def test_get_access_token_request_override(self): self.client.reset() self.client.redirect_uris = ["http://client.example.com/authz"] grant = Grant() grant.code = "AbCdEf" grant.grant_expiration_time = time_util.utc_time_sans_frac() + 30 self.client.grant = {"xyz": grant} atr = self.client.construct_AccessTokenRequest(state="xyz") assert atr["grant_type"] == "authorization_code" assert atr["code"] == "AbCdEf" assert atr["redirect_uri"] == "http://client.example.com/authz"
def test_get_access_token_request_override(self): self.client.reset() self.client.redirect_uris = ["http://client.example.com/authz"] grant = Grant() grant.code = "AbCdEf" grant.grant_expiration_time = time_util.utc_time_sans_frac() + 30 self.client.grant = {"xyz": grant} atr = self.client.construct_AccessTokenRequest(state="xyz") assert atr["grant_type"] == "authorization_code" assert atr["code"] == "AbCdEf" assert atr["redirect_uri"] == "http://client.example.com/authz"
def test_token_request(self, request_func, expected_token_request): token_endpoint = self.PROVIDER_BASEURL + '/token' now = int(time.time()) id_token_claims = { 'iss': self.PROVIDER_METADATA['issuer'], 'sub': 'test_user', 'aud': [self.CLIENT_METADATA['client_id']], 'exp': now + 1, 'iat': now, 'nonce': 'test_nonce' } id_token_jwt, id_token_signing_key = signed_id_token(id_token_claims) token_response = AccessTokenResponse(access_token='test_access_token', refresh_token='refresh-token', token_type='Bearer', id_token=id_token_jwt, expires_in=now + 1) responses.add(responses.POST, token_endpoint, json=token_response.to_dict()) provider_metadata = self.PROVIDER_METADATA.copy( token_endpoint=token_endpoint) facade = PyoidcFacade( ProviderConfiguration(provider_metadata=provider_metadata, client_metadata=self.CLIENT_METADATA), REDIRECT_URI) grant = Grant(resp=token_response) grant.grant_expiration_time = now + grant.exp_in facade._client.grant = {'test-state': grant} responses.add(responses.GET, self.PROVIDER_METADATA['jwks_uri'], json={'keys': [id_token_signing_key.serialize()]}) token_response = request_func(facade) assert isinstance(token_response, AccessTokenResponse) expected_token_response = token_response.to_dict() expected_token_response['id_token'] = id_token_claims expected_token_response['id_token_jwt'] = id_token_jwt assert token_response.to_dict() == expected_token_response token_request = dict(parse_qsl(responses.calls[0].request.body)) assert token_request == expected_token_request
def test_token_request_handles_error_response(self): token_endpoint = self.PROVIDER_BASEURL + '/token' token_response = TokenErrorResponse( error='invalid_request', error_description='test error description') responses.add(responses.POST, token_endpoint, json=token_response.to_dict(), status=400) provider_metadata = self.PROVIDER_METADATA.copy( token_endpoint=token_endpoint) facade = PyoidcFacade( ProviderConfiguration(provider_metadata=provider_metadata, client_metadata=self.CLIENT_METADATA), REDIRECT_URI) state = 'test-state' grant = Grant() grant.grant_expiration_time = int(time.time()) + grant.exp_in facade._client.grant = {state: grant} assert facade.exchange_authorization_code('1234', state) == token_response