def test_extra(self): atr = AccessTokenRequest(grant_type="authorization_code", code="SplxlOBeZQQYbYS6WxSbIA", redirect_uri="https://client.example.com/cb", extra="foo") query = atr.to_urlencoded() assert query_string_compare( query, "code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb&" "grant_type=authorization_code&extra=foo") atr2 = AccessTokenRequest().deserialize(query, "urlencoded") assert atr == atr2
def test_client_secret_jwt(self, client): _ci = client.client_info _ci.token_endpoint = "https://example.com/token" _ci.provider_info = { 'issuer': 'https://example.com/', 'token_endpoint': "https://example.com/token" } csj = ClientSecretJWT() request = AccessTokenRequest() csj.construct(request, cli_info=client.client_info, algorithm="HS256", authn_endpoint='userinfo') assert request["client_assertion_type"] == JWT_BEARER assert "client_assertion" in request cas = request["client_assertion"] _skey = [SYMKey(k=b64e(as_bytes(_ci.client_secret)), use='sig')] jso = JWT(rec_keys={client.client_id: _skey}).unpack(cas) assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"]) _rj = JWS() info = _rj.verify_compact( cas, [SYMKey(k=b64e(as_bytes(_ci.client_secret)))]) assert _eq(info.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"]) assert info['aud'] == [_ci.provider_info['issuer']]
def test_access_token_srv_conf(): service = factory('AccessToken', client_authn_method=CLIENT_AUTHN_METHOD, conf={'default_authn_method': 'client_secret_post'}) client_config = { 'client_id': 'client_id', 'client_secret': 'password', 'redirect_uris': ['https://example.com/cli/authz_cb'] } cli_info = ClientInfo(config=client_config) cli_info.state_db['state'] = {'code': 'access_code'} req_args = { 'redirect_uri': 'https://example.com/cli/authz_cb', 'code': 'access_code' } service.endpoint = 'https://example.com/authorize' _info = service.request_info(cli_info, request_args=req_args, state='state') assert _info msg = AccessTokenRequest().from_urlencoded( service.get_urlinfo(_info['body'])) assert 'client_secret' in msg assert 'Authorization' not in _info['kwargs']['headers']
def test_does_not_remove_padding(self, client): request = AccessTokenRequest(code="foo", redirect_uri="http://example.com") csb = ClientSecretBasic() http_args = csb.construct(request, cli_info=client.client_info, user="******", password="******") assert http_args["headers"]["Authorization"].endswith("==")
def test_construct(self, client): _key = rsa_load(os.path.join(BASE_PATH, "data/keys/rsa.key")) kc_rsa = KeyBundle([{ "key": _key, "kty": "RSA", "use": "ver" }, { "key": _key, "kty": "RSA", "use": "sig" }]) client.client_info.keyjar[""] = kc_rsa client.client_info.provider_info = { 'issuer': 'https://example.com/', 'token_endpoint': "https://example.com/token" } client.service['accesstoken'].endpoint = "https://example.com/token" request = AccessTokenRequest() pkj = PrivateKeyJWT() http_args = pkj.construct(request, cli_info=client.client_info, algorithm="RS256", authn_endpoint='token') assert http_args == {} cas = request["client_assertion"] pub_kb = KeyBundle([{ "key": _key.public_key(), "kty": "RSA", "use": "ver" }, { "key": _key.public_key(), "kty": "RSA", "use": "sig" }]) jso = JWT(rec_keys={client.client_id: pub_kb.get('RSA')}).unpack(cas) assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"]) #assert _jwt.headers == {'alg': 'RS256'} assert jso['aud'] == [ client.client_info.provider_info['token_endpoint'] ]
def test_construct_client_assertion(self, client): _key = rsa_load(os.path.join(BASE_PATH, "data/keys/rsa.key")) kc_rsa = KeyBundle([{ "key": _key, "kty": "RSA", "use": "ver" }, { "key": _key, "kty": "RSA", "use": "sig" }]) request = AccessTokenRequest() pkj = PrivateKeyJWT() _ca = assertion_jwt(client.client_id, kc_rsa.get('RSA'), "https://example.com/token", 'RS256') http_args = pkj.construct(request, client_assertion=_ca) assert http_args == {} assert request['client_assertion'] == _ca assert request['client_assertion_type'] == JWT_BEARER
def test_construct(self, client): request = client.service['accesstoken'].construct( cli_info=client.client_info, redirect_uri="http://example.com", state='ABCDE') csp = ClientSecretPost() http_args = csp.construct(request, cli_info=client.client_info) assert request["client_id"] == "A" assert request["client_secret"] == "boarding pass" assert http_args is None request = AccessTokenRequest(code="foo", redirect_uri="http://example.com") http_args = csp.construct(request, cli_info=client.client_info, http_args={"client_secret": "another"}) assert request["client_id"] == "A" assert request["client_secret"] == "another" assert http_args == {}
def test_request_info(self): req_args = { 'redirect_uri': 'https://example.com/cli/authz_cb', 'code': 'access_code' } self.req.endpoint = 'https://example.com/authorize' _info = self.req.request_info(self.cli_info, request_args=req_args, state='state', authn_method='client_secret_basic') assert set(_info.keys()) == {'body', 'uri', 'cis', 'kwargs', 'h_args'} assert _info['uri'] == 'https://example.com/authorize' assert _info['cis'].to_dict() == { 'client_id': 'client_id', 'code': 'access_code', 'grant_type': 'authorization_code', 'redirect_uri': 'https://example.com/cli/authz_cb' } msg = AccessTokenRequest().from_urlencoded( self.req.get_urlinfo(_info['body'])) assert msg == _info['cis']