def create_request(self): self._iss = ISS client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'], 'issuer': self._iss, 'requests_dir': 'requests', 'base_url': 'https://example.com/cli/' } service_context = ServiceContext(config=client_config) service_context.keyjar = CLI_KEY service_context.behaviour = { 'userinfo_signed_response_alg': 'RS256', "userinfo_encrypted_response_alg": "RSA-OAEP", "userinfo_encrypted_response_enc": "A256GCM" } db = InMemoryStateDataBase() auth_response = AuthorizationResponse(code='access_code').to_json() idtval = { 'nonce': 'KUEYfRM2VzKDaaKD', 'sub': 'diana', 'iss': ISS, 'aud': 'client_id' } idt = create_jws(idtval) ver_idt = IdToken().from_jwt(idt, CLI_KEY) token_response = AccessTokenResponse( access_token='access_token', id_token=idt, __verified_id_token=ver_idt).to_json() db.set('abcde', State(token_response=token_response, auth_response=auth_response).to_json()) self.service = service_factory('UserInfo', ['oidc'], state_db=db, service_context=service_context)
def test_access_token_srv_conf(): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'] } service_context = ServiceContext(config=client_config) db = InMemoryStateDataBase() auth_request = AuthorizationRequest( redirect_uri='https://example.com/cli/authz_cb', state='state') auth_response = AuthorizationResponse(code='access_code') _state = State(auth_request=auth_request.to_json(), auth_response=auth_response.to_json()) db.set('state', _state.to_json()) service = service_factory( 'AccessToken', ['oauth2'], state_db=db, service_context=service_context, conf={'default_authn_method': 'client_secret_post'}) req_args = { 'redirect_uri': 'https://example.com/cli/authz_cb', 'code': 'access_code' } service.endpoint = 'https://example.com/authorize' _info = service.get_request_parameters(request_args=req_args, state='state') assert _info msg = AccessTokenRequest().from_urlencoded( service.get_urlinfo(_info['body'])) assert 'client_secret' in msg
def services(): db = InMemoryStateDataBase() auth_request = AuthorizationRequest(redirect_uri="http://example.com", state='ABCDE').to_json() auth_response = AuthorizationResponse(access_token="token", state='ABCDE').to_json() db.set( 'ABCDE', State(iss='Issuer', auth_request=auth_request, auth_response=auth_response).to_json()) return init_services(DEFAULT_SERVICES, get_service_context(), db)
def create_request(self): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'] } service_context = ServiceContext(CLI_KEY, config=client_config) _db = InMemoryStateDataBase() auth_request = AuthorizationRequest( redirect_uri='https://example.com/cli/authz_cb', state='state', response_type='code').to_json() auth_response = AuthorizationResponse(code='access_code').to_json() _db.set('state', State(auth_response=auth_response, auth_request=auth_request).to_json()) self.service = service_factory('AccessToken', ['oidc'], state_db=_db, service_context=service_context)
def __init__(self, base_url='', hash_seed="", keyjar=None, verify_ssl=True, services=None, service_factory=None, client_configs=None, client_authn_factory=None, client_cls=None, state_db=None, http_lib=None, module_dirs=None, **kwargs): self.base_url = base_url self.hash_seed = as_bytes(hash_seed) self.verify_ssl = verify_ssl self.keyjar = keyjar if state_db: self.state_db = state_db else: self.state_db = InMemoryStateDataBase() self.session_interface = StateInterface(self.state_db) try: self.jwks_uri = add_path(base_url, kwargs['jwks_path']) except KeyError: pass self.extra = kwargs self.client_cls = client_cls or oidc.RP self.services = services self.service_factory = service_factory or factory self.client_authn_factory = client_authn_factory self.client_configs = client_configs self.module_dirs = module_dirs or ['oidc', 'oauth2'] # keep track on which RP instance that serves with OP self.issuer2rp = {} self.hash2issuer = {} self.httplib = http_lib
def test_authz_service_conf(): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'], 'behaviour': {'response_types': ['code']} } srv = service_factory( 'Authorization', ['oidc'], state_db=InMemoryStateDataBase(), service_context=ServiceContext(CLI_KEY, config=client_config), conf={ 'request_args': { 'claims': { "id_token": { "auth_time": {"essential": True}, "acr": {"values": ["urn:mace:incommon:iap:silver"]} } } } }) req = srv.construct() assert 'claims' in req assert set(req['claims'].keys()) == {'id_token'}
def create_client(self): config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'], 'behaviour': {'response_types': ['code']}, 'add_ons': { "pkce": { "function": "oidcservice.oidc.add_on.pkce.add_pkce_support", "kwargs": { "code_challenge_length": 64, "code_challenge_method": "S256" } } } } _cam = ca_factory _srvs = DEFAULT_SERVICES service_context = ServiceContext(CLI_KEY, client_id='client_id', issuer='https://www.example.org/as', config=config) self.service = init_services(_srvs, service_context, InMemoryStateDataBase(), _cam) if 'add_ons' in config: do_add_ons(config['add_ons'], self.service) service_context.service = self.service
def get_service(): service_context = ServiceContext(keyjar=None, config=CLIENT_CONF) service_context.client_secret = "white boarding pass" service = service_factory('AccessToken', ['oidc'], state_db=InMemoryStateDataBase(), service_context=service_context) return service
def create_service(self): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'] } service_context = ServiceContext(config=client_config) db = InMemoryStateDataBase() auth_response = AuthorizationResponse(code='access_code') token_response = AccessTokenResponse(access_token='bearer_token', refresh_token='refresh') _state = State(auth_response=auth_response.to_json(), token_response=token_response.to_json()) db.set('abcdef', _state.to_json()) self.service = service_factory('RefreshAccessToken', ['oauth2'], state_db=db, service_context=service_context) self.service.endpoint = 'https://example.com/token'
def create_request(self): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'] } service_context = ServiceContext(CLI_KEY, config=client_config) service_context.issuer = 'https://example.com' self.service = service_factory('Authorization', ['oidc'], state_db=InMemoryStateDataBase(), service_context=service_context)
def create_request(self): self._iss = ISS client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'], 'issuer': self._iss, 'requests_dir': 'requests', 'base_url': 'https://example.com/cli/' } service_context = ServiceContext(config=client_config) self.service = service_factory('CheckID', ['oidc'], state_db=InMemoryStateDataBase(), service_context=service_context)
def create_request(self): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'callback': { 'code': 'https://example.com/cli/authz_cb', 'implicit': 'https://example.com/cli/authz_im_cb', 'form_post': 'https://example.com/cli/authz_fp_cb' } } service_context = ServiceContext(CLI_KEY, config=client_config) self.service = service_factory('Authorization', ['oidc'], state_db=InMemoryStateDataBase(), service_context=service_context)
def create_service(self): client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'], 'behaviour': { 'response_types': ['code'] } } service_context = ServiceContext(config=client_config) self.service = service_factory('Authorization', ['oauth2'], state_db=InMemoryStateDataBase(), service_context=service_context)
def __init__(self, base_url='', hash_seed="", keyjar=None, verify_ssl=True, services=None, client_configs=None, client_authn_factory=None, client_cls=None, state_db=None, http_lib=None, httpc_params=None, **kwargs): self.base_url = base_url self.hash_seed = as_bytes(hash_seed) self.keyjar = keyjar if state_db: self.state_db = state_db else: self.state_db = InMemoryStateDataBase() self.session_interface = StateInterface(self.state_db) try: self.jwks_uri = add_path(base_url, kwargs['jwks_path']) except KeyError: self.jwks_uri = "" self.extra = kwargs self.client_cls = client_cls or oidc.RP self.services = services self.client_authn_factory = client_authn_factory self.client_configs = client_configs # keep track on which RP instance that serves with OP self.issuer2rp = {} self.hash2issuer = {} self.httplib = http_lib if not httpc_params: self.httpc_params = {'verify': verify_ssl} else: self.httpc_params = httpc_params if not getattr(self.keyjar, 'httpc_params', None): self.keyjar.httpc_params = self.httpc_params
def create_service(self): client_config = { 'client_id': 'client_id', 'client_secret': 'another password' } service_context = ServiceContext(config=client_config) db = InMemoryStateDataBase() self.service = { 'token': service_factory("CCAccessToken", ['oauth2/client_credentials', 'oauth2'], state_db=db, service_context=service_context), 'refresh_token': service_factory("CCRefreshAccessToken", ['oauth2/client_credentials', 'oauth2'], state_db=db, service_context=service_context) } self.service['token'].endpoint = 'https://example.com/token' self.service['refresh_token'].endpoint = 'https://example.com/token'
def create_client(self): config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', 'redirect_uris': ['https://example.com/cli/authz_cb'], 'behaviour': { 'response_types': ['code'] }, 'add_ons': { "pushed_authorization": { "function": "oidcservice.oidc.add_on.pushed_authorization" ".add_pushed_authorization_support", "kwargs": { "body_format": "jws", "signing_algorthm": "RS256", "http_client": None, "merge_rule": "lax" } } } } _cam = ca_factory _srvs = DEFAULT_SERVICES service_context = ServiceContext(CLI_KEY, client_id='client_id', issuer='https://www.example.org/as', config=config) self.service = init_services(_srvs, service_context, InMemoryStateDataBase(), _cam) if 'add_ons' in config: do_add_ons(config['add_ons'], self.service) service_context.service = self.service service_context.provider_info = { "pushed_authorization_request_endpoint": "https://as.example.com/push" }
def create_service(self): self._iss = 'https://example.com/as' client_config = { 'client_id': 'client_id', 'client_secret': 'a longesh password', "client_preferences": { "application_type": "web", "application_name": "rphandler", "contacts": ["*****@*****.**"], "response_types": ["code"], "scope": ["openid", "profile", "email", "address", "phone"], "token_endpoint_auth_method": "client_secret_basic", }, 'redirect_uris': ['https://example.com/cli/authz_cb'], 'issuer': self._iss } service_context = ServiceContext(config=client_config) self.service = service_factory('ProviderInfoDiscovery', ['oauth2'], state_db=InMemoryStateDataBase(), service_context=service_context) self.service.endpoint = '{}/.well-known/openid-configuration'.format( self._iss)
def service_factory(req_name, module_dirs, **kwargs): pwd = dirname(__file__) if pwd not in sys.path: sys.path.insert(0, pwd) for dir in module_dirs: for x in glob(join(pwd, dir, '*.py')): _mod = basename(x)[:-3] if not _mod.startswith('__'): if '/' in dir: dir = dir.replace('/', '.') _dir_mod = '{}.{}'.format(dir, basename(x)[:-3]) if _dir_mod not in sys.modules: __import__(_dir_mod, globals(), locals()) for name, obj in inspect.getmembers(sys.modules[_dir_mod]): if inspect.isclass(obj) and issubclass(obj, Service): try: if obj.__name__ == req_name: return obj(**kwargs) except AttributeError: pass if __name__ == "__main__": from oidcservice.state_interface import InMemoryStateDataBase srv = service_factory('AccessToken', ['oidc'], state_db=InMemoryStateDataBase(), service_context=None) print(srv.service_name)
"web", "application_name": "rphandler", "contacts": ["*****@*****.**"], "response_types": ["code"], "scope": ["openid", "profile", "email", "address", "phone"], "token_endpoint_auth_method": ["client_secret_basic", 'client_secret_post'], }, "redirect_uris": ["{}/authz_cb".format(RP_BASEURL)], "jwks_uri": "{}/static/jwks.json".format(RP_BASEURL) }) service = build_services(service_spec, factory, state_db=InMemoryStateDataBase(), service_context=service_context) service_context.service = service # ======================== WebFinger ======================== info = service['webfinger'].get_request_parameters( resource='*****@*****.**') print(info) webfinger_response = json.dumps({ "subject": "acct:[email protected]", "links": [{
def test_conversation(): service_context = ServiceContext( RP_KEYJAR, { "client_preferences": { "application_type": "web", "application_name": "rphandler", "contacts": ["*****@*****.**"], "response_types": ["code"], "scope": ["openid", "profile", "email", "address", "phone"], "token_endpoint_auth_method": "client_secret_basic", }, "redirect_uris": ["{}/authz_cb".format(RP_BASEURL)], "jwks_uri": "{}/static/jwks.json".format(RP_BASEURL) }) service_spec = DEFAULT_SERVICES.copy() service_spec['WebFinger'] = {'class': WebFinger} service = init_services(service_spec, state_db=InMemoryStateDataBase(), service_context=service_context) assert set(service.keys()) == { 'accesstoken', 'authorization', 'webfinger', 'registration', 'refresh_token', 'userinfo', 'provider_info' } service_context.service = service # ======================== WebFinger ======================== info = service['webfinger'].get_request_parameters( request_args={'resource': '*****@*****.**'}) assert info[ 'url'] == 'https://example.org/.well-known/webfinger?rel=http' \ '%3A%2F' \ '%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer' \ '&resource' \ '=acct%3Afoobar%40example.org' webfinger_response = json.dumps({ "subject": "acct:[email protected]", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://example.org/op" }], "expires": "2018-02-04T11:08:41Z" }) response = service['webfinger'].parse_response(webfinger_response) assert isinstance(response, JRD) assert set(response.keys()) == {'subject', 'links', 'expires'} assert response['links'] == [ Link(rel='http://openid.net/specs/connect/1.0/issuer', href='https://example.org/op') ] service['webfinger'].update_service_context(resp=response) assert service_context.issuer == OP_BASEURL # =================== Provider info discovery ==================== info = service['provider_info'].get_request_parameters() assert info[ 'url'] == 'https://example.org/op/.well-known/openid' \ '-configuration' provider_info_response = json.dumps({ "version": "3.0", "token_endpoint_auth_methods_supported": [ "client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt" ], "claims_parameter_supported": True, "request_parameter_supported": True, "request_uri_parameter_supported": True, "require_request_uri_registration": True, "grant_types_supported": [ "authorization_code", "implicit", "urn:ietf:params:oauth:grant-type:jwt-bearer", "refresh_token" ], "response_types_supported": [ "code", "id_token", "id_token token", "code id_token", "code token", "code id_token token" ], "response_modes_supported": ["query", "fragment", "form_post"], "subject_types_supported": ["public", "pairwise"], "claim_types_supported": ["normal", "aggregated", "distributed"], "claims_supported": [ "birthdate", "address", "nickname", "picture", "website", "email", "gender", "sub", "phone_number_verified", "given_name", "profile", "phone_number", "updated_at", "middle_name", "name", "locale", "email_verified", "preferred_username", "zoneinfo", "family_name" ], "scopes_supported": [ "openid", "profile", "email", "address", "phone", "offline_access", "openid" ], "userinfo_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "HS256", "HS384", "HS512", "PS256", "PS384", "PS512", "none" ], "id_token_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "HS256", "HS384", "HS512", "PS256", "PS384", "PS512", "none" ], "request_object_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "HS256", "HS384", "HS512", "PS256", "PS384", "PS512", "none" ], "token_endpoint_auth_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "HS256", "HS384", "HS512", "PS256", "PS384", "PS512" ], "userinfo_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "RSA-OAEP-256", "A128KW", "A192KW", "A256KW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW" ], "id_token_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "RSA-OAEP-256", "A128KW", "A192KW", "A256KW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW" ], "request_object_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "RSA-OAEP-256", "A128KW", "A192KW", "A256KW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW" ], "userinfo_encryption_enc_values_supported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ], "id_token_encryption_enc_values_supported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ], "request_object_encryption_enc_values_supported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ], "acr_values_supported": ["PASSWORD"], "issuer": OP_BASEURL, "jwks_uri": "{}/static/jwks_tE2iLbOAqXhe8bqh.json".format(OP_BASEURL), "authorization_endpoint": "{}/authorization".format(OP_BASEURL), "token_endpoint": "{}/token".format(OP_BASEURL), "userinfo_endpoint": "{}/userinfo".format(OP_BASEURL), "registration_endpoint": "{}/registration".format(OP_BASEURL), "end_session_endpoint": "{}/end_session".format(OP_BASEURL) }) resp = service['provider_info'].parse_response(provider_info_response) assert isinstance(resp, ProviderConfigurationResponse) service['provider_info'].update_service_context(resp) assert service_context.provider_info['issuer'] == OP_BASEURL assert service_context.provider_info[ 'authorization_endpoint'] == \ 'https://example.org/op/authorization' assert service_context.provider_info[ 'registration_endpoint'] == 'https://example.org/op/registration' # =================== Client registration ==================== info = service['registration'].get_request_parameters() assert info['url'] == 'https://example.org/op/registration' _body = json.loads(info['body']) assert _body == { "application_type": "web", "response_types": ["code"], "contacts": ["*****@*****.**"], "jwks_uri": "https://example.com/rp/static/jwks.json", "redirect_uris": ["{}/authz_cb".format(RP_BASEURL)], 'token_endpoint_auth_method': 'client_secret_basic', "grant_types": ["authorization_code"] } assert info['headers'] == {'Content-Type': 'application/json'} now = int(time.time()) op_client_registration_response = json.dumps({ "client_id": "zls2qhN1jO6A", "client_secret": "c8434f28cf9375d9a7", "registration_access_token": "NdGrGR7LCuzNtixvBFnDphGXv7wRcONn", "registration_client_uri": "{}/registration?client_id=zls2qhN1jO6A".format(RP_BASEURL), "client_secret_expires_at": now + 3600, "client_id_issued_at": now, "application_type": "web", "response_types": ["code"], "contacts": ["*****@*****.**"], "redirect_uris": ["{}/authz_cb".format(RP_BASEURL)], "token_endpoint_auth_method": "client_secret_basic", "grant_types": ["authorization_code"] }) response = service['registration'].parse_response( op_client_registration_response) service['registration'].update_service_context(response) assert service_context.client_id == 'zls2qhN1jO6A' assert service_context.client_secret == 'c8434f28cf9375d9a7' assert isinstance(service_context.registration_response, RegistrationResponse) assert set(service_context.registration_response.keys()) == { 'client_secret_expires_at', 'contacts', 'client_id', 'token_endpoint_auth_method', 'redirect_uris', 'response_types', 'client_id_issued_at', 'client_secret', 'application_type', 'registration_client_uri', 'registration_access_token', 'grant_types' } # =================== Authorization ==================== STATE = 'Oh3w3gKlvoM2ehFqlxI3HIK5' NONCE = 'UvudLKz287YByZdsY3AJoPAlEXQkJ0dK' info = service['authorization'].get_request_parameters(request_args={ 'state': STATE, 'nonce': NONCE }) p = urlparse(info['url']) _query = parse_qs(p.query) assert set(_query.keys()) == { 'state', 'nonce', 'response_type', 'scope', 'client_id', 'redirect_uri' } assert _query['scope'] == ['openid'] assert _query['nonce'] == [NONCE] assert _query['state'] == [STATE] op_authz_resp = { 'state': STATE, 'scope': 'openid', 'code': 'Z0FBQUFBQmFkdFFjUVpFWE81SHU5N1N4N01', 'iss': OP_BASEURL, 'client_id': 'zls2qhN1jO6A' } _authz_rep = AuthorizationResponse(**op_authz_resp) _resp = service['authorization'].parse_response(_authz_rep.to_urlencoded()) service['authorization'].update_service_context(_resp, key=STATE) _item = service['authorization'].get_item(AuthorizationResponse, 'auth_response', STATE) assert _item['code'] == 'Z0FBQUFBQmFkdFFjUVpFWE81SHU5N1N4N01' # =================== Access token ==================== request_args = { 'state': STATE, 'redirect_uri': service_context.redirect_uris[0] } info = service['accesstoken'].get_request_parameters( request_args=request_args) assert info['url'] == 'https://example.org/op/token' _qp = parse_qs(info['body']) assert _qp == { 'grant_type': ['authorization_code'], 'redirect_uri': ['https://example.com/rp/authz_cb'], 'client_id': ['zls2qhN1jO6A'], 'state': ['Oh3w3gKlvoM2ehFqlxI3HIK5'], 'code': ['Z0FBQUFBQmFkdFFjUVpFWE81SHU5N1N4N01'] } assert info['headers'] == { 'Authorization': 'Basic ' 'emxzMnFoTjFqTzZBOmM4NDM0ZjI4Y2Y5Mzc1ZDlhNw==', 'Content-Type': 'application/x-www-form-urlencoded' } # create the IdToken _jwt = JWT(OP_KEYJAR, OP_BASEURL, lifetime=3600, sign=True, sign_alg='RS256') payload = { 'sub': '1b2fc9341a16ae4e30082965d537', 'acr': 'PASSWORD', 'auth_time': 1517736988, 'nonce': NONCE } _jws = _jwt.pack(payload=payload, recv='zls2qhN1jO6A') _resp = { "state": "Oh3w3gKlvoM2ehFqlxI3HIK5", "scope": "openid", "access_token": "Z0FBQUFBQmFkdFF", "token_type": "Bearer", 'expires_in': 600, "id_token": _jws } service_context.issuer = OP_BASEURL _resp = service['accesstoken'].parse_response(json.dumps(_resp), state=STATE) assert isinstance(_resp, AccessTokenResponse) assert set(_resp['__verified_id_token'].keys()) == { 'iss', 'nonce', 'acr', 'auth_time', 'aud', 'iat', 'exp', 'sub' } service['accesstoken'].update_service_context(_resp, key=STATE) _item = service['authorization'].get_item(AccessTokenResponse, 'token_response', STATE) assert set(_item.keys()) == { 'state', 'scope', 'access_token', 'token_type', 'id_token', '__verified_id_token', 'expires_in', '__expires_at' } assert _item['token_type'] == 'Bearer' assert _item['access_token'] == 'Z0FBQUFBQmFkdFF' # =================== User info ==================== info = service['userinfo'].get_request_parameters(state=STATE) assert info['url'] == 'https://example.org/op/userinfo' assert info['headers'] == {'Authorization': 'Bearer Z0FBQUFBQmFkdFF'} op_resp = {"sub": "1b2fc9341a16ae4e30082965d537"} _resp = service['userinfo'].parse_response(json.dumps(op_resp), state=STATE) service['userinfo'].update_service_context(_resp, key=STATE) assert isinstance(_resp, OpenIDSchema) assert _resp.to_dict() == {'sub': '1b2fc9341a16ae4e30082965d537'} _item = service['authorization'].get_item(OpenIDSchema, 'user_info', STATE) assert _item.to_dict() == {'sub': '1b2fc9341a16ae4e30082965d537'}
def test_service(): req = Service(state_db=InMemoryStateDataBase(), service_context=ServiceContext(None), client_authn_method=None) assert isinstance(req, Service)
def create_service(self): service_context = ServiceContext(None) self.service = Service(service_context, state_db=InMemoryStateDataBase(), client_authn_method=None)
def create_service(self): service_context = ServiceContext(client_id='client_id', issuer='https://www.example.org/as') db = InMemoryStateDataBase() db.set('state', State(iss='Issuer').to_json()) self.service = DummyService(service_context, state_db=db)
def __init__(self, base_url, client_configs=None, services=None, keyjar=None, hash_seed="", verify_ssl=True, client_authn_factory=None, client_cls=None, state_db=None, http_lib=None, httpc_params=None, **kwargs): self.base_url = base_url if hash_seed: self.hash_seed = as_bytes(hash_seed) else: self.hash_seed = as_bytes(rndstr(32)) _jwks_path = kwargs.get('jwks_path') if keyjar is None: self.keyjar = init_key_jar(**DEFAULT_RP_KEY_DEFS, issuer_id='') self.keyjar.import_jwks_as_json( self.keyjar.export_jwks_as_json(True, ''), base_url) if _jwks_path is None: _jwks_path = DEFAULT_RP_KEY_DEFS['public_path'] else: self.keyjar = keyjar if _jwks_path: self.jwks_uri = add_path(base_url, _jwks_path) else: self.jwks_uri = "" if len(self.keyjar): self.jwks = self.keyjar.export_jwks() else: self.jwks = {} if state_db: self.state_db = state_db else: self.state_db = InMemoryStateDataBase() # self.session_interface = StateInterface(self.state_db) self.extra = kwargs self.client_cls = client_cls or oidc.RP if services is None: self.services = DEFAULT_SEVICES else: self.services = services self.client_authn_factory = client_authn_factory if client_configs is None: self.client_configs = DEFAULT_CLIENT_CONFIGS else: self.client_configs = client_configs # keep track on which RP instance that serves with OP self.issuer2rp = {} self.hash2issuer = {} self.httplib = http_lib if not httpc_params: self.httpc_params = {'verify': verify_ssl} else: self.httpc_params = httpc_params if not self.keyjar.httpc_params: self.keyjar.httpc_params = self.httpc_params