def test_client_secret_jwt(self, services): _service_context = services['accesstoken'].service_context _service_context.token_endpoint = "https://example.com/token" _service_context.set( 'provider_info', { 'issuer': 'https://example.com/', 'token_endpoint': "https://example.com/token" }) csj = ClientSecretJWT() request = AccessTokenRequest() csj.construct(request, service=services['accesstoken'], algorithm="HS256", authn_endpoint='userinfo') assert request["client_assertion_type"] == JWT_BEARER assert "client_assertion" in request cas = request["client_assertion"] _kj = KeyJar() _kj.add_symmetric(_service_context.get('client_id'), _service_context.get('client_secret'), usage=['sig']) jso = JWT(key_jar=_kj, sign_alg='HS256').unpack(cas) assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"]) _rj = JWS(alg='HS256') info = _rj.verify_compact( cas, _kj.get_signing_key(issuer_id=_service_context.get('client_id'))) assert _eq(info.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"]) assert info['aud'] == [_service_context.get('provider_info')['issuer']]
def test_construct(self, services): _service = services['accesstoken'] kb_rsa = KeyBundle(source='file://{}'.format( os.path.join(BASE_PATH, "data/keys/rsa.key")), fileformat='der') for key in kb_rsa: key.add_kid() _service.service_context.keyjar.add_kb('', kb_rsa) _service.service_context.set( 'provider_info', { 'issuer': 'https://example.com/', 'token_endpoint': "https://example.com/token" }) services['accesstoken'].endpoint = "https://example.com/token" request = AccessTokenRequest() pkj = PrivateKeyJWT() http_args = pkj.construct(request, service=_service, algorithm="RS256", authn_endpoint='token_endpoint') assert http_args == {} cas = request["client_assertion"] _kj = KeyJar() _kj.add_kb(_service.service_context.get('client_id'), kb_rsa) jso = JWT(key_jar=_kj).unpack(cas) assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"]) # assert _jwt.headers == {'alg': 'RS256'} assert jso['aud'] == [ _service.service_context.get('provider_info')['token_endpoint'] ]
def test_construct(self, entity): token_service = entity.client_get("service", 'accesstoken') kb_rsa = KeyBundle(source='file://{}'.format( os.path.join(BASE_PATH, "data/keys/rsa.key")), fileformat='der') for key in kb_rsa: key.add_kid() _context = token_service.client_get("service_context") _context.keyjar.add_kb('', kb_rsa) _context.provider_info = { 'issuer': 'https://example.com/', 'token_endpoint': "https://example.com/token" } _context.registration_response = { 'token_endpoint_auth_signing_alg': 'RS256' } token_service.endpoint = "https://example.com/token" request = AccessTokenRequest() pkj = PrivateKeyJWT() http_args = pkj.construct(request, service=token_service, authn_endpoint='token_endpoint') assert http_args == {} cas = request["client_assertion"] _kj = KeyJar() _kj.add_kb(_context.client_id, kb_rsa) jso = JWT(key_jar=_kj).unpack(cas) assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"]) # assert _jwt.headers == {'alg': 'RS256'} assert jso['aud'] == [_context.provider_info['token_endpoint']]
def test_client_secret_jwt(self, client): _ci = client.client_info _ci.token_endpoint = "https://example.com/token" _ci.provider_info = { 'issuer': 'https://example.com/', 'token_endpoint': "https://example.com/token" } csj = ClientSecretJWT() request = AccessTokenRequest() csj.construct(request, cli_info=client.client_info, algorithm="HS256", authn_endpoint='userinfo') assert request["client_assertion_type"] == JWT_BEARER assert "client_assertion" in request cas = request["client_assertion"] _skey = [SYMKey(k=b64e(as_bytes(_ci.client_secret)), use='sig')] jso = JWT(rec_keys={client.client_id: _skey}).unpack(cas) assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"]) _rj = JWS() info = _rj.verify_compact( cas, [SYMKey(k=b64e(as_bytes(_ci.client_secret)))]) assert _eq(info.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"]) assert info['aud'] == [_ci.provider_info['issuer']]
def test_construct(self, client): _key = rsa_load(os.path.join(BASE_PATH, "data/keys/rsa.key")) kc_rsa = KeyBundle([{ "key": _key, "kty": "RSA", "use": "ver" }, { "key": _key, "kty": "RSA", "use": "sig" }]) client.client_info.keyjar[""] = kc_rsa client.client_info.provider_info = { 'issuer': 'https://example.com/', 'token_endpoint': "https://example.com/token" } client.service['accesstoken'].endpoint = "https://example.com/token" request = AccessTokenRequest() pkj = PrivateKeyJWT() http_args = pkj.construct(request, cli_info=client.client_info, algorithm="RS256", authn_endpoint='token') assert http_args == {} cas = request["client_assertion"] pub_kb = KeyBundle([{ "key": _key.public_key(), "kty": "RSA", "use": "ver" }, { "key": _key.public_key(), "kty": "RSA", "use": "sig" }]) jso = JWT(rec_keys={client.client_id: pub_kb.get('RSA')}).unpack(cas) assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"]) #assert _jwt.headers == {'alg': 'RS256'} assert jso['aud'] == [ client.client_info.provider_info['token_endpoint'] ]
def test_client_secret_jwt(self, entity): _service_context = entity.client_get("service_context") _service_context.token_endpoint = "https://example.com/token" _service_context.provider_info = { 'issuer': 'https://example.com/', 'token_endpoint': "https://example.com/token" } _service_context.registration_response = { 'token_endpoint_auth_signing_alg': "HS256" } csj = ClientSecretJWT() request = AccessTokenRequest() csj.construct(request, service=entity.client_get("service", 'accesstoken'), authn_endpoint='token_endpoint') assert request["client_assertion_type"] == JWT_BEARER assert "client_assertion" in request cas = request["client_assertion"] _kj = KeyJar() _kj.add_symmetric(_service_context.client_id, _service_context.client_secret, ['sig']) jso = JWT(key_jar=_kj, sign_alg='HS256').unpack(cas) assert _eq(jso.keys(), ["aud", "iss", "sub", "exp", "iat", 'jti']) _rj = JWS(alg='HS256') info = _rj.verify_compact( cas, _kj.get_signing_key(issuer_id=_service_context.client_id)) assert _eq(info.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"]) assert info['aud'] == [ _service_context.provider_info['token_endpoint'] ]