def test_token_endpoint_password(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client1") _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.access_token(sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": "", "client_id": "client1", "code": access_grant, "code_used": False, "redirect_uri": "http://example.com/authz", "token_endpoint_auth_method": "client_secret_basic", } areq = ROPCAccessTokenRequest(grant_type="password", username="******", password="******") authn = "Basic Y2xpZW50Mjp2ZXJ5c2VjcmV0=" resp = self.provider.token_endpoint(request=areq.to_urlencoded(), authn=authn) parsed = TokenErrorResponse().from_json(resp.message) assert parsed["error"] == "unsupported_grant_type"
def test_init(self): ropc = ROPCAccessTokenRequest(grant_type="password", username="******", password="******") assert ropc["grant_type"] == "password" assert ropc["username"] == "johndoe" assert ropc["password"] == "A3ddj3w"
def test_password_grant_type_bad(self): # Set a not so dummy Authn method and token policy self.provider.authn_broker = AUTHN_BROKER2 self.provider.set_token_policy('client1', {'grant_type': ['password']}) areq = ROPCAccessTokenRequest(grant_type='password', username='******', password='******') areq['client_id'] = 'client1' # Token endpoint would fill that in based on client_authn resp = self.provider.password_grant_type(areq) atr = TokenErrorResponse().deserialize(resp.message, "json") assert atr['error'] == 'invalid_grant'
def test_password_grant_type_no_authn(self): # Set a blank AuthnBroker self.provider.authn_broker = AuthnBroker() self.provider.set_token_policy('client1', {'grant_type': ['password']}) areq = ROPCAccessTokenRequest(grant_type='password', username='******', password='******') areq['client_id'] = 'client1' # Token endpoint would fill that in based on client_authn resp = self.provider.password_grant_type(areq) atr = TokenErrorResponse().deserialize(resp.message, "json") assert atr['error'] == 'invalid_grant'
def test_password_grant_type_ok(self): # Set a not so dummy Authn method and token policy self.provider.authn_broker = AUTHN_BROKER2 self.provider.set_token_policy('client1', {'grant_type': ['password']}) areq = ROPCAccessTokenRequest(grant_type='password', username='******', password='******') areq['client_id'] = 'client1' # Token endpoint would fill that in based on client_authn resp = self.provider.password_grant_type(areq) atr = AccessTokenResponse().deserialize(resp.message, "json") assert _eq(atr.keys(), ['access_token', 'token_type', 'refresh_token'])
def test_password_grant_type_bad(self): # Set a not so dummy Authn method and token policy self.provider.authn_broker = AUTHN_BROKER2 self.provider.set_token_policy("client1", {"grant_type": ["password"]}) areq = ROPCAccessTokenRequest(grant_type="password", username="******", password="******") areq[ "client_id"] = "client1" # Token endpoint would fill that in based on client_authn resp = self.provider.password_grant_type(areq) atr = TokenErrorResponse().deserialize(resp.message, "json") assert atr["error"] == "invalid_grant"
def test_password_grant_type_no_authn(self): # Set a blank AuthnBroker self.provider.authn_broker = AuthnBroker() self.provider.set_token_policy("client1", {"grant_type": ["password"]}) areq = ROPCAccessTokenRequest(grant_type="password", username="******", password="******") areq[ "client_id"] = "client1" # Token endpoint would fill that in based on client_authn resp = self.provider.password_grant_type(areq) atr = TokenErrorResponse().deserialize(resp.message, "json") assert atr["error"] == "invalid_grant"
def test_password_grant_type_ok(self): # Set a not so dummy Authn method and token policy self.provider.authn_broker = AUTHN_BROKER2 self.provider.set_token_policy("client1", {"grant_type": ["password"]}) areq = ROPCAccessTokenRequest(grant_type="password", username="******", password="******") areq[ "client_id"] = "client1" # Token endpoint would fill that in based on client_authn resp = self.provider.password_grant_type(areq) atr = AccessTokenResponse().deserialize(resp.message, "json") assert _eq(atr.keys(), ["access_token", "token_type", "refresh_token"])