def test_construct_with_token(self, services): authz_service = services['authorization'] _state = authz_service.create_state('Issuer') req = AuthorizationRequest(state=_state, response_type='code', redirect_uri='https://example.com', scope=['openid']) authz_service.store_item(req, 'auth_request', _state) # Add a state and bind a code to it resp1 = AuthorizationResponse(code="auth_grant", state=_state) response = services['authorization'].parse_response( resp1.to_urlencoded(), "urlencoded") services['authorization'].update_service_context(response, key=_state) # based on state find the code and then get an access token resp2 = AccessTokenResponse(access_token="token1", token_type="Bearer", expires_in=0, state=_state) response = services['accesstoken'].parse_response( resp2.to_urlencoded(), "urlencoded") services['accesstoken'].update_service_context(response, key=_state) # and finally use the access token, bound to a state, to # construct the authorization header http_args = BearerHeader().construct(ResourceRequest(), services['accesstoken'], key=_state) assert http_args == {"headers": {"Authorization": "Bearer token1"}}
def test_allow_unsigned_idtoken(self, allow_sign_alg_none): req_args = { 'response_type': 'code', 'state': 'state', 'nonce': 'nonce' } self.service.endpoint = 'https://example.com/authorize' self.service.get_request_parameters(request_args=req_args) # Build an ID Token idt = JWT(ISS_KEY, iss=ISS, lifetime=3600, sign_alg='none') payload = {'sub': '123456789', 'aud': ['client_id']} _idt = idt.pack(payload) self.service.service_context.get('behaviour')["verify_args"] = { "allow_sign_alg_none": allow_sign_alg_none } resp = AuthorizationResponse(state='state', code='code', id_token=_idt) if allow_sign_alg_none: resp = self.service.parse_response(resp.to_urlencoded()) else: with pytest.raises(UnsupportedAlgorithm): self.service.parse_response(resp.to_urlencoded())
def test_update_service_context_with_idtoken(self): req_args = {'response_type': 'code', 'state': 'state', 'nonce': 'nonce'} self.service.endpoint = 'https://example.com/authorize' _info = self.service.get_request_parameters(request_args=req_args) # Build an ID Token idt = JWT(key_jar=ISS_KEY, iss=ISS, lifetime=3600) payload = {'sub': '123456789', 'aud': ['client_id'], 'nonce': 'nonce'} # have to calculate c_hash alg = 'RS256' halg = "HS%s" % alg[-3:] payload["c_hash"] = left_hash('code', halg) _idt = idt.pack(payload) resp = AuthorizationResponse(state='state', code='code', id_token=_idt) resp = self.service.parse_response(resp.to_urlencoded()) self.service.update_service_context(resp, 'state')
def test_response(self): _state = "today" req_args = {'response_type': 'code', 'state': _state} self.auth_service.endpoint = 'https://example.com/authorize' _info = self.auth_service.get_request_parameters(request_args=req_args) assert set(_info.keys()) == {'url', 'method', 'request'} msg = AuthorizationRequest().from_urlencoded( self.auth_service.get_urlinfo(_info['url'])) self.auth_service.client_get("service_context").state.store_item( msg, "auth_request", _state) resp1 = AuthorizationResponse(code="auth_grant", state=_state) response = self.auth_service.parse_response(resp1.to_urlencoded(), "urlencoded", state=_state) self.auth_service.update_service_context(response, key=_state) assert self.auth_service.client_get("service_context").state.get_state( _state)
def test_construct_with_request(self, services): authz_service = services['authorization'] authz_service.state_db.set('EEEE', State(iss='Issuer').to_json()) resp1 = AuthorizationResponse(code="auth_grant", state="EEEE") response = authz_service.parse_response(resp1.to_urlencoded(), "urlencoded") authz_service.update_service_context(response, key='EEEE') resp2 = AccessTokenResponse(access_token="token1", token_type="Bearer", expires_in=0, state="EEEE") response = services['accesstoken'].parse_response( resp2.to_urlencoded(), "urlencoded") services['accesstoken'].update_service_context(response, key='EEEE') request = ResourceRequest() BearerBody().construct(request, service=authz_service, key="EEEE") assert "access_token" in request assert request["access_token"] == "token1"
def test_construct_with_request(self, entity): authz_service = entity.client_get("service", 'authorization') _cntx = authz_service.client_get("service_context") _key = _cntx.state.create_state(iss='Issuer') resp1 = AuthorizationResponse(code="auth_grant", state=_key) response = authz_service.parse_response(resp1.to_urlencoded(), "urlencoded") authz_service.update_service_context(response, key=_key) resp2 = AccessTokenResponse(access_token="token1", token_type="Bearer", expires_in=0, state=_key) _token_service = entity.client_get("service", 'accesstoken') response = _token_service.parse_response(resp2.to_urlencoded(), "urlencoded") _token_service.update_service_context(response, key=_key) request = ResourceRequest() BearerBody().construct(request, service=authz_service, key=_key) assert "access_token" in request assert request["access_token"] == "token1"