def test_fail_when_cant_fetch_provider_configuration(id_token, rsa_key): # fake ConnectionError for the Provider Configuration endpoint responses.add(responses.GET, OIDCONF_PATTERN % ISSUER, body=ConnectionError('Error')) jwt = id_token.to_jwt([rsa_key], 'RS256') with pytest.raises(IDTokenVerificationError): verify_signed_id_token(jwt)
def test_fail_when_cant_fetch_provider_jwks_uri(id_token, rsa_key): jwks_uri = '{}/jwks_uri'.format(ISSUER) responses.add(responses.GET, OIDCONF_PATTERN % ISSUER, json={'issuer': ISSUER, 'jwks_uri': jwks_uri}, status=200) # fake ConnectionError for the jwks_uri endpoint responses.add(responses.GET, jwks_uri, body=ConnectionError('Error')) jwt = id_token.to_jwt([rsa_key], 'RS256') with pytest.raises(IDTokenVerificationError): verify_signed_id_token(jwt)
def test_verify_with_issuer_keys(id_token, rsa_key): jwks_uri = '{}/jwks_uri'.format(ISSUER) responses.add(responses.GET, OIDCONF_PATTERN % ISSUER, json={'issuer': ISSUER, 'jwks_uri': jwks_uri}, status=200) responses.add(responses.GET, jwks_uri, json={'keys': [rsa_key.serialize()]}, status=200) jwt = id_token.to_jwt([rsa_key], 'RS256') unpacked = verify_signed_id_token(jwt) assert IdToken().from_json(unpacked) == id_token
def app(environ, start_response): if environ['REQUEST_METHOD'] != 'POST': start_response('405 Not Allowed', [('Content-Type', 'text/plain')]) return ['Only POST is supported.'.encode('utf-8')] post_data = get_post(environ) parsed_data = dict(parse_qsl(post_data)) start_response('200 OK', [('Content-Type', 'application/json')]) try: verified_token = verify_signed_id_token(**parsed_data) except IDTokenVerificationError as e: return [json.dumps({"error": str(e)}).encode('utf-8')] return [verified_token.encode('utf-8')]
def test_fail_on_symmetric_key_signature_but_key_not_provided(id_token, sym_key): jwt = id_token.to_jwt([sym_key], 'HS256') with pytest.raises(IDTokenVerificationError): verify_signed_id_token(jwt) # don't pass symmetric key
def test_fail_verify_on_wrong_key(id_token, sym_key): jwt = id_token.to_jwt([sym_key], 'HS256') with pytest.raises(IDTokenVerificationError): verify_signed_id_token(jwt, key=rndstr()) # pass random symmetric key and expect failure
def test_verify_jwt_signed_with_symmetric_key(id_token, sym_key): jwt = id_token.to_jwt([sym_key], 'HS256') unpacked = verify_signed_id_token(jwt, key=sym_key.k) assert IdToken().from_json(unpacked) == id_token
def test_verify_unsigned_jwt(id_token): jwt = id_token.to_jwt() unpacked = verify_signed_id_token(jwt) assert IdToken().from_json(unpacked) == id_token
def test_verify_with_provided_jwks(id_token, rsa_key): # for provider not supporting discovery jwt = id_token.to_jwt([rsa_key], 'RS256') unpacked = verify_signed_id_token(jwt, jwks=json.dumps({'keys': [rsa_key.serialize()]})) assert IdToken().from_json(unpacked) == id_token