def test_client_registration_delete(self): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } request = RegistrationRequest(**args) resp = self.provider.registration_endpoint(request=request.to_json(), environ={}) _resp = ClientInfoResponse().from_json(resp.message) resp = self.provider.client_info_endpoint( request=request.to_json(), environ={"HTTP_AUTHORIZATION": "Bearer %s" % ( _resp["registration_access_token"],)}, method="DELETE", query="client_id=%s" % _resp["client_id"]) assert isinstance(resp, NoContent) # A read should fail resp = self.provider.client_info_endpoint( "", environ={"HTTP_AUTHORIZATION": "Bearer %s" % ( _resp["registration_access_token"],)}, query="client_id=%s" % _resp["client_id"]) assert isinstance(resp, Unauthorized)
def test_client_user_info_get(self): args = { "redirect_uris": [ "https://client.example.org/callback", "https://client.example.org/callback2" ], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } request = RegistrationRequest(**args) resp = self.provider.registration_endpoint(request=request.to_json()) _resp = ClientInfoResponse().from_json(resp.message) resp = self.provider.client_info_endpoint( "GET", environ={ "HTTP_AUTHORIZATION": "Bearer %s" % (_resp["registration_access_token"], ) }, query="client_id=%s" % _resp["client_id"], request=request.to_json()) _resp_cir = ClientInfoResponse().from_json(resp.message) assert _resp == _resp_cir
def test_client_registration_with_software_statement(self): jwks, keyjar, kidd = build_keyjar(KEYS) fed_operator = 'https://fedop.example.org' self.provider.keyjar[fed_operator] = keyjar[''] ss = make_software_statement(keyjar, fed_operator, client_id='foxtrot') args = { "redirect_uris": [ "https://client.example.org/callback", "https://client.example.org/callback2" ], "client_name": "XYZ Service B", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", 'software_statement': ss } request = RegistrationRequest(**args) resp = self.provider.registration_endpoint(request=request.to_json(), environ={}) cli_resp = ClientInfoResponse().from_json(resp.message) assert cli_resp
def test_registration_uri_error(self): args = { "redirect_uris": [ "https://client.example.org/callback", "https://client.example.org/callback2" ], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", # invalid logo_uri "logo_uri": "https://client.example.org/logo.png", "jwks_uri": "https://client.example.org/my_public_keys.jwks" } request = RegistrationRequest(**args) resp = self.provider.registration_endpoint(request=request.to_json()) _resp = ClientRegistrationError().from_json(resp.message) assert "error" in _resp assert _resp["error"] == "invalid_client_metadata"
def test_client_registration_update(self): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } request = RegistrationRequest(**args) resp = self.provider.registration_endpoint(request=request.to_json(), environ={}) _resp = ClientInfoResponse().from_json(resp.message) update = { "client_id": _resp["client_id"], "client_secret": _resp["client_secret"], "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/alt"], "scope": "read write dolphin", "grant_types": ["authorization_code", "refresh_token"], "token_endpoint_auth_method": "client_secret_basic", "jwks_uri": "https://client.example.org/my_public_keys.jwks", "client_name": "My New Example", "client_name#fr": "Mon Nouvel Exemple", } update_req = RegistrationRequest(**update) resp = self.provider.client_info_endpoint( request=update_req.to_json(), environ={"HTTP_AUTHORIZATION": "Bearer %s" % ( _resp["registration_access_token"],)}, method="PUT", query="client_id=%s" % _resp["client_id"]) _resp_up = ClientInfoResponse().from_json(resp.message) assert _resp_up["client_id"] == update["client_id"] assert _resp_up["client_secret"] == update["client_secret"] assert _resp_up["redirect_uris"] == update["redirect_uris"] assert _resp_up["scope"] == update["scope"].split() assert _resp_up["grant_types"] == update["grant_types"] assert _resp_up["token_endpoint_auth_method"] == update[ "token_endpoint_auth_method"] assert _resp_up["jwks_uri"] == update["jwks_uri"] assert _resp_up["client_name"] == update["client_name"] assert _resp_up["client_name#fr"] == update["client_name#fr"]
def test_registration_endpoint(self): request = RegistrationRequest(client_name="myself", redirect_uris=["https://example.com/rp"]) resp = self.provider.registration_endpoint(request=request.to_json()) assert isinstance(resp, Response) data = json.loads(resp.message) assert data["client_name"] == "myself" assert _eq(data["redirect_uris"], ["https://example.com/rp"]) _resp = ClientInfoResponse().from_json(resp.message) assert "client_id" in _resp
def test_client_registration_delete(self): args = { "redirect_uris": [ "https://client.example.org/callback", "https://client.example.org/callback2" ], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } request = RegistrationRequest(**args) resp = self.provider.registration_endpoint(request=request.to_json(), environ={}) _resp = ClientInfoResponse().from_json(resp.message) resp = self.provider.client_info_endpoint( request=request.to_json(), environ={ "HTTP_AUTHORIZATION": "Bearer %s" % (_resp["registration_access_token"], ) }, method="DELETE", query="client_id=%s" % _resp["client_id"]) assert isinstance(resp, NoContent) # A read should fail resp = self.provider.client_info_endpoint( "", environ={ "HTTP_AUTHORIZATION": "Bearer %s" % (_resp["registration_access_token"], ) }, query="client_id=%s" % _resp["client_id"]) assert isinstance(resp, Unauthorized)
def test_registration_endpoint(self): request = RegistrationRequest( client_name="myself", redirect_uris=["https://example.com/rp"], grant_type=['authorization_code', 'implicit']) resp = self.provider.registration_endpoint(request=request.to_json()) assert isinstance(resp, Response) data = json.loads(resp.message) assert data["client_name"] == "myself" assert _eq(data["redirect_uris"], ["https://example.com/rp"]) _resp = ClientInfoResponse().from_json(resp.message) assert "client_id" in _resp
def test_client_user_info_get(self): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } request = RegistrationRequest(**args) resp = self.provider.registration_endpoint(request=request.to_json()) _resp = ClientInfoResponse().from_json(resp.message) resp = self.provider.client_info_endpoint( "GET", environ={"HTTP_AUTHORIZATION": "Bearer %s" % ( _resp["registration_access_token"],)}, query="client_id=%s" % _resp["client_id"], request=request.to_json()) _resp_cir = ClientInfoResponse().from_json(resp.message) assert _resp == _resp_cir
def test_client_registration_utf_8_client_name(self): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } request = RegistrationRequest(**args) resp = self.provider.registration_endpoint(request=request.to_json()) _resp = ClientInfoResponse().from_json(resp.message) assert _resp[ "client_name#ja-Jpan-JP"] == "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D" assert _resp["client_name"] == "My Example Client"
def test_client_registration_with_software_statement(self): jwks, keyjar, kidd = build_keyjar(KEYS) fed_operator = 'https://fedop.example.org' self.provider.keyjar[fed_operator] = keyjar[''] ss = make_software_statement(keyjar, fed_operator, client_id='foxtrot') args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "XYZ Service B", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", 'software_statement': ss } request = RegistrationRequest(**args) resp = self.provider.registration_endpoint(request=request.to_json(), environ={}) cli_resp = ClientInfoResponse().from_json(resp.message) assert cli_resp
def test_registration_uri_error(self): args = { "redirect_uris": ["https://client.example.org/callback", "https://client.example.org/callback2"], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", # invalid logo_uri "logo_uri": "https://client.example.org/logo.png", "jwks_uri": "https://client.example.org/my_public_keys.jwks" } request = RegistrationRequest(**args) resp = self.provider.registration_endpoint(request=request.to_json()) _resp = ClientRegistrationError().from_json(resp.message) assert "error" in _resp assert _resp["error"] == "invalid_client_metadata"
def test_client_registration_utf_8_client_name(self): args = { "redirect_uris": [ "https://client.example.org/callback", "https://client.example.org/callback2" ], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } request = RegistrationRequest(**args) resp = self.provider.registration_endpoint(request=request.to_json()) _resp = ClientInfoResponse().from_json(resp.message) assert _resp[ "client_name#ja-Jpan-JP"] == "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D" assert _resp["client_name"] == "My Example Client"
def test_client_registration_update(self): args = { "redirect_uris": [ "https://client.example.org/callback", "https://client.example.org/callback2" ], "client_name": "My Example Client", "client_name#ja-Jpan-JP": "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D", "token_endpoint_auth_method": "client_secret_basic", "scope": "read write dolphin", } request = RegistrationRequest(**args) resp = self.provider.registration_endpoint(request=request.to_json(), environ={}) _resp = ClientInfoResponse().from_json(resp.message) update = { "client_id": _resp["client_id"], "client_secret": _resp["client_secret"], "redirect_uris": [ "https://client.example.org/callback", "https://client.example.org/alt" ], "scope": "read write dolphin", "grant_types": ["authorization_code", "refresh_token"], "token_endpoint_auth_method": "client_secret_basic", "jwks_uri": "https://client.example.org/my_public_keys.jwks", "client_name": "My New Example", "client_name#fr": "Mon Nouvel Exemple", } update_req = RegistrationRequest(**update) resp = self.provider.client_info_endpoint( request=update_req.to_json(), environ={ "HTTP_AUTHORIZATION": "Bearer %s" % (_resp["registration_access_token"], ) }, method="PUT", query="client_id=%s" % _resp["client_id"]) _resp_up = ClientInfoResponse().from_json(resp.message) assert _resp_up["client_id"] == update["client_id"] assert _resp_up["client_secret"] == update["client_secret"] assert _resp_up["redirect_uris"] == update["redirect_uris"] assert _resp_up["scope"] == update["scope"].split() assert _resp_up["grant_types"] == update["grant_types"] assert _resp_up["token_endpoint_auth_method"] == update[ "token_endpoint_auth_method"] assert _resp_up["jwks_uri"] == update["jwks_uri"] assert _resp_up["client_name"] == update["client_name"] assert _resp_up["client_name#fr"] == update["client_name#fr"]
print('signed_jwks_uri content') print(70 * "-") print_lines(signed_jwks) # ----------------------------------------------------------------------------- # Create client registration request # ----------------------------------------------------------------------------- rr = RegistrationRequest(jwks_uri='https://example.com/rp/jwks', software_statements=[sost], signed_jwks_uri='https://example.com/rp/signed_jwks', response_types=['code'], id_token_signed_response_alg='SHA-256', signing_key=signed_intermediate) _jws = JWS(rr.to_json(), alg='RS256') keys = a_keyjar.keys_by_alg_and_usage('', 'RS384', 'sig') signed_reg_req = _jws.sign_compact(keys) rr['signed_metadata'] = signed_reg_req print(70 * "-") print('Client registration request') print(70 * "-") print_lines( json.dumps(rr.to_dict(), sort_keys=True, indent=2, separators=(',', ': '))) #### ====================================================================== ## On the OP #### ======================================================================
print_lines(signed_jwks) # ----------------------------------------------------------------------------- # Create client registration request # ----------------------------------------------------------------------------- rr = RegistrationRequest( jwks_uri="https://example.com/rp/jwks", software_statements=[sost], signed_jwks_uri="https://example.com/rp/signed_jwks", response_types=["code"], id_token_signed_response_alg="SHA-256", signing_key=signed_intermediate, ) _jws = JWS(rr.to_json(), alg="RS256") keys = a_keyjar.keys_by_alg_and_usage("", "RS384", "sig") signed_reg_req = _jws.sign_compact(keys) rr["signed_metadata"] = signed_reg_req print(70 * "-") print("Client registration request") print(70 * "-") print_lines(json.dumps(rr.to_dict(), sort_keys=True, indent=2, separators=(",", ": "))) #### ====================================================================== ## On the OP #### ====================================================================== op_keyjar = KeyJar()