def test_verified_initializes_verified_token(self, patch):
verified_token = patch("h.oauth.jwt_grant_token.VerifiedJWTGrantToken")
jwttok = jwt_token({"iss": "test-issuer"})
grant_token = JWTGrantToken(jwttok)
grant_token.verified("top-secret", "test-audience")
verified_token.assert_called_once_with(jwttok, "top-secret", "test-audience")
def test_verified_initializes_verified_token(self, patch):
verified_token = patch("h.oauth.jwt_grant_token.VerifiedJWTGrantToken")
jwttok = jwt_token({"iss": "test-issuer"})
grant_token = JWTGrantToken(jwttok)
grant_token.verified("top-secret", "test-audience")
verified_token.assert_called_once_with(jwttok, "top-secret", "test-audience")
def test_verified_initializes_verified_token(self, patch):
verified_token = patch('h.oauth.jwt_grant_token.VerifiedJWTGrantToken')
jwttok = jwt_token({'iss': 'test-issuer'})
grant_token = JWTGrantToken(jwttok)
grant_token.verified('top-secret', 'test-audience')
verified_token.assert_called_once_with(jwttok, 'top-secret', 'test-audience')
def test_verified_initializes_verified_token(self, patch):
verified_token = patch('h.oauth.jwt_grant_token.VerifiedJWTGrantToken')
jwttok = jwt_token({'iss': 'test-issuer'})
grant_token = JWTGrantToken(jwttok)
grant_token.verified('top-secret', 'test-audience')
verified_token.assert_called_once_with(jwttok, 'top-secret',
'test-audience')
def test_verified_returns_verified_token(self, patch):
verified_token = patch('h.oauth.jwt_grant_token.VerifiedJWTGrantToken')
jwttok = jwt_token({'iss': 'test-issuer'})
grant_token = JWTGrantToken(jwttok)
actual = grant_token.verified('top-secret', 'test-audience')
assert actual == verified_token.return_value
def test_verified_returns_verified_token(self, patch):
verified_token = patch("h.oauth.jwt_grant_token.VerifiedJWTGrantToken")
jwttok = jwt_token({"iss": "test-issuer"})
grant_token = JWTGrantToken(jwttok)
actual = grant_token.verified("top-secret", "test-audience")
assert actual == verified_token.return_value
def test_verified_returns_verified_token(self, patch):
verified_token = patch("h.oauth.jwt_grant_token.VerifiedJWTGrantToken")
jwttok = jwt_token({"iss": "test-issuer"})
grant_token = JWTGrantToken(jwttok)
actual = grant_token.verified("top-secret", "test-audience")
assert actual == verified_token.return_value
def test_verified_returns_verified_token(self, patch):
verified_token = patch('h.oauth.jwt_grant_token.VerifiedJWTGrantToken')
jwttok = jwt_token({'iss': 'test-issuer'})
grant_token = JWTGrantToken(jwttok)
actual = grant_token.verified('top-secret', 'test-audience')
assert actual == verified_token.return_value
def validate_token_request(self, request):
"""
Validates a token request.
Sets the ``client_id`` property on the passed-in request to the JWT
issuer, and finds the user based on the JWT subject and sets it as
the ``user`` property.
Raises subclasses of ``oauthlib.oauth2.rfc6749.OAuth2Error`` when
validation fails.
:param request: the oauthlib request
:type request: oauthlib.common.Request
"""
try:
assertion = request.assertion
except AttributeError:
raise errors.InvalidRequestFatalError("Missing assertion.")
token = JWTGrantToken(assertion)
# Update client_id in oauthlib request
request.client_id = token.issuer
if not self.request_validator.authenticate_client_id(
request.client_id, request
):
raise errors.InvalidClientError(request=request)
# Ensure client is authorized use of this grant type
self.validate_grant_type(request)
authclient = request.client.authclient
verified_token = token.verified(key=authclient.secret, audience=self.domain)
user = self.user_svc.fetch(verified_token.subject)
if user is None:
raise errors.InvalidGrantError(
"Grant token subject (sub) could not be found."
)
if user.authority != authclient.authority:
raise errors.InvalidGrantError(
"Grant token subject (sub) does not match issuer (iss)."
)
request.user = user
