def test_validate_scopes_with_invalid_scopes():
"""
GIVEN: Client configured with given scope
WHEN: AuthorizationRequest requesting different scope
THEN: validate_scope raises a AuthorizeRequestError
"""
client = {
'scope': 'openid'
}
ar = AuthorizeRequest(scope='read write')
with pytest.raises(AuthorizeRequestError) as ex:
ar.validate_scopes(client)
assert ex.value.args[0] == 'invalid_scope'
assert ex.value.args[1] == 'One or more scopes are invalid'
def test_validate_scopes_with_valid_scopes():
"""
GIVEN: Client configured with given scope
WHEN: AuthorizationRequest requesting same scope
THEN: validate_scope returns requested scope
"""
client = {
'scope': 'read write'
}
ar = AuthorizeRequest(scope='read write')
scopes = ar.validate_scopes(client)
assert scopes == 'read write'
def test_validate_scopes_with_no_scopes():
"""
GIVEN: Client configured with given scope
WHEN: AuthorizationRequest with no specified scope
THEN: validate_scope returns scope configured in client
"""
client = {
'scope': 'read write'
}
ar = AuthorizeRequest()
scopes = ar.validate_scopes(client)
assert scopes == 'read write'