コード例 #1
0
def test_access_token_srv_conf():
    client_config = {
        'client_id': 'client_id',
        'client_secret': 'a longesh password',
        'redirect_uris': ['https://example.com/cli/authz_cb']
    }
    service_context = ServiceContext(config=client_config)

    db = InMemoryStateDataBase()
    auth_request = AuthorizationRequest(
        redirect_uri='https://example.com/cli/authz_cb', state='state')
    auth_response = AuthorizationResponse(code='access_code')

    _state = State(auth_request=auth_request.to_json(),
                   auth_response=auth_response.to_json())
    db.set('state', _state.to_json())

    service = service_factory(
        'AccessToken', ['oauth2'],
        state_db=db,
        service_context=service_context,
        conf={'default_authn_method': 'client_secret_post'})

    req_args = {
        'redirect_uri': 'https://example.com/cli/authz_cb',
        'code': 'access_code'
    }
    service.endpoint = 'https://example.com/authorize'
    _info = service.get_request_parameters(request_args=req_args,
                                           state='state')

    assert _info
    msg = AccessTokenRequest().from_urlencoded(
        service.get_urlinfo(_info['body']))
    assert 'client_secret' in msg
コード例 #2
0
    def test_authorization_and_pkce(self):
        auth_serv = self.service["authorization"]
        _state = State(iss='Issuer')
        auth_serv.state_db.set('state', _state.to_json())

        request = auth_serv.construct_request({"state": 'state', "response_type": "code"})
        assert set(request.keys()) == {'client_id', 'code_challenge',
                                       'code_challenge_method', 'state',
                                       'redirect_uri', 'response_type'}
コード例 #3
0
    def test_add_code_challenge_default_values(self):
        auth_serv = self.service["authorization"]
        _state = State(iss='Issuer')
        auth_serv.state_db.set('state', _state.to_json())
        request_args, _ = add_code_challenge({'state': 'state'}, auth_serv)

        # default values are length:64 method:S256
        assert set(request_args.keys()) == {'code_challenge', 'code_challenge_method',
                                            'state'}
        assert request_args['code_challenge_method'] == 'S256'

        request_args = add_code_verifier({}, auth_serv, state='state')
        assert len(request_args['code_verifier']) == 64
コード例 #4
0
    def create_request(self):
        self._iss = ISS
        client_config = {
            'client_id': 'client_id', 'client_secret': 'a longesh password',
            'redirect_uris': ['https://example.com/cli/authz_cb'],
            'issuer': self._iss, 'requests_dir': 'requests',
            'base_url': 'https://example.com/cli/'
        }
        service_context = ServiceContext(config=client_config)
        service_context.keyjar = CLI_KEY
        service_context.behaviour = {
            'userinfo_signed_response_alg': 'RS256',
            "userinfo_encrypted_response_alg": "RSA-OAEP",
            "userinfo_encrypted_response_enc": "A256GCM"
        }

        db = InMemoryStateDataBase()
        auth_response = AuthorizationResponse(code='access_code').to_json()

        idtval = {
            'nonce': 'KUEYfRM2VzKDaaKD', 'sub': 'diana',
            'iss': ISS, 'aud': 'client_id'
        }
        idt = create_jws(idtval)

        ver_idt = IdToken().from_jwt(idt, CLI_KEY)

        token_response = AccessTokenResponse(
            access_token='access_token', id_token=idt,
            __verified_id_token=ver_idt).to_json()
        db.set('abcde', State(token_response=token_response,
                              auth_response=auth_response).to_json())
        self.service = service_factory('UserInfo', ['oidc'], state_db=db,
                                       service_context=service_context)
コード例 #5
0
 def create_service(self):
     client_config = {
         'client_id': 'client_id',
         'client_secret': 'a longesh password',
         'redirect_uris': ['https://example.com/cli/authz_cb']
     }
     service_context = ServiceContext(config=client_config)
     db = InMemoryStateDataBase()
     auth_request = AuthorizationRequest(
         redirect_uri='https://example.com/cli/authz_cb', state='state')
     auth_response = AuthorizationResponse(code='access_code')
     _state = State(auth_response=auth_response.to_json(),
                    auth_request=auth_request.to_json())
     db.set('state', _state.to_json())
     self.service = service_factory('AccessToken', ['oauth2'],
                                    state_db=db,
                                    service_context=service_context)
コード例 #6
0
 def create_service(self):
     client_config = {
         'client_id': 'client_id',
         'client_secret': 'a longesh password',
         'redirect_uris': ['https://example.com/cli/authz_cb']
     }
     service_context = ServiceContext(config=client_config)
     db = InMemoryStateDataBase()
     auth_response = AuthorizationResponse(code='access_code')
     token_response = AccessTokenResponse(access_token='bearer_token',
                                          refresh_token='refresh')
     _state = State(auth_response=auth_response.to_json(),
                    token_response=token_response.to_json())
     db.set('abcdef', _state.to_json())
     self.service = service_factory('RefreshAccessToken', ['oauth2'],
                                    state_db=db,
                                    service_context=service_context)
     self.service.endpoint = 'https://example.com/token'
コード例 #7
0
 def create_client(self):
     self.redirect_uri = "http://example.com/redirect"
     conf = {
         'redirect_uris': ['https://example.com/cli/authz_cb'],
         'client_id': 'client_1',
         'client_secret': 'abcdefghijklmnop',
     }
     self.client = RP(DB(), config=conf)
     self.client.state_db.set('ABCDE', State(iss='issuer').to_json())
コード例 #8
0
    def test_do_userinfo_request_init(self):
        auth_request = AuthorizationRequest(
            redirect_uri='https://example.com/cli/authz_cb', state='state')
        auth_response = AuthorizationResponse(code='access_code')
        token_response = AccessTokenResponse(refresh_token="refresh_with_me",
                                             access_token="access")
        _state = State(auth_response=auth_response.to_json(),
                       auth_request=auth_request.to_json(),
                       token_response=token_response.to_json())

        self.client.state_db.set('ABCDE', _state.to_json())

        _srv = self.client.service['userinfo']
        _srv.endpoint = "https://example.com/userinfo"
        _info = _srv.get_request_parameters(state='ABCDE')
        assert _info
        assert _info['headers'] == {'Authorization': 'Bearer access'}
        assert _info['url'] == 'https://example.com/userinfo'
コード例 #9
0
 def test_construct_accesstoken_request(self):
     auth_request = AuthorizationRequest(
         redirect_uri='https://example.com/cli/authz_cb', state='state')
     auth_response = AuthorizationResponse(code='access_code')
     _state = State(auth_response=auth_response.to_json(),
                    auth_request=auth_request.to_json())
     self.client.state_db.set('ABCDE', _state.to_json())
     # Bind access code to state
     req_args = {}
     msg = self.client.service['accesstoken'].construct(
         request_args=req_args, state='ABCDE')
     assert isinstance(msg, AccessTokenRequest)
     assert msg.to_dict() == {
         'client_id': 'client_1',
         'code': 'access_code',
         'client_secret': 'abcdefghijklmnop',
         'grant_type': 'authorization_code',
         'redirect_uri': 'https://example.com/cli/authz_cb',
         'state': 'state'
     }
コード例 #10
0
def services():
    db = InMemoryStateDataBase()
    auth_request = AuthorizationRequest(redirect_uri="http://example.com",
                                        state='ABCDE').to_json()
    auth_response = AuthorizationResponse(access_token="token",
                                          state='ABCDE').to_json()
    db.set(
        'ABCDE',
        State(iss='Issuer',
              auth_request=auth_request,
              auth_response=auth_response).to_json())
    return init_services(DEFAULT_SERVICES, get_service_context(), db)
コード例 #11
0
    def test_construct_refresh_token_request(self):
        auth_request = AuthorizationRequest(
            redirect_uri='https://example.com/cli/authz_cb', state='state')
        auth_response = AuthorizationResponse(code='access_code')
        token_response = AccessTokenResponse(refresh_token="refresh_with_me",
                                             access_token="access")
        _state = State(auth_response=auth_response.to_json(),
                       auth_request=auth_request.to_json(),
                       token_response=token_response.to_json())

        self.client.state_db.set('ABCDE', _state.to_json())
        req_args = {}
        msg = self.client.service['refresh_token'].construct(
            request_args=req_args, state='ABCDE')
        assert isinstance(msg, RefreshAccessTokenRequest)
        assert msg.to_dict() == {
            'client_id': 'client_1',
            'client_secret': 'abcdefghijklmnop',
            'grant_type': 'refresh_token',
            'refresh_token': 'refresh_with_me'
        }
コード例 #12
0
    def test_construct_authorization_request(self):
        req_args = {
            'state': 'ABCDE',
            'redirect_uri': 'https://example.com/auth_cb',
            'response_type': ['code']
        }

        self.client.state_db.set('ABCDE', State(iss='issuer').to_json())
        msg = self.client.service['authorization'].construct(
            request_args=req_args)
        assert isinstance(msg, AuthorizationRequest)
        assert msg['client_id'] == 'client_1'
        assert msg['redirect_uri'] == 'https://example.com/auth_cb'
コード例 #13
0
    def test_construct_with_state(self, services):
        _srv = services['authorization']
        _srv.state_db['FFFFF'] = State(iss='Issuer').to_json()

        resp = AuthorizationResponse(code="code", state="FFFFF")
        _srv.store_item(resp, 'auth_response', 'FFFFF')

        atr = AccessTokenResponse(access_token="2YotnFZFEjr1zCsicMWpAA",
                                  token_type="example",
                                  refresh_token="tGzv3JOkF0XG5Qx2TlKWIA",
                                  example_parameter="example_value",
                                  scope=["inner", "outer"])
        _srv.store_item(atr, 'token_response', 'FFFFF')

        request = ResourceRequest()
        http_args = BearerBody().construct(request, service=_srv, key="FFFFF")
        assert request["access_token"] == "2YotnFZFEjr1zCsicMWpAA"
        assert http_args is None
コード例 #14
0
    def test_construct_with_request(self, services):
        authz_service = services['authorization']
        authz_service.state_db.set('EEEE', State(iss='Issuer').to_json())
        resp1 = AuthorizationResponse(code="auth_grant", state="EEEE")
        response = authz_service.parse_response(resp1.to_urlencoded(),
                                                "urlencoded")
        authz_service.update_service_context(response, key='EEEE')

        resp2 = AccessTokenResponse(access_token="token1",
                                    token_type="Bearer",
                                    expires_in=0,
                                    state="EEEE")
        response = services['accesstoken'].parse_response(
            resp2.to_urlencoded(), "urlencoded")
        services['accesstoken'].update_service_context(response, key='EEEE')

        request = ResourceRequest()
        BearerBody().construct(request, service=authz_service, key="EEEE")

        assert "access_token" in request
        assert request["access_token"] == "token1"
コード例 #15
0
 def create_service(self):
     service_context = ServiceContext(client_id='client_id',
                                      issuer='https://www.example.org/as')
     db = InMemoryStateDataBase()
     db.set('state', State(iss='Issuer').to_json())
     self.service = DummyService(service_context, state_db=db)
コード例 #16
0
    'scope': 'openid',
    'code': 'Z0FBQUFBQmFkdFFjUVpFWE81SHU5N1N4N01',
    'iss': OP_BASEURL,
    'client_id': 'zls2qhN1jO6A'
}

_authz_rep = AuthorizationResponse(**op_authz_resp)
print(_authz_rep.to_urlencoded())
_resp = service['authorization'].parse_response(_authz_rep.to_urlencoded())
service['authorization'].update_service_context(_resp, key=STATE)
print()
print('--- Authorization registration, response ----')
print(_resp)

_json = service['authorization'].state_db.get(STATE)
_state = State().from_json(_json)

print('code: {}'.format(_state['auth_response']['code']))

# =================== Access token ====================

request_args = {
    'state': STATE,
    'redirect_uri': service_context.redirect_uris[0]
}

info = service['accesstoken'].get_request_parameters(request_args=request_args)
print()
print('--- Access token, request ----')
print('uri: {}'.format(info['url']))
print('body: {}'.format(info['body']))