def registration_endpoint(self, request, authn=None, **kwargs):
try:
reg_req = RegistrationRequest().deserialize(request, "json")
except ValueError:
reg_req = RegistrationRequest().deserialize(request)
logger.debug("@registration_endpoint: {}".format(reg_req))
self.events.store(EV_PROTOCOL_REQUEST, reg_req)
if self.strict:
resp = self.check_scheme(reg_req)
if resp:
return resp
_response = provider.Provider.registration_endpoint(self,
request=request,
authn=authn,
**kwargs)
logger.debug('registration response: {}'.format(_response.message))
self.init_keys = []
if "jwks_uri" in reg_req:
if _response.status == "200 OK":
# find the client id
req_resp = ASConfigurationResponse().from_json(
_response.message)
# for kb in self.keyjar[req_resp["client_id"]]:
# if kb.imp_jwks:
# self.trace.info("Client JWKS: {}".format(kb.imp_jwks))
return _response
def test_client_registration_with_software_statement(self):
jwks, keyjar, kidd = build_keyjar(KEYS)
fed_operator = 'https://fedop.example.org'
self.provider.keyjar[fed_operator] = keyjar['']
ss = make_software_statement(keyjar, fed_operator, client_id='foxtrot')
args = {
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/callback2"
],
"client_name":
"XYZ Service B",
"token_endpoint_auth_method":
"client_secret_basic",
"scope":
"read write dolphin",
'software_statement':
ss
}
request = RegistrationRequest(**args)
resp = self.provider.registration_endpoint(request=request.to_json(),
environ={})
cli_resp = ClientInfoResponse().from_json(resp.message)
assert cli_resp
def test_client_user_info_get(self):
args = {
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/callback2"
],
"client_name":
"My Example Client",
"client_name#ja-Jpan-JP":
"\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D",
"token_endpoint_auth_method":
"client_secret_basic",
"scope":
"read write dolphin",
}
request = RegistrationRequest(**args)
resp = self.provider.registration_endpoint(request=request.to_json())
_resp = ClientInfoResponse().from_json(resp.message)
resp = self.provider.client_info_endpoint(
"GET",
environ={
"HTTP_AUTHORIZATION":
"Bearer %s" % (_resp["registration_access_token"], )
},
query="client_id=%s" % _resp["client_id"],
request=request.to_json())
_resp_cir = ClientInfoResponse().from_json(resp.message)
assert _resp == _resp_cir
def test_registration_uri_error(self):
args = {
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/callback2"
],
"client_name":
"My Example Client",
"client_name#ja-Jpan-JP":
"\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D",
"token_endpoint_auth_method":
"client_secret_basic",
"scope":
"read write dolphin",
# invalid logo_uri
"logo_uri":
"https://client.example.org/logo.png",
"jwks_uri":
"https://client.example.org/my_public_keys.jwks"
}
request = RegistrationRequest(**args)
resp = self.provider.registration_endpoint(request=request.to_json())
_resp = ClientRegistrationError().from_json(resp.message)
assert "error" in _resp
assert _resp["error"] == "invalid_client_metadata"
def test_registration_endpoint(self):
request = RegistrationRequest(
client_name="myself",
redirect_uris=["https://example.com/rp"],
grant_type=['authorization_code', 'implicit'])
resp = self.provider.registration_endpoint(request=request.to_json())
assert isinstance(resp, Response)
data = json.loads(resp.message)
assert data["client_name"] == "myself"
assert _eq(data["redirect_uris"], ["https://example.com/rp"])
_resp = ClientInfoResponse().from_json(resp.message)
assert "client_id" in _resp
def test_client_registration_delete(self):
args = {
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/callback2"
],
"client_name":
"My Example Client",
"client_name#ja-Jpan-JP":
"\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D",
"token_endpoint_auth_method":
"client_secret_basic",
"scope":
"read write dolphin",
}
request = RegistrationRequest(**args)
resp = self.provider.registration_endpoint(request=request.to_json(),
environ={})
_resp = ClientInfoResponse().from_json(resp.message)
resp = self.provider.client_info_endpoint(
request=request.to_json(),
environ={
"HTTP_AUTHORIZATION":
"Bearer %s" % (_resp["registration_access_token"], )
},
method="DELETE",
query="client_id=%s" % _resp["client_id"])
assert isinstance(resp, NoContent)
# A read should fail
resp = self.provider.client_info_endpoint(
"",
environ={
"HTTP_AUTHORIZATION":
"Bearer %s" % (_resp["registration_access_token"], )
},
query="client_id=%s" % _resp["client_id"])
assert isinstance(resp, Unauthorized)
def test_client_registration_utf_8_client_name(self):
args = {
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/callback2"
],
"client_name":
"My Example Client",
"client_name#ja-Jpan-JP":
"\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D",
"token_endpoint_auth_method":
"client_secret_basic",
"scope":
"read write dolphin",
}
request = RegistrationRequest(**args)
resp = self.provider.registration_endpoint(request=request.to_json())
_resp = ClientInfoResponse().from_json(resp.message)
assert _resp[
"client_name#ja-Jpan-JP"] == "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D"
assert _resp["client_name"] == "My Example Client"
def test_client_registration_update(self):
args = {
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/callback2"
],
"client_name":
"My Example Client",
"client_name#ja-Jpan-JP":
"\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D",
"token_endpoint_auth_method":
"client_secret_basic",
"scope":
"read write dolphin",
}
request = RegistrationRequest(**args)
resp = self.provider.registration_endpoint(request=request.to_json(),
environ={})
_resp = ClientInfoResponse().from_json(resp.message)
update = {
"client_id":
_resp["client_id"],
"client_secret":
_resp["client_secret"],
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/alt"
],
"scope":
"read write dolphin",
"grant_types": ["authorization_code", "refresh_token"],
"token_endpoint_auth_method":
"client_secret_basic",
"jwks_uri":
"https://client.example.org/my_public_keys.jwks",
"client_name":
"My New Example",
"client_name#fr":
"Mon Nouvel Exemple",
}
update_req = RegistrationRequest(**update)
resp = self.provider.client_info_endpoint(
request=update_req.to_json(),
environ={
"HTTP_AUTHORIZATION":
"Bearer %s" % (_resp["registration_access_token"], )
},
method="PUT",
query="client_id=%s" % _resp["client_id"])
_resp_up = ClientInfoResponse().from_json(resp.message)
assert _resp_up["client_id"] == update["client_id"]
assert _resp_up["client_secret"] == update["client_secret"]
assert _resp_up["redirect_uris"] == update["redirect_uris"]
assert _resp_up["scope"] == update["scope"].split()
assert _resp_up["grant_types"] == update["grant_types"]
assert _resp_up["token_endpoint_auth_method"] == update[
"token_endpoint_auth_method"]
assert _resp_up["jwks_uri"] == update["jwks_uri"]
assert _resp_up["client_name"] == update["client_name"]
assert _resp_up["client_name#fr"] == update["client_name#fr"]
_jws = JWS(sign_jwks, alg="RS256")
keys = im_keyjar.keys_by_alg_and_usage('', 'RS256', 'sig')
signed_jwks = _jws.sign_compact(keys)
print(70 * "-")
print('signed_jwks_uri content')
print(70 * "-")
print_lines(signed_jwks)
# -----------------------------------------------------------------------------
# Create client registration request
# -----------------------------------------------------------------------------
rr = RegistrationRequest(jwks_uri='https://example.com/rp/jwks',
software_statements=[sost],
signed_jwks_uri='https://example.com/rp/signed_jwks',
response_types=['code'],
id_token_signed_response_alg='SHA-256',
signing_key=signed_intermediate)
_jws = JWS(rr.to_json(), alg='RS256')
keys = a_keyjar.keys_by_alg_and_usage('', 'RS384', 'sig')
signed_reg_req = _jws.sign_compact(keys)
rr['signed_metadata'] = signed_reg_req
print(70 * "-")
print('Client registration request')
print(70 * "-")
print_lines(
json.dumps(rr.to_dict(), sort_keys=True, indent=2, separators=(',', ': ')))
