponse(access_token='bearer_token',
refresh_token='refresh')
_state = State(auth_response=auth_response.to_json(),
token_response=token_response.to_json())
db.set('abcdef', _state.to_json())
self.service = service_factory('RefreshAccessToken', ['oauth2'],
state_db=db,
service_context=service_context)
self.service.endpoint = 'https://example.com/token'
def create_client(self):
self.redirect_uri = "http://example.com/redirect"
conf = {
'redirect_uris': ['https://example.com/cli/authz_cb'],
'client_id': 'client_1',
'client_secret': 'abcdefghijklmnop',
}
self.client = RP(DB(), config=conf)
self.client.state_db.set('ABCDE', State(iss='issuer').to_json())
def test_do_userinfo_request_init(self):
auth_request = AuthorizationRequest(
redirect_uri='https://example.com/cli/authz_cb', state='state')
auth_response = AuthorizationResponse(code='access_code')
token_response = AccessTokenResponse(refresh_token="refresh_with_me",
access_token="access")
_state = State(auth_response=auth_response.to_json(),
auth_request=auth_request.to_json(),
token_response=token_response.to_json())
self.client.state_db.set('ABCDE', _state.to_json())
_srv = self.client.service['userinfo']
_srv.endpoint = "https://example.com/userinfo"
_info = _srv.get_request_parameters(state='ABCDE')
assert _info
assert _info['headers'] == {'Authorization': 'Bearer access'}
assert _info['url'] == 'https://example.com/userinfo'
def test_construct_accesstoken_request(self):
auth_request = AuthorizationRequest(
redirect_uri='https://example.com/cli/authz_cb', state='state')
auth_response = AuthorizationResponse(code='access_code')
_state = State(auth_response=auth_response.to_json(),
auth_request=auth_request.to_json())
self.client.state_db.set('ABCDE', _state.to_json())
# Bind access code to state
req_args = {}
msg = self.client.service['accesstoken'].construct(
request_args=req_args, state='ABCDE')
assert isinstance(msg, AccessTokenRequest)
assert msg.to_dict() == {
'client_id': 'client_1',
'code': 'access_code',
'client_secret': 'abcdefghijklmnop',
'grant_type': 'authorization_code',
'redirect_uri': 'https://example.com/cli/authz_cb',
'state': 'state'
}
def services():
db = InMemoryStateDataBase()
auth_request = AuthorizationRequest(redirect_uri="http://example.com",
state='ABCDE').to_json()
auth_response = AuthorizationResponse(access_token="token",
state='ABCDE').to_json()
db.set(
'ABCDE',
State(iss='Issuer',
auth_request=auth_request,
auth_response=auth_response).to_json())
return init_services(DEFAULT_SERVICES, get_service_context(), db)
def test_construct_refresh_token_request(self):
auth_request = AuthorizationRequest(
redirect_uri='https://example.com/cli/authz_cb', state='state')
auth_response = AuthorizationResponse(code='access_code')
token_response = AccessTokenResponse(refresh_token="refresh_with_me",
access_token="access")
_state = State(auth_response=auth_response.to_json(),
auth_request=auth_request.to_json(),
token_response=token_response.to_json())
self.client.state_db.set('ABCDE', _state.to_json())
req_args = {}
msg = self.client.service['refresh_token'].construct(
request_args=req_args, state='ABCDE')
assert isinstance(msg, RefreshAccessTokenRequest)
assert msg.to_dict() == {
'client_id': 'client_1',
'client_secret': 'abcdefghijklmnop',
'grant_type': 'refresh_token',
'refresh_token': 'refresh_with_me'
}
def test_construct_authorization_request(self):
req_args = {
'state': 'ABCDE',
'redirect_uri': 'https://example.com/auth_cb',
'response_type': ['code']
}
self.client.state_db.set('ABCDE', State(iss='issuer').to_json())
msg = self.client.service['authorization'].construct(
request_args=req_args)
assert isinstance(msg, AuthorizationRequest)
assert msg['client_id'] == 'client_1'
assert msg['redirect_uri'] == 'https://example.com/auth_cb'
def test_construct_with_state(self, services):
_srv = services['authorization']
_srv.state_db['FFFFF'] = State(iss='Issuer').to_json()
resp = AuthorizationResponse(code="code", state="FFFFF")
_srv.store_item(resp, 'auth_response', 'FFFFF')
atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA",
token_type="example",
refresh_token="tGzv3JOkF0XG5Qx2TlKWIA",
example_parameter="example_value",
scope=["inner", "outer"])
_srv.store_item(atr, 'token_response', 'FFFFF')
request = ResourceRequest()
http_args = BearerBody().construct(request, service=_srv, key="FFFFF")
assert request["access_token"] == "2YotnFZFEjr1zCsicMWpAA"
assert http_args is None
def test_construct_with_request(self, services):
authz_service = services['authorization']
authz_service.state_db.set('EEEE', State(iss='Issuer').to_json())
resp1 = AuthorizationResponse(code="auth_grant", state="EEEE")
response = authz_service.parse_response(resp1.to_urlencoded(),
"urlencoded")
authz_service.update_service_context(response, key='EEEE')
resp2 = AccessTokenResponse(access_token="token1",
token_type="Bearer",
expires_in=0,
state="EEEE")
response = services['accesstoken'].parse_response(
resp2.to_urlencoded(), "urlencoded")
services['accesstoken'].update_service_context(response, key='EEEE')
request = ResourceRequest()
BearerBody().construct(request, service=authz_service, key="EEEE")
assert "access_token" in request
assert request["access_token"] == "token1"
def create_service(self):
service_context = ServiceContext(client_id='client_id',
issuer='https://www.example.org/as')
db = InMemoryStateDataBase()
db.set('state', State(iss='Issuer').to_json())
self.service = DummyService(service_context, state_db=db)
'scope': 'openid',
'code': 'Z0FBQUFBQmFkdFFjUVpFWE81SHU5N1N4N01',
'iss': OP_BASEURL,
'client_id': 'zls2qhN1jO6A'
}
_authz_rep = AuthorizationResponse(**op_authz_resp)
print(_authz_rep.to_urlencoded())
_resp = service['authorization'].parse_response(_authz_rep.to_urlencoded())
service['authorization'].update_service_context(_resp, key=STATE)
print()
print('--- Authorization registration, response ----')
print(_resp)
_json = service['authorization'].state_db.get(STATE)
_state = State().from_json(_json)
print('code: {}'.format(_state['auth_response']['code']))
# =================== Access token ====================
request_args = {
'state': STATE,
'redirect_uri': service_context.redirect_uris[0]
}
info = service['accesstoken'].get_request_parameters(request_args=request_args)
print()
print('--- Access token, request ----')
print('uri: {}'.format(info['url']))
print('body: {}'.format(info['body']))