def test_extra(self):
atr = AccessTokenRequest(grant_type="authorization_code",
code="SplxlOBeZQQYbYS6WxSbIA",
redirect_uri="https://client.example.com/cb",
extra="foo")
query = atr.to_urlencoded()
assert query_string_compare(
query,
"code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb&"
"grant_type=authorization_code&extra=foo")
atr2 = AccessTokenRequest().deserialize(query, "urlencoded")
assert atr == atr2
def test_client_secret_jwt(self, client):
_ci = client.client_info
_ci.token_endpoint = "https://example.com/token"
_ci.provider_info = {
'issuer': 'https://example.com/',
'token_endpoint': "https://example.com/token"
}
csj = ClientSecretJWT()
request = AccessTokenRequest()
csj.construct(request,
cli_info=client.client_info,
algorithm="HS256",
authn_endpoint='userinfo')
assert request["client_assertion_type"] == JWT_BEARER
assert "client_assertion" in request
cas = request["client_assertion"]
_skey = [SYMKey(k=b64e(as_bytes(_ci.client_secret)), use='sig')]
jso = JWT(rec_keys={client.client_id: _skey}).unpack(cas)
assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
_rj = JWS()
info = _rj.verify_compact(
cas, [SYMKey(k=b64e(as_bytes(_ci.client_secret)))])
assert _eq(info.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
assert info['aud'] == [_ci.provider_info['issuer']]
def test_access_token_srv_conf():
service = factory('AccessToken',
client_authn_method=CLIENT_AUTHN_METHOD,
conf={'default_authn_method': 'client_secret_post'})
client_config = {
'client_id': 'client_id',
'client_secret': 'password',
'redirect_uris': ['https://example.com/cli/authz_cb']
}
cli_info = ClientInfo(config=client_config)
cli_info.state_db['state'] = {'code': 'access_code'}
req_args = {
'redirect_uri': 'https://example.com/cli/authz_cb',
'code': 'access_code'
}
service.endpoint = 'https://example.com/authorize'
_info = service.request_info(cli_info,
request_args=req_args,
state='state')
assert _info
msg = AccessTokenRequest().from_urlencoded(
service.get_urlinfo(_info['body']))
assert 'client_secret' in msg
assert 'Authorization' not in _info['kwargs']['headers']
def test_does_not_remove_padding(self, client):
request = AccessTokenRequest(code="foo",
redirect_uri="http://example.com")
csb = ClientSecretBasic()
http_args = csb.construct(request,
cli_info=client.client_info,
user="******",
password="******")
assert http_args["headers"]["Authorization"].endswith("==")
def test_construct(self, client):
_key = rsa_load(os.path.join(BASE_PATH, "data/keys/rsa.key"))
kc_rsa = KeyBundle([{
"key": _key,
"kty": "RSA",
"use": "ver"
}, {
"key": _key,
"kty": "RSA",
"use": "sig"
}])
client.client_info.keyjar[""] = kc_rsa
client.client_info.provider_info = {
'issuer': 'https://example.com/',
'token_endpoint': "https://example.com/token"
}
client.service['accesstoken'].endpoint = "https://example.com/token"
request = AccessTokenRequest()
pkj = PrivateKeyJWT()
http_args = pkj.construct(request,
cli_info=client.client_info,
algorithm="RS256",
authn_endpoint='token')
assert http_args == {}
cas = request["client_assertion"]
pub_kb = KeyBundle([{
"key": _key.public_key(),
"kty": "RSA",
"use": "ver"
}, {
"key": _key.public_key(),
"kty": "RSA",
"use": "sig"
}])
jso = JWT(rec_keys={client.client_id: pub_kb.get('RSA')}).unpack(cas)
assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
#assert _jwt.headers == {'alg': 'RS256'}
assert jso['aud'] == [
client.client_info.provider_info['token_endpoint']
]
def test_construct_client_assertion(self, client):
_key = rsa_load(os.path.join(BASE_PATH, "data/keys/rsa.key"))
kc_rsa = KeyBundle([{
"key": _key,
"kty": "RSA",
"use": "ver"
}, {
"key": _key,
"kty": "RSA",
"use": "sig"
}])
request = AccessTokenRequest()
pkj = PrivateKeyJWT()
_ca = assertion_jwt(client.client_id, kc_rsa.get('RSA'),
"https://example.com/token", 'RS256')
http_args = pkj.construct(request, client_assertion=_ca)
assert http_args == {}
assert request['client_assertion'] == _ca
assert request['client_assertion_type'] == JWT_BEARER
def test_construct(self, client):
request = client.service['accesstoken'].construct(
cli_info=client.client_info,
redirect_uri="http://example.com",
state='ABCDE')
csp = ClientSecretPost()
http_args = csp.construct(request, cli_info=client.client_info)
assert request["client_id"] == "A"
assert request["client_secret"] == "boarding pass"
assert http_args is None
request = AccessTokenRequest(code="foo",
redirect_uri="http://example.com")
http_args = csp.construct(request,
cli_info=client.client_info,
http_args={"client_secret": "another"})
assert request["client_id"] == "A"
assert request["client_secret"] == "another"
assert http_args == {}
def test_request_info(self):
req_args = {
'redirect_uri': 'https://example.com/cli/authz_cb',
'code': 'access_code'
}
self.req.endpoint = 'https://example.com/authorize'
_info = self.req.request_info(self.cli_info,
request_args=req_args,
state='state',
authn_method='client_secret_basic')
assert set(_info.keys()) == {'body', 'uri', 'cis', 'kwargs', 'h_args'}
assert _info['uri'] == 'https://example.com/authorize'
assert _info['cis'].to_dict() == {
'client_id': 'client_id',
'code': 'access_code',
'grant_type': 'authorization_code',
'redirect_uri': 'https://example.com/cli/authz_cb'
}
msg = AccessTokenRequest().from_urlencoded(
self.req.get_urlinfo(_info['body']))
assert msg == _info['cis']