def test_token_request_handles_missing_provider_token_endpoint(self):
facade = PyoidcFacade(
ProviderConfiguration(
provider_metadata=self.PROVIDER_METADATA,
client_metadata=self.CLIENT_METADATA,
),
self.REDIRECT_URI,
)
assert facade.token_request("1234") is None
def test_token_request_handles_error_response(self):
token_endpoint = self.PROVIDER_BASEURL + '/token'
token_response = TokenErrorResponse(error='invalid_request', error_description='test error description')
responses.add(responses.POST, token_endpoint, json=token_response.to_dict(), status=400)
provider_metadata = self.PROVIDER_METADATA.copy(token_endpoint=token_endpoint)
facade = PyoidcFacade(ProviderConfiguration(provider_metadata=provider_metadata,
client_metadata=self.CLIENT_METADATA),
self.REDIRECT_URI)
assert facade.token_request('1234') == token_response
def test_token_request(self):
token_endpoint = self.PROVIDER_BASEURL + "/token"
now = int(time.time())
id_token_claims = {
"iss": self.PROVIDER_METADATA["issuer"],
"sub": "test_user",
"aud": [self.CLIENT_METADATA["client_id"]],
"exp": now + 1,
"iat": now,
"nonce": "test_nonce",
}
id_token_jwt, id_token_signing_key = signed_id_token(id_token_claims)
token_response = AccessTokenResponse(access_token="test_access_token",
token_type="Bearer",
id_token=id_token_jwt)
responses.add(responses.POST,
token_endpoint,
json=token_response.to_dict())
provider_metadata = self.PROVIDER_METADATA.copy(
token_endpoint=token_endpoint)
facade = PyoidcFacade(
ProviderConfiguration(
provider_metadata=provider_metadata,
client_metadata=self.CLIENT_METADATA,
),
self.REDIRECT_URI,
)
auth_code = "auth_code-1234"
responses.add(
responses.GET,
self.PROVIDER_METADATA["jwks_uri"],
json={"keys": [id_token_signing_key.serialize()]},
)
with self.app.app_context():
token_response = facade.token_request(auth_code)
assert isinstance(token_response, AccessTokenResponse)
expected_token_response = token_response.to_dict()
expected_token_response["id_token"] = id_token_claims
expected_token_response["id_token_jwt"] = id_token_jwt
assert token_response.to_dict() == expected_token_response
token_request = dict(parse_qsl(responses.calls[0].request.body))
expected_token_request = {
"grant_type": "authorization_code",
"code": auth_code,
"redirect_uri": self.FULL_REDIRECT_URI
}
assert token_request == expected_token_request
def test_token_request(self):
token_endpoint = self.PROVIDER_BASEURL + '/token'
now = int(time.time())
id_token_claims = {
'iss': self.PROVIDER_METADATA['issuer'],
'sub': 'test_user',
'aud': [self.CLIENT_METADATA['client_id']],
'exp': now + 1,
'iat': now,
'nonce': 'test_nonce'
}
id_token_jwt, id_token_signing_key = signed_id_token(id_token_claims)
token_response = AccessTokenResponse(access_token='test_access_token',
token_type='Bearer',
id_token=id_token_jwt)
responses.add(responses.POST,
token_endpoint,
json=token_response.to_dict())
provider_metadata = self.PROVIDER_METADATA.copy(
token_endpoint=token_endpoint)
facade = PyoidcFacade(
ProviderConfiguration(provider_metadata=provider_metadata,
client_metadata=self.CLIENT_METADATA),
self.REDIRECT_URI)
auth_code = 'auth_code-1234'
responses.add(responses.GET,
self.PROVIDER_METADATA['jwks_uri'],
json={'keys': [id_token_signing_key.serialize()]})
token_response = facade.token_request(auth_code)
assert isinstance(token_response, AccessTokenResponse)
expected_token_response = token_response.to_dict()
expected_token_response['id_token'] = id_token_claims
expected_token_response['id_token_jwt'] = id_token_jwt
assert token_response.to_dict() == expected_token_response
token_request = dict(parse_qsl(responses.calls[0].request.body))
expected_token_request = {
'grant_type': 'authorization_code',
'code': auth_code,
'redirect_uri': self.REDIRECT_URI
}
assert token_request == expected_token_request
def test_token_request_handles_error_response(self):
token_endpoint = self.PROVIDER_BASEURL + "/token"
token_response = TokenErrorResponse(
error="invalid_request",
error_description="test error description")
responses.add(responses.POST,
token_endpoint,
json=token_response.to_dict(),
status=400)
provider_metadata = self.PROVIDER_METADATA.copy(
token_endpoint=token_endpoint)
facade = PyoidcFacade(
ProviderConfiguration(
provider_metadata=provider_metadata,
client_metadata=self.CLIENT_METADATA,
),
self.REDIRECT_URI,
)
with self.app.app_context():
assert facade.token_request("1234") == token_response