コード例 #1
0
def test_parse_authorization_request():
    srv = Server()
    qdict = srv.parse_authorization_request(query=AREQ.to_urlencoded())
    assert _eq(qdict.keys(), [
        'nonce', 'state', 'redirect_uri', 'response_type', 'client_id', 'scope'
    ])
    assert qdict["state"] == "state0"
コード例 #2
0
ファイル: test_oic.py プロジェクト: dash-dash/pyoidc
def test_parse_urlencoded():
    loc = "http://example.com/userinfo?access_token=access_token"
    srv = Server()
    qdict = srv._parse_urlencoded(loc)
    assert _eq(qdict.keys(), ["access_token"])
    # all values as lists
    assert qdict["access_token"] == ["access_token"]
コード例 #3
0
def test_server_parse_parse_authorization_request():
    srv = Server()
    srv.keyjar = KEYJ
    ar = AuthorizationRequest(
        response_type=["code"],
        client_id="foobar",
        redirect_uri="http://foobar.example.com/oaclient",
        state="cold",
        nonce="NONCE",
        scope=["openid"])

    uencq = ar.to_urlencoded()

    areq = srv.parse_authorization_request(query=uencq)

    assert areq.type() == "AuthorizationRequest"
    assert areq["response_type"] == ["code"]
    assert areq["client_id"] == "foobar"
    assert areq["redirect_uri"] == "http://foobar.example.com/oaclient"
    assert areq["state"] == "cold"

    urluenc = "%s?%s" % ("https://example.com/authz", uencq)

    areq = srv.parse_authorization_request(url=urluenc)

    assert areq.type() == "AuthorizationRequest"
    assert areq["response_type"] == ["code"]
    assert areq["client_id"] == "foobar"
    assert areq["redirect_uri"] == "http://foobar.example.com/oaclient"
    assert areq["state"] == "cold"
コード例 #4
0
 def __init__(self, patch, config={}):
     Server.__init__(self)
     self.patch = patch
     self.session = None
     self.config = {
         'issuer': 'https://example.com',
     }
     self.config.update(config)
     self.authz_codes = {}
     self.access_tokens = {}
     self.client = {
         'test-client': {
             'client_name': 'Test Client',
             'client_secret': 'test-secret',
             'post_logout_redirect_uris': [
                 'http://localhost:5000/sign-out',
             ],
             'redirect_uris': [
                 'http://localhost:5000/oidc_callback',
             ],
             'response_types': ['code'],
         }
     }
     self.access_token_lifetime = 3600
     self.authorization_code_lifetime = 600
     self.id_token_lifetime = 3600
     self.registration_expires_in = 3600
     self.host = ''
     self.userinfo_signed_response_alg = ''
     self.signing_key = RSAKey(key=rsa_load('signing_key.pem'), alg='RS256')
     self.urls = []
コード例 #5
0
def test_server_parse_token_request():
    atr = AccessTokenRequest(grant_type="authorization_code",
                             code="SplxlOBeZQQYbYS6WxSbIA",
                             redirect_uri="https://client.example.com/cb",
                             client_id=CLIENT_ID,
                             extra="foo")

    uenc = atr.to_urlencoded()

    srv = Server()
    srv.keyjar = KEYJ
    tr = srv.parse_token_request(body=uenc)
    print tr.keys()

    assert tr.type() == "AccessTokenRequest"
    assert _eq(tr.keys(),
               ['code', 'redirect_uri', 'grant_type', 'client_id', 'extra'])

    assert tr["grant_type"] == "authorization_code"
    assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA"

    tr = srv.parse_token_request(body=uenc)
    print tr.keys()

    assert tr.type() == "AccessTokenRequest"
    assert _eq(tr.keys(),
               ['code', 'grant_type', 'client_id', 'redirect_uri', 'extra'])

    assert tr["extra"] == "foo"
コード例 #6
0
    def test_begin_file(self, tmpdir):
        path = tmpdir.strpath
        external_path = "/exported"
        self.consumer.consumer_config["request_method"] = "file"
        self.consumer.consumer_config["temp_dir"] = path
        self.consumer.consumer_config["temp_path"] = external_path
        self.consumer.consumer_config["authz_page"] = "/authz"
        srv = Server()
        srv.keyjar = SRVKEYS

        sid, location = self.consumer.begin("openid", "code",
                                            path="http://localhost:8087")

        with responses.RequestsMock() as rsps:
            p = urlparse(self.consumer.request_uri)
            assert p.netloc == "localhost:8087"
            # Map the URL path to the local path
            relative_path = os.path.relpath(p.path, external_path)
            file_path = os.path.join(path, relative_path)

            with open(file_path) as f:
                rsps.add(rsps.GET, self.consumer.request_uri,
                         body=f.read(), status=200,
                         content_type='application/urlencoded')

            authreq = srv.parse_authorization_request(url=location)
            assert _eq(list(authreq.keys()),
                       ['max_age', 'state', 'redirect_uri', 'response_type',
                        'client_id', 'scope', 'claims'])

            assert authreq["state"] == sid
            assert authreq["scope"] == self.consumer.consumer_config["scope"]
            assert authreq["client_id"] == self.consumer.client_id
            assert authreq["redirect_uri"].startswith(
                "http://localhost:8087/authz")
コード例 #7
0
    def test_begin_file(self):
        tempdir = tempfile.mkdtemp()
        self.consumer.config["request_method"] = "file"
        self.consumer.config["temp_dir"] = tempdir
        self.consumer.config["temp_path"] = tempdir
        self.consumer.config["authz_page"] = "/authz"
        srv = Server()
        srv.keyjar = SRVKEYS

        sid, location = self.consumer.begin("openid",
                                            "code",
                                            path="http://localhost:8087")
        print location
        # vkeys = {".":srv.keyjar.get_verify_key()}
        authreq = srv.parse_authorization_request(url=location)
        print authreq.keys()
        assert _eq(authreq.keys(), [
            'max_age', 'state', 'redirect_uri', 'response_type', 'client_id',
            'scope', 'claims', 'request_uri'
        ])

        assert authreq["state"] == sid
        assert authreq["scope"] == self.consumer.config["scope"]
        assert authreq["client_id"] == self.consumer.client_id
        assert authreq["redirect_uri"].startswith(
            "http://localhost:8087/authz")
        # Cleanup the file we have created
        shutil.rmtree(tempdir)
コード例 #8
0
ファイル: test_oic.py プロジェクト: Magosgruss/pyoidc
def test_request_attr_mis_match():
    redirect_uri = "http://example.com/redirect"
    client = Client(CLIENT_ID, client_authn_method=CLIENT_AUTHN_METHOD)
    client.redirect_uris = [redirect_uri]
    client.authorization_endpoint = "http://example.com/authorization"
    client.client_secret = "abcdefghijklmnop"
    client.keyjar[""] = KC_RSA
    client.behaviour = {
        "request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]}

    srv = Server()
    srv.keyjar = KEYJ

    areq = client.construct_AuthorizationRequest(
        request_args={
            "scope": "openid",
            "response_type": ["code"],
            "max_age": 86400,
            'state': 'foobar'
        },
        request_param="request")

    for attr in ['state', 'max_age', 'client_id']:
        del areq[attr]

    areq.lax = True
    req = srv.parse_authorization_request(query=areq.to_urlencoded())

    assert req.verify()
コード例 #9
0
ファイル: fakeoicsrv.py プロジェクト: imsoftware/pyoidc
 def __init__(self, jwt_keys=None, name=""):
     Server.__init__(self, jwt_keys=jwt_keys)
     self.sdb = SessionDB()
     self.name = name
     self.client = {}
     self.registration_expires_in = 3600
     self.host = ""
コード例 #10
0
def test_parse_urlencoded():
    loc = "http://example.com/userinfo?access_token=access_token"
    srv = Server()
    qdict = srv._parse_urlencoded(loc)
    assert _eq(qdict.keys(), ["access_token"])
    # all values as lists
    assert qdict["access_token"] == ["access_token"]
コード例 #11
0
ファイル: test_oic.py プロジェクト: imsoftware/pyoidc
def test_parse_registration_request():
    srv = Server()
    request = srv.parse_registration_request(data=REGREQ.to_urlencoded())
    assert request.type() == "RegistrationRequest"
    assert _eq(request.keys(), ["redirect_uris", "contacts", "client_id", "application_name", "type"])
    assert request["application_name"] == "pacubar"
    assert request["type"] == "client_associate"
コード例 #12
0
ファイル: test_oic.py プロジェクト: dash-dash/pyoidc
def test_server_parse_parse_authorization_request():
    srv = Server()
    srv.keyjar = KEYJ
    ar = AuthorizationRequest(response_type=["code"], client_id="foobar",
                              redirect_uri="http://foobar.example.com/oaclient",
                              state="cold", nonce="NONCE", scope=["openid"])

    uencq = ar.to_urlencoded()

    areq = srv.parse_authorization_request(query=uencq)

    assert areq.type() == "AuthorizationRequest"
    assert areq["response_type"] == ["code"]
    assert areq["client_id"] == "foobar"
    assert areq["redirect_uri"] == "http://foobar.example.com/oaclient"
    assert areq["state"] == "cold"

    urluenc = "%s?%s" % ("https://example.com/authz", uencq)

    areq = srv.parse_authorization_request(url=urluenc)

    assert areq.type() == "AuthorizationRequest"
    assert areq["response_type"] == ["code"]
    assert areq["client_id"] == "foobar"
    assert areq["redirect_uri"] == "http://foobar.example.com/oaclient"
    assert areq["state"] == "cold"
コード例 #13
0
ファイル: test_oic.py プロジェクト: dash-dash/pyoidc
def test_server_parse_token_request():
    atr = AccessTokenRequest(grant_type="authorization_code",
                             code="SplxlOBeZQQYbYS6WxSbIA",
                             redirect_uri="https://client.example.com/cb",
                             client_id=CLIENT_ID, extra="foo")

    uenc = atr.to_urlencoded()

    srv = Server()
    srv.keyjar = KEYJ
    tr = srv.parse_token_request(body=uenc)
    print tr.keys()

    assert tr.type() == "AccessTokenRequest"
    assert _eq(tr.keys(), ['code', 'redirect_uri', 'grant_type', 'client_id',
                           'extra'])

    assert tr["grant_type"] == "authorization_code"
    assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA"

    tr = srv.parse_token_request(body=uenc)
    print tr.keys()

    assert tr.type() == "AccessTokenRequest"
    assert _eq(tr.keys(), ['code', 'grant_type', 'client_id', 'redirect_uri',
                           'extra'])

    assert tr["extra"] == "foo"
コード例 #14
0
ファイル: test_oic.py プロジェクト: imsoftware/pyoidc
def test_parse_token_request():
    srv = Server()
    qdict = srv.parse_token_request(body=TREQ.to_urlencoded())
    assert qdict.type() == "AccessTokenRequest"
    assert _eq(qdict.keys(), ["code", "redirect_uri", "client_id", "grant_type"])
    assert qdict["client_id"] == CLIENT_ID
    assert qdict["code"] == "code"
コード例 #15
0
    def test_begin_file(self, tmpdir):
        path = tmpdir.strpath
        self.consumer.consumer_config["request_method"] = "file"
        self.consumer.consumer_config["temp_dir"] = path
        self.consumer.consumer_config["temp_path"] = path
        self.consumer.consumer_config["authz_page"] = "/authz"
        srv = Server()
        srv.keyjar = SRVKEYS

        sid, location = self.consumer.begin("openid",
                                            "code",
                                            path="http://localhost:8087")

        with responses.RequestsMock() as rsps:
            p = urlparse(self.consumer.request_uri)
            rsps.add(rsps.GET,
                     self.consumer.request_uri,
                     body=open(p.path).read(),
                     status=200,
                     content_type='application/urlencoded')

            authreq = srv.parse_authorization_request(url=location)
            assert _eq(list(authreq.keys()), [
                'max_age', 'state', 'redirect_uri', 'response_type',
                'client_id', 'scope', 'claims'
            ])

            assert authreq["state"] == sid
            assert authreq["scope"] == self.consumer.consumer_config["scope"]
            assert authreq["client_id"] == self.consumer.client_id
            assert authreq["redirect_uri"].startswith(
                "http://localhost:8087/authz")
コード例 #16
0
ファイル: test_oic.py プロジェクト: imsoftware/pyoidc
def test_server_parse_token_request():
    atr = AccessTokenRequest(
        grant_type="authorization_code",
        code="SplxlOBeZQQYbYS6WxSbIA",
        redirect_uri="https://client.example.com/cb",
        client_id="client_id",
        extra="foo",
    )

    uenc = atr.to_urlencoded()

    srv = Server()
    tr = srv.parse_token_request(body=uenc)
    print tr.keys()

    assert tr.type() == "AccessTokenRequest"
    assert _eq(tr.keys(), ["code", "redirect_uri", "grant_type", "client_id", "extra"])

    assert tr["grant_type"] == "authorization_code"
    assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA"

    tr = srv.parse_token_request(body=uenc)
    print tr.keys()

    assert tr.type() == "AccessTokenRequest"
    assert _eq(tr.keys(), ["code", "grant_type", "client_id", "redirect_uri", "extra"])

    assert tr["extra"] == "foo"
コード例 #17
0
ファイル: test_oic.py プロジェクト: dash-dash/pyoidc
def test_parse_check_session_request():
    srv = Server()
    srv.keyjar = KEYJ
    request = srv.parse_check_session_request(query=CSREQ.to_urlencoded())
    assert request.type() == "IdToken"
    assert _eq(request.keys(), ['nonce', 'sub', 'aud', 'iss', 'exp', 'iat'])
    assert request["aud"] == ["client_1"]
コード例 #18
0
    def test_begin_file(self):
        tempdir = tempfile.mkdtemp()
        self.consumer.config["request_method"] = "file"
        self.consumer.config["temp_dir"] = tempdir
        self.consumer.config["temp_path"] = tempdir
        self.consumer.config["authz_page"] = "/authz"
        srv = Server()
        srv.keyjar = SRVKEYS

        sid, location = self.consumer.begin("openid", "code",
                                       path="http://localhost:8087")
        print location
        #vkeys = {".":srv.keyjar.get_verify_key()}
        authreq = srv.parse_authorization_request(url=location)
        print authreq.keys()
        assert _eq(authreq.keys(), ['max_age', 'state', 'redirect_uri',
                                    'response_type', 'client_id', 'scope',
                                    'claims', 'request_uri'])

        assert authreq["state"] == sid
        assert authreq["scope"] == self.consumer.config["scope"]
        assert authreq["client_id"] == self.consumer.client_id
        assert authreq["redirect_uri"].startswith("http://localhost:8087/authz")
        # Cleanup the file we have created
        shutil.rmtree(tempdir)
コード例 #19
0
def test_request_attr_mis_match():
    redirect_uri = "http://example.com/redirect"
    client = Client(CLIENT_ID, client_authn_method=CLIENT_AUTHN_METHOD)
    client.redirect_uris = [redirect_uri]
    client.authorization_endpoint = "http://example.com/authorization"
    client.client_secret = "abcdefghijklmnop"
    client.keyjar[""] = KC_RSA
    client.behaviour = {
        "request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]
    }

    srv = Server()
    srv.keyjar = KEYJ

    areq = client.construct_AuthorizationRequest(
        request_args={
            "scope": "openid",
            "response_type": ["code"],
            "max_age": 86400,
            "state": "foobar",
        },
        request_param="request",
    )

    for attr in ["state", "max_age", "client_id"]:
        del areq[attr]

    areq.lax = True
    req = srv.parse_authorization_request(query=areq.to_urlencoded())

    assert req.verify()
コード例 #20
0
 def __init__(self, patch, config={}):
     Server.__init__(self)
     self.patch = patch
     self.session = None
     self.config = {
         'issuer': 'https://example.com',
     }
     self.config.update(config)
     self.authz_codes = {}
     self.access_tokens = {}
     self.client = {
         'test-client': {
             'client_name': 'Test Client',
             'client_secret': 'test-secret',
             'post_logout_redirect_uris': [
                 'http://localhost:5000/sign-out',
             ],
             'redirect_uris': [
                 'http://localhost:5000/oidc_callback',
             ],
             'response_types': ['code'],
         }
     }
     self.access_token_lifetime = 3600
     self.authorization_code_lifetime = 600
     self.id_token_lifetime = 3600
     self.registration_expires_in = 3600
     self.host = ''
     self.userinfo_signed_response_alg = ''
     self.signing_key = RSAKey(key=rsa_load('signing_key.pem'), alg='RS256')
     self.urls = []
コード例 #21
0
def test_parse_check_session_request():
    srv = Server()
    srv.keyjar = KEYJ
    request = srv.parse_check_session_request(query=CSREQ.to_urlencoded())
    assert request.type() == "IdToken"
    assert _eq(request.keys(), ['nonce', 'sub', 'aud', 'iss', 'exp', 'iat'])
    assert request["aud"] == ["client_1"]
コード例 #22
0
def test_make_id_token():
    srv = Server()
    srv.keyjar = KEYJ
    srv.keyjar["http://oic.example/rp"] = KC_RSA

    session = {"sub": "user0", "client_id": "http://oic.example/rp"}
    issuer = "http://oic.example/idp"
    code = "abcdefghijklmnop"
    _idt = srv.make_id_token(session,
                             loa="2",
                             issuer=issuer,
                             code=code,
                             access_token="access_token")

    algo = "RS256"
    ckey = srv.keyjar.get_signing_key(alg2keytype(algo), session["client_id"])
    _signed_jwt = _idt.to_jwt(key=ckey, algorithm="RS256")

    idt = IdToken().from_jwt(_signed_jwt, keyjar=srv.keyjar)
    print idt
    header = unpack(_signed_jwt)

    lha = left_hash(code, func="HS" + header[0]["alg"][-3:])
    assert lha == idt["c_hash"]

    atr = AccessTokenResponse(id_token=_signed_jwt,
                              access_token="access_token",
                              token_type="Bearer")
    atr["code"] = code
    assert atr.verify(keyjar=srv.keyjar)
コード例 #23
0
ファイル: test_oic.py プロジェクト: dash-dash/pyoidc
def test_make_id_token():
    srv = Server()
    srv.keyjar = KEYJ
    srv.keyjar["http://oic.example/rp"] = KC_RSA

    session = {"sub": "user0",
               "client_id": "http://oic.example/rp"}
    issuer = "http://oic.example/idp"
    code = "abcdefghijklmnop"
    _idt = srv.make_id_token(session, loa="2", issuer=issuer,
                             code=code, access_token="access_token")

    algo = "RS256"
    ckey = srv.keyjar.get_signing_key(alg2keytype(algo), session["client_id"])
    _signed_jwt = _idt.to_jwt(key=ckey, algorithm="RS256")

    idt = IdToken().from_jwt(_signed_jwt, keyjar=srv.keyjar)
    print idt
    header = unpack(_signed_jwt)

    lha = left_hash(code, func="HS" + header[0]["alg"][-3:])
    assert lha == idt["c_hash"]

    atr = AccessTokenResponse(id_token=_signed_jwt, access_token="access_token",
                              token_type="Bearer")
    atr["code"] = code
    assert atr.verify(keyjar=srv.keyjar)
コード例 #24
0
def test_parse_token_request():
    srv = Server()
    qdict = srv.parse_token_request(body=TREQ.to_urlencoded())
    assert qdict.type() == "AccessTokenRequest"
    assert _eq(qdict.keys(),
               ['code', 'redirect_uri', 'client_id', 'grant_type'])
    assert qdict["client_id"] == CLIENT_ID
    assert qdict["code"] == "code"
コード例 #25
0
ファイル: test_oic.py プロジェクト: asheidan/pyoidc
def test_parse_registration_request():
    srv = Server()
    request = srv.parse_registration_request(data=REGREQ.to_urlencoded())
    assert request.type() == "RegistrationRequest"
    assert _eq(request.keys(),['redirect_uris', 'contacts', 'client_id',
                               'application_name', 'operation', 'application_type'])
    assert request["application_name"] == "pacubar"
    assert request["operation"] == "register"
コード例 #26
0
ファイル: test_oic.py プロジェクト: imsoftware/pyoidc
def test_parse_end_session_request():
    srv = Server(KEYS)
    request = srv.parse_end_session_request(query=ESREQ.to_urlencoded())
    assert request.type() == "EndSessionRequest"
    assert _eq(request.keys(), ["id_token", "redirect_url", "state"])
    assert request["state"] == "state0"

    assert request["id_token"]["aud"] == "client_1"
コード例 #27
0
 def __init__(self, name=""):
     Server.__init__(self)
     self.sdb = SessionDB()
     self.name = name
     self.client = {}
     self.registration_expires_in = 3600
     self.host = ""
     self.webfinger = WebFinger()
コード例 #28
0
ファイル: fakeoicsrv.py プロジェクト: HaToHo/pyoidc
 def __init__(self, name=""):
     Server.__init__(self)
     self.sdb = SessionDB()
     self.name = name
     self.client = {}
     self.registration_expires_in = 3600
     self.host = ""
     self.webfinger = WebFinger()
コード例 #29
0
 def __init__(self, name="", session_db_factory=None):
     Server.__init__(self)
     self.sdb = session_db_factory(name)
     self.name = name
     self.client = {}  # type: Dict[str, Dict[str, Any]]
     self.registration_expires_in = 3600
     self.host = ""
     self.webfinger = WebFinger()
     self.userinfo_signed_response_alg = ""
コード例 #30
0
ファイル: mitmsrv.py プロジェクト: dallerbarn/pyoidc
 def __init__(self, name=""):
     Server.__init__(self)
     self.sdb = SessionDB(name)
     self.name = name
     self.client = {}
     self.registration_expires_in = 3600
     self.host = ""
     self.webfinger = WebFinger()
     self.userinfo_signed_response_alg = ""
コード例 #31
0
ファイル: test_oic.py プロジェクト: nicolasmendoza/pyoidc
def test_parse_registration_request():
    srv = Server()
    request = srv.parse_registration_request(data=REGREQ.to_urlencoded())
    assert request.type() == "RegistrationRequest"
    assert _eq(request.keys(), ['redirect_uris', 'contacts', 'client_id',
                                'application_name', 'operation',
                                'application_type'])
    assert request["application_name"] == "pacubar"
    assert request["operation"] == "register"
コード例 #32
0
 def __init__(self, name=""):
     Server.__init__(self)
     self.sdb = SessionDB(name)
     self.name = name
     self.client = {}
     self.registration_expires_in = 3600
     self.host = ""
     self.webfinger = WebFinger()
     self.userinfo_signed_response_alg = ""
コード例 #33
0
def test_parse_userinfo_request():
    srv = Server()
    qdict = srv.parse_user_info_request(data=UIREQ.to_urlencoded())
    assert _eq(qdict.keys(), ['access_token'])
    assert qdict["access_token"] == "access_token"

    url = "https://example.org/userinfo?%s" % UIREQ.to_urlencoded()
    qdict = srv.parse_user_info_request(data=url)
    assert _eq(qdict.keys(), ['access_token'])
    assert qdict["access_token"] == "access_token"
コード例 #34
0
def test_parse_end_session_request():
    srv = Server()
    srv.keyjar = KEYJ

    request = srv.parse_end_session_request(query=ESREQ.to_urlencoded())
    assert request.type() == "EndSessionRequest"
    assert _eq(request.keys(), ['id_token', 'redirect_url', 'state'])
    assert request["state"] == "state0"

    assert request["id_token"]["aud"] == ["client_1"]
コード例 #35
0
ファイル: test_oic.py プロジェクト: dash-dash/pyoidc
def test_parse_end_session_request():
    srv = Server()
    srv.keyjar = KEYJ

    request = srv.parse_end_session_request(query=ESREQ.to_urlencoded())
    assert request.type() == "EndSessionRequest"
    assert _eq(request.keys(), ['id_token', 'redirect_url', 'state'])
    assert request["state"] == "state0"

    assert request["id_token"]["aud"] == ["client_1"]
コード例 #36
0
ファイル: test_oic.py プロジェクト: dash-dash/pyoidc
def test_parse_userinfo_request():
    srv = Server()
    qdict = srv.parse_user_info_request(data=UIREQ.to_urlencoded())
    assert _eq(qdict.keys(), ['access_token'])
    assert qdict["access_token"] == "access_token"

    url = "https://example.org/userinfo?%s" % UIREQ.to_urlencoded()
    qdict = srv.parse_user_info_request(data=url)
    assert _eq(qdict.keys(), ['access_token'])
    assert qdict["access_token"] == "access_token"
コード例 #37
0
ファイル: test_oic.py プロジェクト: tingletech/pyoidc
def test_request_1():
    srv = Server()
    srv.keyjar = KEYJ

    areq = 'redirect_uri=https%3A%2F%2Fnode-openid-client.dev%2Fcb&request' \
           '=eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0' \
           '.eyJzdGF0ZSI6ImZvb2JhciIsImlzcyI6Inp2bWk4UGdJbURiOSIsImF1ZCI6Imh0dHBzOi8vcnAuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0OjgwODAvbm9kZS1vcGVuaWQtY2xpZW50L3JwLXJlcXVlc3RfdXJpLXVuc2lnbmVkIiwiY2xpZW50X2lkIjoienZtaThQZ0ltRGI5In0.&client_id=zvmi8PgImDb9&scope=openid&response_type=code'

    req = srv.parse_authorization_request(query=areq)

    assert req
コード例 #38
0
ファイル: test_oic_consumer.py プロジェクト: Omosofe/pyoidc
    def test_begin(self):
        srv = Server()
        srv.keyjar = SRVKEYS
        sid, location = self.consumer.begin("openid", "code")
        authreq = srv.parse_authorization_request(url=location)
        assert _eq(authreq.keys(), ['request', 'state', 'max_age', 'claims',
                                    'response_type', 'client_id', 'scope',
                                    'redirect_uri'])

        assert authreq["state"] == sid
        assert authreq["scope"] == self.consumer.consumer_config["scope"]
        assert authreq["client_id"] == self.consumer.client_id
コード例 #39
0
ファイル: test_oic.py プロジェクト: imsoftware/pyoidc
def test_server_parse_refresh_token_request():
    ratr = RefreshAccessTokenRequest(refresh_token="ababababab", client_id="Client_id")

    uenc = ratr.to_urlencoded()

    srv = Server()
    tr = srv.parse_refresh_token_request(body=uenc)
    print tr.keys()

    assert tr.type() == "RefreshAccessTokenRequest"
    assert tr["refresh_token"] == "ababababab"
    assert tr["client_id"] == "Client_id"
コード例 #40
0
ファイル: test_oic.py プロジェクト: dash-dash/pyoidc
def test_parse_refresh_session_request():
    srv = Server()
    request = srv.parse_refresh_session_request(query=RSREQ.to_urlencoded())
    assert request.type() == "RefreshSessionRequest"
    assert _eq(request.keys(), ['id_token', 'state', 'redirect_url'])
    assert request["id_token"] == "id_token"

    url = "https://example.org/userinfo?%s" % RSREQ.to_urlencoded()
    request = srv.parse_refresh_session_request(url=url)
    assert request.type() == "RefreshSessionRequest"
    assert _eq(request.keys(), ['id_token', 'state', 'redirect_url'])
    assert request["id_token"] == "id_token"
コード例 #41
0
def test_parse_refresh_session_request():
    srv = Server()
    request = srv.parse_refresh_session_request(query=RSREQ.to_urlencoded())
    assert request.type() == "RefreshSessionRequest"
    assert _eq(request.keys(), ['id_token', 'state', 'redirect_url'])
    assert request["id_token"] == "id_token"

    url = "https://example.org/userinfo?%s" % RSREQ.to_urlencoded()
    request = srv.parse_refresh_session_request(url=url)
    assert request.type() == "RefreshSessionRequest"
    assert _eq(request.keys(), ['id_token', 'state', 'redirect_url'])
    assert request["id_token"] == "id_token"
コード例 #42
0
ファイル: test_oic_consumer.py プロジェクト: wxy148616/pyoidc
    def test_begin(self):
        srv = Server()
        srv.keyjar = SRVKEYS
        sid, location = self.consumer.begin("openid", "code")
        authreq = srv.parse_authorization_request(url=location)
        assert _eq(list(authreq.keys()),
                   ['state', 'max_age', 'claims', 'response_type', 'client_id',
                    'scope', 'redirect_uri'])

        assert authreq["state"] == sid
        assert authreq["scope"] == self.consumer.consumer_config["scope"]
        assert authreq["client_id"] == self.consumer.client_id
コード例 #43
0
def test_server_parse_refresh_token_request():
    ratr = RefreshAccessTokenRequest(refresh_token="ababababab",
                                     client_id="Client_id")

    uenc = ratr.to_urlencoded()

    srv = Server()
    srv.keyjar = KEYJ
    tr = srv.parse_refresh_token_request(body=uenc)
    print tr.keys()

    assert tr.type() == "RefreshAccessTokenRequest"
    assert tr["refresh_token"] == "ababababab"
    assert tr["client_id"] == "Client_id"
コード例 #44
0
    def test_begin_file(self, tmpdir):
        path = tmpdir.strpath
        external_path = "/exported"
        self.consumer.consumer_config["request_method"] = "file"
        self.consumer.consumer_config["temp_dir"] = path
        self.consumer.consumer_config["temp_path"] = external_path
        self.consumer.consumer_config["authz_page"] = "/authz"
        srv = Server()
        srv.keyjar = SRVKEYS

        sid, location = self.consumer.begin("openid",
                                            "code",
                                            path="http://localhost:8087")

        with responses.RequestsMock() as rsps:
            p = urlparse(self.consumer.request_uri)
            assert p.netloc == "localhost:8087"
            # Map the URL path to the local path
            relative_path = os.path.relpath(p.path, external_path)
            file_path = os.path.join(path, relative_path)

            with open(file_path) as f:
                rsps.add(
                    rsps.GET,
                    self.consumer.request_uri,
                    body=f.read(),
                    status=200,
                    content_type="application/urlencoded",
                )

            authreq = srv.parse_authorization_request(url=location)
            assert _eq(
                list(authreq.keys()),
                [
                    "max_age",
                    "state",
                    "redirect_uri",
                    "response_type",
                    "client_id",
                    "scope",
                    "claims",
                ],
            )

            assert authreq["state"] == sid
            assert authreq["scope"] == self.consumer.consumer_config["scope"]
            assert authreq["client_id"] == self.consumer.client_id
            assert authreq["redirect_uri"].startswith(
                "http://localhost:8087/authz")
コード例 #45
0
ファイル: provider.py プロジェクト: hdknr/pyoidc
    def __init__(self, name, sdb, cdb, authn_broker, userinfo, authz,
                 client_authn, symkey, urlmap=None, ca_certs="", keyjar=None,
                 hostname="", template_lookup=None, verify_login_template=None):

        AProvider.__init__(self, name, sdb, cdb, authn_broker, authz,
                           client_authn, symkey, urlmap)

        self.endp.extend([UserinfoEndpoint, RegistrationEndpoint,
                          EndSessionEndpoint])

        self.userinfo = userinfo
        self.server = Server(ca_certs=ca_certs)

        if keyjar:
            self.server.keyjar = keyjar
        self.template_lookup = template_lookup
        self.verify_login_template = verify_login_template
        self.keyjar = self.server.keyjar
        self.baseurl = ""
        self.cert = []
        self.cert_encryption = []

        self.cookie_name = "pyoidc"
        self.seed = ""
        self.sso_ttl = 0
        self.test_mode = False
        self.jwks_uri = []

        self.authn_as = None
        self.preferred_id_type = "public"
        self.hostname = hostname or socket.gethostname
        self.register_endpoint = "%s%s" % (self.baseurl, "register")
コード例 #46
0
ファイル: provider.py プロジェクト: wayward710/pyoidc
    def __init__(self, name, sdb, cdb, authn_method, userinfo, authz,
                 client_authn, symkey, urlmap=None, ca_certs="", keyjar=None,
                 hostname=""):

        AProvider.__init__(self, name, sdb, cdb, authn_method, authz,
                           client_authn, symkey, urlmap)
        self.userinfo = userinfo
        self.server = Server(ca_certs=ca_certs)

        if keyjar:
            self.server.keyjar = keyjar

        self.keyjar = self.server.keyjar
        self.endpoints = []
        self.baseurl = ""
        self.cert = []
        self.cert_encryption = []

        if authn_method:
            self.cookie_func = authn_method.create_cookie
        else:
            self.cookie_func = None

        self.cookie_name = "pyoidc"
        self.seed = ""
        self.sso_ttl = 0
        self.test_mode = False
        self.jwks_uri = []

        self.authn_as = None
        self.preferred_id_type = "public"
        self.hostname = hostname or socket.gethostname
        self.register_endpoint = "%s%s" % (self.baseurl, "register")
コード例 #47
0
ファイル: test_oic.py プロジェクト: imsoftware/pyoidc
def test_parse_open_id_request():
    srv = Server(KEYS)
    request = srv.parse_open_id_request(data=OIDREQ.to_json(), format="json")
    assert request.type() == "OpenIDRequest"
    print request.keys()
    assert _eq(
        request.keys(),
        ["nonce", "id_token", "userinfo", "state", "redirect_uri", "response_type", "client_id", "scope"],
    )
    assert request["nonce"] == "af0ifjsldkj"

    print request["userinfo"]

    # assert request.userinfo.format == "signed"
    print request["userinfo"]["claims"].to_dict()
    assert "email" in request["userinfo"]["claims"]
コード例 #48
0
ファイル: test_oic.py プロジェクト: dash-dash/pyoidc
def test_server_parse_jwt_request():
    srv = Server()
    srv.keyjar = KEYJ
    ar = AuthorizationRequest(response_type=["code"], client_id=CLIENT_ID,
                              redirect_uri="http://foobar.example.com/oaclient",
                              state="cold", nonce="NONCE", scope=["openid"])

    _keys = srv.keyjar.get_verify_key(owner=CLIENT_ID)
    _jwt = ar.to_jwt(key=_keys, algorithm="HS256")

    req = srv.parse_jwt_request(txt=_jwt)

    assert req.type() == "AuthorizationRequest"
    assert req["response_type"] == ["code"]
    assert req["client_id"] == CLIENT_ID
    assert req["redirect_uri"] == "http://foobar.example.com/oaclient"
    assert req["state"] == "cold"
コード例 #49
0
def test_request_duplicate_state():
    srv = Server()
    srv.keyjar = KEYJ

    areq = (
        "redirect_uri=https%3A%2F%2Fnode-openid-client.dev%2Fcb&state=barf"
        "&request"
        "=eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0"
        ".eyJzdGF0ZSI6ImZvb2JhciIsImlzcyI6Inp2bWk4UGdJbURiOSIsImF1ZCI6Imh0dHBzOi8v"
        "cnAuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0OjgwODAvbm9kZS1vcGVuaWQtY2xpZW50L3JwL"
        "XJlcXVlc3RfdXJpLXVuc2lnbmVkIiwiY2xpZW50X2lkIjoienZtaThQZ0ltRGI5In0.&"
        "client_id=zvmi8PgImDb9&scope=openid&response_type=code")

    req = srv.parse_authorization_request(query=areq)

    assert req["state"] == "foobar"
    assert req["redirect_uri"] == "https://node-openid-client.dev/cb"
コード例 #50
0
ファイル: test_oic.py プロジェクト: nicolasmendoza/pyoidc
def test_parse_open_id_request():
    srv = Server()
    srv.keyjar = KEYJ

    request = srv.parse_open_id_request(data=OIDREQ.to_json(), sformat="json")
    assert request.type() == "OpenIDRequest"
    print request.keys()
    assert _eq(request.keys(), ['nonce', 'claims', 'state', 'redirect_uri',
                                'response_type', 'client_id', 'scope',
                                'max_age'])
    assert request["nonce"] == "af0ifjsldkj"

    print request["claims"]

    #assert request.userinfo.format == "signed"
    print request["claims"]["userinfo"]
    assert "email" in request["claims"]["userinfo"]
コード例 #51
0
ファイル: test_oic.py プロジェクト: dash-dash/pyoidc
def test_parse_open_id_request():
    srv = Server()
    srv.keyjar = KEYJ

    request = srv.parse_open_id_request(data=OIDREQ.to_json(), sformat="json")
    assert request.type() == "OpenIDRequest"
    print request.keys()
    assert _eq(request.keys(), ['nonce', 'claims', 'state', 'redirect_uri',
                                'response_type', 'client_id', 'scope',
                                'max_age'])
    assert request["nonce"] == "af0ifjsldkj"

    print request["claims"]

    #assert request.userinfo.format == "signed"
    print request["claims"]["userinfo"]
    assert "email" in request["claims"]["userinfo"]
コード例 #52
0
ファイル: test_oic.py プロジェクト: nicolasmendoza/pyoidc
def test_server_parse_jwt_request():
    srv = Server()
    srv.keyjar = KEYJ
    ar = AuthorizationRequest(response_type=["code"], client_id=CLIENT_ID,
                              redirect_uri="http://foobar.example.com/oaclient",
                              state="cold", nonce="NONCE", scope=["openid"])

    _keys = srv.keyjar.get_verify_key(owner=CLIENT_ID)
    _jwt = ar.to_jwt(key=_keys, algorithm="HS256")

    req = srv.parse_jwt_request(txt=_jwt)

    assert req.type() == "AuthorizationRequest"
    assert req["response_type"] == ["code"]
    assert req["client_id"] == CLIENT_ID
    assert req["redirect_uri"] == "http://foobar.example.com/oaclient"
    assert req["state"] == "cold"
コード例 #53
0
ファイル: test_oic.py プロジェクト: imsoftware/pyoidc
def test_make_id_token():
    srv = Server(KEYS)
    session = {"user_id": "user0", "client_id": "http://oic.example/rp"}
    issuer = "http://oic.example/idp"
    code = "abcdefghijklmnop"
    idt_jwt = srv.make_id_token(session, loa="2", issuer=issuer, code=code, access_token="access_token")

    jwt_keys = srv.keystore.get_keys("ver", owner=None)
    idt = IdToken().from_jwt(idt_jwt, key=jwt_keys)
    print idt
    header = unpack(idt_jwt)

    lha = left_hash(code, func="HS" + header[0]["alg"][-3:])
    assert lha == idt["c_hash"]

    atr = AccessTokenResponse(id_token=idt_jwt, access_token="access_token", token_type="Bearer")
    atr["code"] = code
    assert atr.verify(key=jwt_keys)
コード例 #54
0
    def test_begin_file(self):
        self.consumer.config["request_method"] = "file"
        self.consumer.config["temp_dir"] = "./file"
        self.consumer.config["temp_path"] = "/tmp/"
        srv = Server(SRVKEYS)
        location = self.consumer.begin(BASE_ENVIRON, start_response)
        print location
        vkeys = {".":srv.keystore.get_verify_key()}
        authreq = srv.parse_authorization_request(url=location, keys=vkeys)
        print authreq.keys()
        assert _eq(authreq.keys(), ['state', 'redirect_uri',
                                    'response_type', 'client_id', 'scope',
                                    'request_uri'])

        assert authreq["state"] == self.consumer.state
        assert authreq["scope"] == self.consumer.config["scope"]
        assert authreq["client_id"] == self.consumer.client_id
        assert authreq["redirect_uri"].startswith("http://localhost:8087/authz")
コード例 #55
0
    def test_begin(self):
        self.consumer.authorization_endpoint = AUTHZ_URL
        self.consumer.keyjar[""].append(KC_RSA)
        #self.consumer.keyjar.set_sign_key(rsapub, "rsa")
        #self.consumer.keyjar.set_verify_key(rsapub, "rsa")

        srv = Server()
        srv.keyjar = SRVKEYS
        print "redirect_uris", self.consumer.redirect_uris
        print "config", self.consumer.config
        location = self.consumer.begin("openid", "code")
        print location
        authreq = srv.parse_authorization_request(url=location)
        print authreq.keys()
        assert _eq(authreq.keys(), ['request', 'state', 'max_age', 'claims',
                                    'response_type', 'client_id', 'scope',
                                    'redirect_uri'])

        assert authreq["state"] == self.consumer.state
        assert authreq["scope"] == self.consumer.config["scope"]
        assert authreq["client_id"] == self.consumer.client_id
コード例 #56
0
    def test_begin_file(self, tmpdir):
        path = tmpdir.strpath
        self.consumer.consumer_config["request_method"] = "file"
        self.consumer.consumer_config["temp_dir"] = path
        self.consumer.consumer_config["temp_path"] = path
        self.consumer.consumer_config["authz_page"] = "/authz"
        srv = Server()
        srv.keyjar = SRVKEYS

        sid, location = self.consumer.begin("openid",
                                            "code",
                                            path="http://localhost:8087")
        authreq = srv.parse_authorization_request(url=location)
        assert _eq(authreq.keys(), [
            'max_age', 'state', 'redirect_uri', 'response_type', 'client_id',
            'scope', 'claims', 'request_uri'
        ])

        assert authreq["state"] == sid
        assert authreq["scope"] == self.consumer.consumer_config["scope"]
        assert authreq["client_id"] == self.consumer.client_id
        assert authreq["redirect_uri"].startswith(
            "http://localhost:8087/authz")
コード例 #57
0
def test_server_init():
    srv = Server()
    assert srv

    srv = Server()
    assert srv
コード例 #58
0
class TestServer(object):
    @pytest.fixture(autouse=True)
    def create_server(self):
        self.srv = Server()
        self.srv.keyjar = KEYJ

    def test_parse_authz_req(self):
        ar = AuthorizationRequest(
            response_type=["code"],
            client_id="foobar",
            redirect_uri="http://foobar.example.com/oaclient",
            state="cold",
            nonce="NONCE",
            scope=["openid"],
        )

        # query string
        uencq = ar.to_urlencoded()
        areq = self.srv.parse_authorization_request(query=uencq)

        assert isinstance(areq, AuthorizationRequest)
        assert areq["response_type"] == ["code"]
        assert areq["client_id"] == "foobar"
        assert areq["redirect_uri"] == "http://foobar.example.com/oaclient"
        assert areq["state"] == "cold"

        # urlencoded
        urluenc = "https://example.com/authz?{}".format(uencq)
        areq = self.srv.parse_authorization_request(url=urluenc)

        assert isinstance(areq, AuthorizationRequest)
        assert areq["response_type"] == ["code"]
        assert areq["client_id"] == "foobar"
        assert areq["redirect_uri"] == "http://foobar.example.com/oaclient"
        assert areq["state"] == "cold"

    def test_parse_authz_req_jwt(self):
        ar = AuthorizationRequest(
            response_type=["code"],
            client_id=CLIENT_ID,
            redirect_uri="http://foobar.example.com/oaclient",
            state="cold",
            nonce="NONCE",
            scope=["openid"],
        )

        _keys = self.srv.keyjar.get_verify_key(owner=CLIENT_ID)
        _jwt = ar.to_jwt(key=_keys, algorithm="HS256")

        req = self.srv.parse_jwt_request(txt=_jwt)

        assert isinstance(req, AuthorizationRequest)
        assert req["response_type"] == ["code"]
        assert req["client_id"] == CLIENT_ID
        assert req["redirect_uri"] == "http://foobar.example.com/oaclient"
        assert req["state"] == "cold"

    def test_server_parse_token_request(self):
        atr = AccessTokenRequest(
            grant_type="authorization_code",
            code="SplxlOBeZQQYbYS6WxSbIA",
            redirect_uri="https://client.example.com/cb",
            client_id=CLIENT_ID,
            extra="foo",
        )

        uenc = atr.to_urlencoded()

        tr = self.srv.parse_token_request(body=uenc)

        assert isinstance(tr, AccessTokenRequest)
        assert _eq(
            tr.keys(),
            ["code", "redirect_uri", "grant_type", "client_id", "extra"])
        assert tr["grant_type"] == "authorization_code"
        assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA"
        assert tr["extra"] == "foo"

    def test_server_parse_refresh_token_request(self):
        ratr = RefreshAccessTokenRequest(refresh_token="ababababab",
                                         client_id="Client_id")
        uenc = ratr.to_urlencoded()
        tr = self.srv.parse_refresh_token_request(body=uenc)

        assert isinstance(tr, RefreshAccessTokenRequest)
        assert tr["refresh_token"] == "ababababab"
        assert tr["client_id"] == "Client_id"

    def test_parse_urlencoded(self):
        loc = "http://example.com/userinfo?access_token=access_token"
        qdict = self.srv._parse_urlencoded(loc)
        assert qdict["access_token"] == ["access_token"]

    def test_parse_authorization_request(self):
        areq = AuthorizationRequest(
            response_type="code",
            client_id="client_id",
            redirect_uri="http://example.com/authz",
            scope=["openid"],
            state="state0",
            nonce="N0nce",
        )
        qdict = self.srv.parse_authorization_request(
            query=areq.to_urlencoded())
        assert _eq(
            qdict.keys(),
            [
                "nonce", "state", "redirect_uri", "response_type", "client_id",
                "scope"
            ],
        )
        assert qdict["state"] == "state0"

    def test_parse_token_request(self):
        treq = AccessTokenRequest(
            code="code",
            redirect_uri="http://example.com/authz",
            client_id=CLIENT_ID,
            grant_type="authorization_code",
        )
        qdict = self.srv.parse_token_request(body=treq.to_urlencoded())
        assert isinstance(qdict, AccessTokenRequest)
        assert _eq(qdict.keys(),
                   ["code", "redirect_uri", "client_id", "grant_type"])
        assert qdict["client_id"] == CLIENT_ID
        assert qdict["code"] == "code"

    def test_parse_userinfo_requesr(self):
        uireq = UserInfoRequest(access_token="access_token")
        uencq = uireq.to_urlencoded()

        qdict = self.srv.parse_user_info_request(data=uencq)
        assert _eq(qdict.keys(), ["access_token"])
        assert qdict["access_token"] == "access_token"

        url = "https://example.org/userinfo?{}".format(uencq)
        qdict = self.srv.parse_user_info_request(data=url)
        assert _eq(qdict.keys(), ["access_token"])
        assert qdict["access_token"] == "access_token"

    def test_parse_registration_request(self):
        regreq = RegistrationRequest(
            contacts=["*****@*****.**"],
            redirect_uris=["http://example.org/jqauthz"],
            application_name="pacubar",
            client_id=CLIENT_ID,
            operation="register",
            application_type="web",
        )

        request = self.srv.parse_registration_request(
            data=regreq.to_urlencoded())
        assert isinstance(request, RegistrationRequest)
        assert _eq(
            request.keys(),
            [
                "redirect_uris",
                "contacts",
                "client_id",
                "application_name",
                "operation",
                "application_type",
                "response_types",
            ],
        )
        assert request["application_name"] == "pacubar"
        assert request["operation"] == "register"

    def test_parse_refresh_session_request(self):
        rsreq = RefreshSessionRequest(id_token="id_token",
                                      redirect_url="http://example.com/authz",
                                      state="state0")
        uencq = rsreq.to_urlencoded()

        request = self.srv.parse_refresh_session_request(query=uencq)
        assert isinstance(request, RefreshSessionRequest)
        assert _eq(request.keys(), ["id_token", "state", "redirect_url"])
        assert request["id_token"] == "id_token"

        url = "https://example.org/userinfo?{}".format(uencq)
        request = self.srv.parse_refresh_session_request(url=url)
        assert isinstance(request, RefreshSessionRequest)
        assert _eq(request.keys(), ["id_token", "state", "redirect_url"])
        assert request["id_token"] == "id_token"

    def test_parse_check_session_request(self):
        csreq = CheckSessionRequest(id_token=IDTOKEN.to_jwt(
            key=KC_SYM_S.get(alg2keytype("HS256")), algorithm="HS256"))
        request = self.srv.parse_check_session_request(
            query=csreq.to_urlencoded())
        assert isinstance(request, IdToken)
        assert _eq(request.keys(),
                   ["nonce", "sub", "aud", "iss", "exp", "iat"])
        assert request["aud"] == ["client_1"]

    def test_parse_end_session_request(self):
        esreq = EndSessionRequest(
            id_token=IDTOKEN.to_jwt(key=KC_SYM_S.get(alg2keytype("HS256")),
                                    algorithm="HS256"),
            redirect_url="http://example.org/jqauthz",
            state="state0",
        )

        request = self.srv.parse_end_session_request(
            query=esreq.to_urlencoded())
        assert isinstance(request, EndSessionRequest)
        assert _eq(request.keys(), ["id_token", "redirect_url", "state"])
        assert request["state"] == "state0"

        assert request["id_token"]["aud"] == ["client_1"]

    def test_parse_open_id_request(self):
        userinfo_claims = Claims(
            name={"essential": True},
            nickname=None,
            email={"essential": True},
            email_verified={"essential": True},
            picture=None,
        )
        id_token_claims = Claims(
            auth_time={
                "essential": True,
                "acr": {
                    "values": ["urn:mace:incommon:iap:silver"]
                },
            })
        claims_req = ClaimsRequest(userinfo=userinfo_claims,
                                   id_token=id_token_claims)

        oidreq = OpenIDRequest(
            response_type=["code", "id_token"],
            client_id=CLIENT_ID,
            redirect_uri="https://client.example.com/cb",
            scope="openid profile",
            state="n-0S6_WzA2Mj",
            nonce="af0ifjsldkj",
            max_age=86400,
            claims=claims_req,
        )

        request = self.srv.parse_open_id_request(data=oidreq.to_json(),
                                                 sformat="json")
        assert isinstance(request, OpenIDRequest)
        assert _eq(
            request.keys(),
            [
                "nonce",
                "claims",
                "state",
                "redirect_uri",
                "response_type",
                "client_id",
                "scope",
                "max_age",
            ],
        )
        assert request["nonce"] == "af0ifjsldkj"
        assert "email" in request["claims"]["userinfo"]

    def test_make_id_token(self):
        self.srv.keyjar["http://oic.example/idp"] = KC_RSA

        session = {"sub": "user0", "client_id": "http://oic.example/rp"}
        issuer = "http://oic.example/idp"
        code = "abcdefghijklmnop"
        _idt = self.srv.make_id_token(session,
                                      loa="2",
                                      issuer=issuer,
                                      code=code,
                                      access_token="access_token")

        algo = "RS256"
        ckey = self.srv.keyjar.get_signing_key(alg2keytype(algo), issuer)
        _signed_jwt = _idt.to_jwt(key=ckey, algorithm="RS256")

        idt = IdToken().from_jwt(_signed_jwt, keyjar=self.srv.keyjar)
        _jwt = JWT().unpack(_signed_jwt)

        lha = left_hash(code.encode("utf-8"),
                        func="HS" + _jwt.headers["alg"][-3:])
        assert lha == idt["c_hash"]

        atr = AccessTokenResponse(id_token=_signed_jwt,
                                  access_token="access_token",
                                  token_type="Bearer")
        atr["code"] = code
        assert atr.verify(keyjar=self.srv.keyjar)
コード例 #59
0
 def create_server(self):
     self.srv = Server()
     self.srv.keyjar = KEYJ