def test_pkce_verify_512(): _cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}}) args, cv = _cli.add_code_challenge() authn_broker = AuthnBroker() authn_broker.add("UNDEFINED", DummyAuthn(None, "username")) _prov = Provider("as", sdb.SessionDB(SERVER_INFO["issuer"]), CDB, authn_broker, Implicit(), verify_client) assert _prov.verify_code_challenge(cv, args['code_challenge'], 'S512') is True
def test_pkce_verify_512(session_db_factory): _cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}}) args, cv = _cli.add_code_challenge() authn_broker = AuthnBroker() authn_broker.add("UNDEFINED", DummyAuthn(None, "username")) _prov = Provider("as", session_db_factory(SERVER_INFO["issuer"]), CDB, authn_broker, Implicit(), verify_client) assert _prov.verify_code_challenge(cv, args['code_challenge'], 'S512') is True resp = _prov.verify_code_challenge('XXX', args['code_challenge']) assert isinstance(resp, Response) assert resp.info()['status_code'] == 401
def test_authenticated_token(self): client = Client(**CLIENT_CONFIG) client.authorization_endpoint = 'https://example.com/as' sid = rndstr(8) args = {'redirect_uri': "http://localhost:8087/authz", "state": sid, "response_type": 'token'} url, body, ht_args, csi = client.request_info(AuthorizationRequest, 'GET', request_args=args) QUERY_STRING = url.split("?")[1] resp = self.provider.authorization_endpoint(QUERY_STRING) auth_resp = parse_qs(urlparse(resp.message).fragment) assert "access_token" in auth_resp assert auth_resp["token_type"][0] == "Bearer"
def test_pkce_verify_512(session_db_factory): _cli = Client(config={"code_challenge": {"method": "S512", "length": 96}}) args, cv = _cli.add_code_challenge() authn_broker = AuthnBroker() authn_broker.add("UNDEFINED", DummyAuthn(None, "username")) _prov = Provider( "as", session_db_factory(SERVER_INFO["issuer"]), CDB, authn_broker, Implicit(), verify_client, ) assert _prov.verify_code_challenge(cv, args["code_challenge"], "S512") is True resp = _prov.verify_code_challenge("XXX", args["code_challenge"]) assert isinstance(resp, Response) assert resp.info()["status_code"] == 401
def test_authenticated(self): client = Client(**CLIENT_CONFIG) client.authorization_endpoint = 'https://example.com/as' sid = rndstr(8) args = { 'redirect_uri': "http://localhost:8087/authz", "state": sid, "response_type": 'code'} url, body, ht_args, csi = client.request_info( AuthorizationRequest, 'GET', request_args=args) resp = self.provider.authorization_endpoint(urlparse(url).query) assert resp.status == "303 See Other" resp = urlparse(resp.message).query aresp = client.parse_authz_response(resp) assert isinstance(aresp, AuthorizationResponse) assert _eq(aresp.keys(), ['state', 'code', 'client_id', 'iss']) assert _eq(client.grant[sid].keys(), ['tokens', 'code', 'exp_in', 'seed', 'id_token', 'grant_expiration_time'])
def test_pkce_create(): _cli = Client(config={'code_challenge': {'method': 'S256', 'length': 64}}) args, cv = _cli.add_code_challenge() assert args['code_challenge_method'] == 'S256' assert _eq(list(args.keys()), ['code_challenge_method', 'code_challenge'])
def test_pkce_create(): _cli = Client(config={"code_challenge": {"method": "S256", "length": 64}}) args, cv = _cli.add_code_challenge() assert args["code_challenge_method"] == "S256" assert _eq(list(args.keys()), ["code_challenge_method", "code_challenge"])