コード例 #1
0
ファイル: test_oauth2.py プロジェクト: asheidan/pyoidc
def test_client_endpoint():
    cli = Client()
    cli.authorization_endpoint = "https://example.org/oauth2/as"
    cli.token_endpoint = "https://example.org/oauth2/token"
    cli.token_revocation_endpoint = "https://example.org/oauth2/token_rev"

    ae = cli._endpoint("authorization_endpoint")
    assert ae == "https://example.org/oauth2/as"
    te = cli._endpoint("token_endpoint")
    assert te == "https://example.org/oauth2/token"
    tre = cli._endpoint("token_revocation_endpoint")
    assert tre == "https://example.org/oauth2/token_rev"

    ae = cli._endpoint("authorization_endpoint", **{"authorization_endpoint": "https://example.com/as"})
    assert ae == "https://example.com/as"

    cli.token_endpoint = ""
    raises(Exception, 'cli._endpoint("token_endpoint")')
    raises(Exception, 'cli._endpoint("foo_endpoint")')
コード例 #2
0
def test_client_endpoint():
    cli = Client()
    cli.authorization_endpoint = "https://example.org/oauth2/as"
    cli.token_endpoint = "https://example.org/oauth2/token"
    cli.token_revocation_endpoint = "https://example.org/oauth2/token_rev"

    ae = cli._endpoint("authorization_endpoint")
    assert ae == "https://example.org/oauth2/as"
    te = cli._endpoint("token_endpoint")
    assert te == "https://example.org/oauth2/token"
    tre = cli._endpoint("token_revocation_endpoint")
    assert tre == "https://example.org/oauth2/token_rev"

    ae = cli._endpoint("authorization_endpoint",
                       **{"authorization_endpoint": "https://example.com/as"})
    assert ae == "https://example.com/as"

    cli.token_endpoint = ""
    raises(Exception, 'cli._endpoint("token_endpoint")')
    raises(Exception, 'cli._endpoint("foo_endpoint")')
コード例 #3
0
ファイル: __init__.py プロジェクト: HaToHo/IdPproxy
    def phaseN(self, environ, info, server_env, sid):
        session = server_env["CACHE"][sid]

        callback = server_env["base_url"] + self.social_endpoint

        client = Client(client_id=self.client_id,
                        client_authn_method=CLIENT_AUTHN_METHOD)
        response = client.parse_response(AuthorizationResponse, info, "dict")
        logger.info("Response: %s" % response)

        if isinstance(response, ErrorResponse):
            logger.info("%s" % response)
            session["authentication"] = "FAILED"
            return False, "Authentication failed or permission not granted"

        req_args = {
            "redirect_uri": callback,
            "client_secret": self.client_secret,
        }

        client.token_endpoint = self.extra["token_endpoint"]
        tokenresp = client.do_access_token_request(
            scope=self._scope,
            body_type=self.token_response_body_type,
            request_args=req_args,
            authn_method="client_secret_post",
            state=response["state"],
            response_cls=self.access_token_response)

        if isinstance(tokenresp, ErrorResponse):
            logger.info("%s" % tokenresp)
            session["authentication"] = "FAILED"
            return False, "Authentication failed or permission not granted"

        # Download the user profile and cache a local instance of the
        # basic profile info
        result = client.fetch_protected_resource(
            self.userinfo_endpoint(tokenresp), token=tokenresp["access_token"])

        logger.info("Userinfo: %s" % result.text)
        root = ET.fromstring(result.text)
        jsontext = json.dumps(root.attrib)
        profile = json.loads(jsontext)
        profile = self.convert(profile)
        logger.info("PROFILE: %s" % (profile, ))
        session["service"] = self.name
        session["authentication"] = "OK"
        session["status"] = "SUCCESS"
        session["authn_auth"] = self.authenticating_authority
        session["permanent_id"] = profile["uid"]

        server_env["CACHE"][sid] = session

        return True, profile, session
コード例 #4
0
    def phaseN(self, environ, info, server_env, sid):
        session = server_env["CACHE"][sid]

        callback = server_env["base_url"] + self.social_endpoint

        client = Client(client_id=self.client_id,
                        client_authn_method=CLIENT_AUTHN_METHOD)
        response = client.parse_response(AuthorizationResponse, info, "dict")
        logger.info("Response: %s" % response)

        if isinstance(response, ErrorResponse):
            logger.info("%s" % response)
            session["authentication"] = "FAILED"
            return False, "Authentication failed or permission not granted"

        req_args = {
            "redirect_uri": callback,
            "client_secret": self.client_secret,
        }

        client.token_endpoint = self.extra["token_endpoint"]
        tokenresp = client.do_access_token_request(
            scope=self._scope,
            body_type=self.token_response_body_type,
            request_args=req_args,
            authn_method="client_secret_post",
            state=response["state"],
            response_cls=self.access_token_response)

        if isinstance(tokenresp, ErrorResponse):
            logger.info("%s" % tokenresp)
            session["authentication"] = "FAILED"
            return False, "Authentication failed or permission not granted"

        # Download the user profile and cache a local instance of the
        # basic profile info
        result = client.fetch_protected_resource(
            self.userinfo_endpoint(tokenresp), token=tokenresp["access_token"])

        logger.info("Userinfo: %s" % result.text)
        profile = json.loads(result.text)

        logger.info("PROFILE: %s" % (profile, ))
        session["service"] = self.name
        session["authentication"] = "OK"
        session["status"] = "SUCCESS"
        session["authn_auth"] = self.authenticating_authority
        session["permanent_id"] = profile["id"]

        server_env["CACHE"][sid] = session

        return True, self.convert(profile), session
コード例 #5
0
def test_private_key_jwt():
    cli = Client("FOO")
    cli.token_endpoint = "https://example.com/token"
    cli.keyjar[""] = KC_RSA

    cis = AccessTokenRequest()
    pkj = PrivateKeyJWT(cli)
    http_args = pkj.construct(cis, algorithm="RS256")
    assert http_args == {}
    cas = cis["client_assertion"]
    header, claim, crypto, header_b64, claim_b64 = jwkest.unpack(cas)
    jso = json.loads(claim)
    assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
    print header
    assert header == {'alg': 'RS256'}
コード例 #6
0
ファイル: __init__.py プロジェクト: dash-dash/pyoidc
    def phaseN(self, environ, query, server_env, session):
        callback = server_env["base_url"] + self.opKey

        client = Client(client_id=self.client_id,
                        client_authn_method=CLIENT_AUTHN_METHOD)
        response = client.parse_response(AuthorizationResponse, query, "dict")
        logger.info("Response: %s" % response)

        if isinstance(response, ErrorResponse):
            logger.info("%s" % response)
            return (False, "Authentication failed or permission not granted")

        req_args = {
            "redirect_uri": callback,
            "client_secret": self.client_secret,
        }

        client.token_endpoint = self.extra["token_endpoint"]
        tokenresp = client.do_access_token_request(
            scope=self._scope,
            body_type=self.token_response_body_type,
            request_args=req_args,
            authn_method="client_secret_post",
            state=response["state"],
            response_cls=self.access_token_response)

        if isinstance(tokenresp, ErrorResponse):
            logger.info("%s" % tokenresp)
            return (False, "Authentication failed or permission not granted")

        # Download the user profile and cache a local instance of the
        # basic profile info
        result = client.fetch_protected_resource(
            self.userinfo_endpoint(tokenresp), token=tokenresp["access_token"])

        logger.info("Userinfo: %s" % result.text)
        profile = json.loads(result.text)

        return True, profile, tokenresp["access_token"], client
コード例 #7
0
ファイル: test_authn.py プロジェクト: minhoryang/pyoidc
def test_client_secret_jwt():
    cli = Client("Foo")
    cli.token_endpoint = "https://example.com/token"
    cli.client_secret = "foobar"

    csj = ClientSecretJWT(cli)
    cis = AccessTokenRequest()

    http_args = csj.construct(cis, algorithm="HS256")
    print http_args
    assert cis["client_assertion_type"] == JWT_BEARER
    assert "client_assertion" in cis
    cas = cis["client_assertion"]
    _jwt = JWT().unpack(cas)
    jso = json.loads(_jwt.part[1])
    assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
    print _jwt.headers
    assert _jwt.headers == {'alg': 'HS256'}

    _rj = JWS()
    info = _rj.verify_compact(cas, [SYMKey(key=cli.client_secret)])

    assert _eq(info.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
コード例 #8
0
ファイル: test_authn.py プロジェクト: dallerbarn/pyoidc
def test_client_secret_jwt():
    cli = Client("Foo")
    cli.token_endpoint = "https://example.com/token"
    cli.client_secret = "foobar"

    csj = ClientSecretJWT(cli)
    cis = AccessTokenRequest()

    http_args = csj.construct(cis, algorithm="HS256")
    print http_args
    assert cis["client_assertion_type"] == JWT_BEARER
    assert "client_assertion" in cis
    cas = cis["client_assertion"]
    _jwt = JWT().unpack(cas)
    jso = json.loads(_jwt.part[1])
    assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
    print _jwt.headers
    assert _jwt.headers == {'alg': 'HS256'}

    _rj = JWS()
    info = _rj.verify_compact(cas, [SYMKey(key=cli.client_secret)])

    assert _eq(info.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
コード例 #9
0
ファイル: test_authn.py プロジェクト: biancini/pyoidc
def test_client_secret_jwt():
    cli = Client("Foo")
    cli.token_endpoint = "https://example.com/token"
    cli.client_secret = "foobar"

    csj = ClientSecretJWT(cli)
    cis = AccessTokenRequest()

    http_args = csj.construct(cis, algorithm="HS256")
    print http_args
    assert cis["client_assertion_type"] == JWT_BEARER
    assert "client_assertion" in cis
    cas = cis["client_assertion"]
    header, claim, crypto, header_b64, claim_b64 = jwkest.unpack(cas)
    jso = json.loads(claim)
    assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
    print header
    assert header == {'alg': 'HS256'}

    _rj = JWS()
    info = _rj.verify_compact(cas, [SYM_key(key=cli.client_secret)])

    _dict = json.loads(info)
    assert _eq(_dict.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])