def test_access_token_srv_conf(): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'] } service_context = ServiceContext(config=client_config) service = service_factory( 'AccessToken', ['oauth2'], service_context=service_context, conf={'default_authn_method': 'client_secret_post'}) auth_request = AuthorizationRequest( redirect_uri='https://example.com/cli/authz_cb', state='state') auth_response = AuthorizationResponse(code='access_code') service.store_item(auth_request, "auth_request", 'state') service.store_item(auth_response, "auth_response", 'state') req_args = { 'redirect_uri': 'https://example.com/cli/authz_cb', 'code': 'access_code' } service.endpoint = 'https://example.com/authorize' _info = service.get_request_parameters(request_args=req_args, state='state') assert _info msg = AccessTokenRequest().from_urlencoded( service.get_urlinfo(_info['body'])) assert 'client_secret' in msg
def get_service(): service_context = ServiceContext(keyjar=None, config=CLIENT_CONF) service_context.client_secret = "white boarding pass" service = service_factory('AccessToken', ['oidc'], state_db=InMemoryStateDataBase(), service_context=service_context) return service
def test_authz_service_conf(): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'], 'behaviour': {'response_types': ['code']} } srv = service_factory( 'Authorization', ['oidc'], state_db=InMemoryStateDataBase(), service_context=ServiceContext(CLI_KEY, config=client_config), conf={ 'request_args': { 'claims': { "id_token": { "auth_time": {"essential": True}, "acr": {"values": ["urn:mace:incommon:iap:silver"]} } } } }) req = srv.construct() assert 'claims' in req assert set(req['claims'].keys()) == {'id_token'}
def create_request(self): self._iss = ISS client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'], 'issuer': self._iss, 'requests_dir': 'requests', 'base_url': 'https://example.com/cli/' } service_context = ServiceContext(config=client_config) service_context.keyjar = CLI_KEY service_context.behaviour = { 'userinfo_signed_response_alg': 'RS256', "userinfo_encrypted_response_alg": "RSA-OAEP", "userinfo_encrypted_response_enc": "A256GCM" } db = InMemoryStateDataBase() auth_response = AuthorizationResponse(code='access_code').to_json() idtval = { 'nonce': 'KUEYfRM2VzKDaaKD', 'sub': 'diana', 'iss': ISS, 'aud': 'client_id' } idt = create_jws(idtval) ver_idt = IdToken().from_jwt(idt, CLI_KEY) token_response = AccessTokenResponse( access_token='access_token', id_token=idt, __verified_id_token=ver_idt).to_json() db.set('abcde', State(token_response=token_response, auth_response=auth_response).to_json()) self.service = service_factory('UserInfo', ['oidc'], state_db=db, service_context=service_context)
def test_access_token_srv_conf(): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'] } service_context = ServiceContext(config=client_config) db = InMemoryStateDataBase() auth_request = AuthorizationRequest( redirect_uri='https://example.com/cli/authz_cb', state='state') auth_response = AuthorizationResponse(code='access_code') _state = State(auth_request=auth_request.to_json(), auth_response=auth_response.to_json()) db.set('state', _state.to_json()) service = service_factory( 'AccessToken', ['oauth2'], state_db=db, service_context=service_context, conf={'default_authn_method': 'client_secret_post'}) req_args = { 'redirect_uri': 'https://example.com/cli/authz_cb', 'code': 'access_code' } service.endpoint = 'https://example.com/authorize' _info = service.get_request_parameters(request_args=req_args, state='state') assert _info msg = AccessTokenRequest().from_urlencoded( service.get_urlinfo(_info['body'])) assert 'client_secret' in msg
def create_service(self): client_config = { 'client_id': 'client_id', 'client_secret': 'another password' } service_context = ServiceContext(config=client_config) self.service = { 'token': service_factory("CCAccessToken", ['oauth2/client_credentials', 'oauth2'], service_context=service_context), 'refresh_token': service_factory("CCRefreshAccessToken", ['oauth2/client_credentials', 'oauth2'], service_context=service_context) } self.service['token'].endpoint = 'https://example.com/token' self.service['refresh_token'].endpoint = 'https://example.com/token'
def create_request(self): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'] } service_context = ServiceContext(CLI_KEY, config=client_config) service_context.issuer = 'https://example.com' self.service = service_factory('Authorization', ['oidc'], state_db=InMemoryStateDataBase(), service_context=service_context)
def create_request(self): self._iss = ISS client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'], 'issuer': self._iss, 'requests_dir': 'requests', 'base_url': 'https://example.com/cli/' } service_context = ServiceContext(config=client_config) self.service = service_factory('Registration', ['oidc'], state_db=None, service_context=service_context)
def create_service(self): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'], 'behaviour': { 'response_types': ['code'] } } service_context = ServiceContext(config=client_config) self.service = service_factory('Authorization', ['oauth2'], service_context=service_context)
def factory(service_name, ignore, **kwargs): """ A factory the given a service name will return a :py:class:`oidcservice.service.Service` instance if a service matching the name could be found. :param service_name: A service name, could be either of the format 'group.name' or 'name'. :param kwargs: A set of key word arguments to be used when initiating the Service class :return: A :py:class:`oidcservice.service.Service` instance or None """ if '.' in service_name: group, name = service_name.split('.') if group == 'oauth2': service_factory(service_name[1], ['oauth2'], **kwargs) elif group == 'oidc': service_factory(service_name[1], ['oidc'], **kwargs) else: return get_provider_specific_service(group, name, **kwargs) else: return service_factory(service_name, ['oidc', 'oauth2'], **kwargs)
def create_request(self): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'callback': { 'code': 'https://example.com/cli/authz_cb', 'implicit': 'https://example.com/cli/authz_im_cb', 'form_post': 'https://example.com/cli/authz_fp_cb' } } service_context = ServiceContext(CLI_KEY, config=client_config) self.service = service_factory('Authorization', ['oidc'], state_db=InMemoryStateDataBase(), service_context=service_context)
def create_request(self): self._iss = ISS client_config = { "redirect_uris": ["https://example.com/cli/authz_cb"], "issuer": self._iss, "requests_dir": "requests", "base_url": "https://example.com/cli/", "client_preferences": { "application_type": "web", "response_types": ["code"], "contacts": ["*****@*****.**"], "jwks_uri": "https://example.com/rp/static/jwks.json", "redirect_uris": ["{}/authz_cb".format(RP_BASEURL)], "token_endpoint_auth_method": "client_secret_basic", "grant_types": ["authorization_code"] } } service_context = ServiceContext(config=client_config) self.reg_service = service_factory("Registration", ["oidc"], service_context=service_context) self.read_service = service_factory("RegistrationRead", ["oidc"], service_context=service_context)
def create_request(self): self._iss = ISS client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'], 'issuer': self._iss, 'requests_dir': 'requests', 'base_url': 'https://example.com/cli/', 'post_logout_redirect_uris': ['https://example.com/post_logout'] } service_context = ServiceContext(config=client_config) self.service = service_factory('EndSession', ['oidc'], state_db=InMemoryStateDataBase(), service_context=service_context)
def create_request(self): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'] } service_context = ServiceContext(CLI_KEY, config=client_config) _db = InMemoryStateDataBase() auth_request = AuthorizationRequest( redirect_uri='https://example.com/cli/authz_cb', state='state', response_type='code').to_json() auth_response = AuthorizationResponse(code='access_code').to_json() _db.set('state', State(auth_response=auth_response, auth_request=auth_request).to_json()) self.service = service_factory('AccessToken', ['oidc'], state_db=_db, service_context=service_context)
def create_service(self): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'] } service_context = ServiceContext(config=client_config) self.service = service_factory('RefreshAccessToken', ['oauth2'], service_context=service_context) auth_response = AuthorizationResponse(code='access_code') token_response = AccessTokenResponse(access_token='bearer_token', refresh_token='refresh') self.service.store_item(auth_response, 'auth_response', 'abcdef') self.service.store_item(token_response, 'token_response', 'abcdef') self.service.endpoint = 'https://example.com/token'
def test_add_jwks_uri_or_jwks_3(): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'], 'issuer': ISS, 'client_preferences': { 'id_token_signed_response_alg': 'RS384', 'userinfo_signed_response_alg': 'RS384' } } service_context = ServiceContext(config=client_config, jwks='{"keys":[]}') service = service_factory('Registration', ['oidc'], state_db=None, service_context=service_context) req_args, post_args = add_jwks_uri_or_jwks({}, service) assert req_args['jwks'] == '{"keys":[]}' assert set(req_args.keys()) == {'jwks'}
def create_service(self): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'] } service_context = ServiceContext(config=client_config) service_context.set('redirect_uris', ['https://example.com/cli/authz_cb']) self.service = service_factory('AccessToken', ['oauth2'], service_context=service_context) auth_request = AuthorizationRequest( redirect_uri='https://example.com/cli/authz_cb', state='state') auth_response = AuthorizationResponse(code='access_code') self.service.store_item(auth_request, 'auth_request', 'state') self.service.store_item(auth_response, 'auth_response', 'state')
def test_add_jwks_uri_or_jwks_0(): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'], 'jwks_uri': 'https://example.com/jwks/jwks.json', 'issuer': ISS, 'client_preferences': { 'id_token_signed_response_alg': 'RS384', 'userinfo_signed_response_alg': 'RS384' } } service_context = ServiceContext(config=client_config) service = service_factory('Registration', ['oidc'], service_context=service_context) req_args, post_args = add_jwks_uri_or_jwks({}, service) assert req_args['jwks_uri'] == 'https://example.com/jwks/jwks.json'
def create_service(self): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'] } service_context = ServiceContext(config=client_config) db = InMemoryStateDataBase() auth_response = AuthorizationResponse(code='access_code') token_response = AccessTokenResponse(access_token='bearer_token', refresh_token='refresh') _state = State(auth_response=auth_response.to_json(), token_response=token_response.to_json()) db.set('abcdef', _state.to_json()) self.service = service_factory('RefreshAccessToken', ['oauth2'], state_db=db, service_context=service_context) self.service.endpoint = 'https://example.com/token'
def create_request(self): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'] } service_context = ServiceContext(CLI_KEY, config=client_config) self.service = service_factory('AccessToken', ['oidc'], service_context=service_context) # add some history auth_request = AuthorizationRequest( redirect_uri='https://example.com/cli/authz_cb', state='state', response_type='code').to_json() self.service.store_item(auth_request, "auth_request", 'state') auth_response = AuthorizationResponse(code='access_code').to_json() self.service.store_item(auth_response, "auth_response", 'state')
def create_service(self): self._iss = ISS client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'], 'issuer': self._iss, 'client_preferences': { "application_type": "web", "application_name": "rphandler", "contacts": ["*****@*****.**"], "response_types": ["code"], "scope": ["openid", "profile", "email", "address", "phone"], "token_endpoint_auth_method": "client_secret_basic", } } service_context = ServiceContext(config=client_config) self.service = service_factory('ProviderInfoDiscovery', ['oidc'], service_context=service_context)
def create_service(self): self._iss = 'https://example.com/as' client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', "client_preferences": { "application_type": "web", "application_name": "rphandler", "contacts": ["*****@*****.**"], "response_types": ["code"], "scope": ["openid", "profile", "email", "address", "phone"], "token_endpoint_auth_method": "client_secret_basic", }, 'redirect_uris': ['https://example.com/cli/authz_cb'], 'issuer': self._iss } service_context = ServiceContext(config=client_config) self.service = service_factory('ProviderInfoDiscovery', ['oauth2'], state_db=InMemoryStateDataBase(), service_context=service_context) self.service.endpoint = '{}/.well-known/openid-configuration'.format( self._iss)
def get_service(): service_context = ServiceContext(keyjar=None, config=CLIENT_CONF) # service_context.set('client_secret', "white boarding pass") service = service_factory('AccessToken', ['oidc'], service_context=service_context) return service