def test_register_with_provider(self): registration_endpoint = "{}/registration".format(ISSUER) signed_jwks_uri = "{}/signed_jwks".format(ISSUER) federation_key = sym_key() rp_root_key = rsa_key() rp_software_statement = Federation(federation_key).create_software_statement( dict(redirect_uris=["https://rp.example.com"])) op_root_key = rsa_key() op_intermediate_key = rsa_key() op_signed_intermediate_key = JWS(json.dumps(op_intermediate_key.serialize(private=False)), alg=op_root_key.alg).sign_compact(keys=[op_root_key]) op_software_statement = Federation(federation_key).create_software_statement( dict(issuer=ISSUER, root_key=op_root_key.serialize(private=False), scopes_supported=["openid", "test_scope"])) # signed_jwks_uri expected_kid = "OP key 1" keys = [RSAKey(key=RSA.generate(1024), kid=expected_kid).serialize(private=False)] jwks = json.dumps(dict(keys=keys)) jws = JWS(jwks, alg=op_intermediate_key.alg).sign_compact(keys=[op_intermediate_key]) responses.add(responses.GET, signed_jwks_uri, body=jws, status=200, content_type="application/jose") rp = RP(None, rp_root_key, [rp_software_statement], [federation_key], None) rp.client.provider_info = FederationProviderConfigurationResponse( **dict(issuer=ISSUER, signing_key=op_signed_intermediate_key, registration_endpoint=registration_endpoint, signed_jwks_uri=signed_jwks_uri)) reg_resp = FederationRegistrationResponse( **dict(provider_software_statement=op_software_statement, client_id="foo", redirect_uris=["https://rp.example.com"])) responses.add(responses.POST, registration_endpoint, body=reg_resp.to_json(), status=201, content_type="application/json") client_registration_data = {} rp.register_with_provider(ISSUER, client_registration_data) assert rp.client.client_id == "foo" assert rp.client.provider_signing_key == op_intermediate_key assert rp.client.keyjar[ISSUER][0].keys()[0].kid == expected_kid