def setUp(self):
"""
Makes a refresh_token grant to get new tokens for teseting
Sets up an AuthClient and a RefreshTokenAuthorizer with a mock
on_refresh function for testing their interactions
"""
super(RefreshTokenAuthorizerIntegrationTests, self).setUp()
client_id = get_client_data()["native_app_client1"]["id"]
form_data = {'refresh_token': SDKTESTER1A_NATIVE1_TRANSFER_RT,
'grant_type': 'refresh_token',
'client_id': client_id}
token_res = globus_sdk.AuthClient().oauth2_token(form_data)
token_res = token_res.by_resource_server
self.access_token = token_res[
'transfer.api.globus.org']['access_token']
self.expires_at = token_res[
'transfer.api.globus.org']['expires_at_seconds']
self.on_refresh = mock.Mock()
self.nac = globus_sdk.NativeAppAuthClient(
client_id=get_client_data()["native_app_client1"]["id"])
self.authorizer = globus_sdk.RefreshTokenAuthorizer(
SDKTESTER1A_NATIVE1_TRANSFER_RT, self.nac,
access_token=self.access_token, expires_at=self.expires_at,
on_refresh=self.on_refresh)
self.tc = globus_sdk.TransferClient(authorizer=self.authorizer)
def setUp(self):
"""
Makes a client_credentials grant to get new tokens for testing
Sets up an ConfidentialClient and a ClientCredentialsAuthorizer
with a mock on_refresh function for testing their interactions
"""
super(ClientCredentialsAuthorizerIntegrationTests, self).setUp()
self.scopes = "urn:globus:auth:scope:transfer.api.globus.org:all"
client_id = get_client_data()["confidential_app_client1"]["id"]
client_secret = get_client_data()["confidential_app_client1"]["secret"]
self.internal_client = globus_sdk.ConfidentialAppAuthClient(
client_id, client_secret)
token_res = self.internal_client.oauth2_client_credentials_tokens(
requested_scopes=self.scopes)
token_data = token_res.by_resource_server["transfer.api.globus.org"]
self.access_token = token_data["access_token"]
self.expires_at = token_data["expires_at_seconds"]
self.on_refresh = mock.Mock()
self.authorizer = globus_sdk.ClientCredentialsAuthorizer(
self.internal_client, scopes=self.scopes,
access_token=self.access_token, expires_at=self.expires_at,
on_refresh=self.on_refresh)
self.tc = globus_sdk.TransferClient(authorizer=self.authorizer)
def setUpClass(self):
"""
Instantiates an ConfidentialAppAuthClient for confidential_app_client1
and for resource_server_client
"""
client_data = get_client_data()["confidential_app_client1"]
self.cac = globus_sdk.ConfidentialAppAuthClient(
client_id=client_data["id"], client_secret=client_data["secret"])
client_data = get_client_data()["resource_server_client"]
self.rsc = globus_sdk.ConfidentialAppAuthClient(
client_id=client_data["id"], client_secret=client_data["secret"])
def test_oauth2_client_credentials_tokens(self):
"""
Get client credentials tokens, validate results
Confirm tokens allow use of userinfo for the client
Returns access_token for testing
"""
with mock.patch.object(self.cac, 'oauth2_token',
side_effect=self.cac.oauth2_token) as m:
token_res = self.cac.oauth2_client_credentials_tokens(
requested_scopes="openid profile")
m.assert_called_once_with(
{"grant_type": "client_credentials",
"scope": "openid profile"})
# validate results
self.assertIn("access_token", token_res)
self.assertIn("expires_in", token_res)
self.assertIn("scope", token_res)
self.assertEqual(token_res["resource_server"], "auth.globus.org")
self.assertEqual(token_res["token_type"], "Bearer")
# confirm usage of userinfo for client
access_token = token_res["access_token"]
ac = globus_sdk.AuthClient(
authorizer=globus_sdk.AccessTokenAuthorizer(access_token))
userinfo_res = ac.oauth2_userinfo()
self.assertEqual(
userinfo_res["sub"],
get_client_data()["confidential_app_client1"]["id"])
def setUp(self):
"""
Creates a NativeAppAuthClient for testing
"""
super(NativeAppAuthClientIntegrationTests, self).setUp()
self.nac = globus_sdk.NativeAppAuthClient(
client_id=get_client_data()["native_app_client1"]["id"])
def test_oauth2_token_introspect(self):
"""
Introspects a client access_token, validates results
Confirms invalid and revoked tokens are not seen as active
"""
# get access_token and introspect it
tokens = self.cac.oauth2_client_credentials_tokens()
access_token = tokens["access_token"]
intro_res = self.cac.oauth2_token_introspect(access_token)
# validate results
self.assertEqual(intro_res["sub"], self.cac.client_id)
self.assertEqual(intro_res["client_id"], self.cac.client_id)
self.assertEqual(
intro_res["username"],
get_client_data()["confidential_app_client1"]["username"])
self.assertEqual(intro_res["name"],
"Python SDK Test Suite Confidential Client 1")
self.assertEqual(intro_res["token_type"], "Bearer")
self.assertIn("openid", intro_res["scope"])
self.assertIn("email", intro_res["scope"])
self.assertIn("profile", intro_res["scope"])
self.assertIn("exp", intro_res)
self.assertTrue(intro_res["active"])
# revoked tokens are not active
self.cac.oauth2_revoke_token(access_token)
revoked_res = self.cac.oauth2_token_introspect(access_token)
self.assertFalse(revoked_res["active"])
# invalid tokens are not active
invalid_res = self.cac.oauth2_token_introspect("invalid token")
self.assertFalse(invalid_res["active"])
def setUp(self):
"""
Instantiates an NativeAppAuthClient
"""
super(NativeAppAuthClientTests, self).setUp()
self.nac = globus_sdk.NativeAppAuthClient(
client_id=get_client_data()["native_app_client1"]["id"])
def test_init(self):
"""
Confirms value error when trying to init with an authorizer
"""
with self.assertRaises(ValueError):
globus_sdk.NativeAppAuthClient(
client_id=get_client_data()["native_app_client1"]["id"],
authorizer=globus_sdk.AccessTokenAuthorizer(""))
def setUpClass(self):
"""
Sets up transfer client for creating Data objects
"""
ac = globus_sdk.NativeAppAuthClient(
client_id=get_client_data()["native_app_client1"]["id"])
authorizer = globus_sdk.RefreshTokenAuthorizer(
SDKTESTER1A_NATIVE1_TRANSFER_RT, ac)
self.tc = globus_sdk.TransferClient(authorizer=authorizer)
def setUp(self):
"""
Creates a ConfidentialAppAuthClient for testing
"""
super(ConfidentialAppAuthClientIntegrationTests, self).setUp()
client_data = get_client_data()["confidential_app_client1"]
self.cac = globus_sdk.ConfidentialAppAuthClient(
client_id=client_data["id"],
client_secret=client_data["secret"])
def setUp(self):
"""
Creates a OAuthTokenResponse object with known data for testing
Sets up mock AuthClient for decoding id_tokens
"""
super(OAuthTokenResponseTests, self).setUp()
# known token data for testing expected values
self.top_token = { # valid id_token and access_token
"resource_server": "server1",
"expires_in": 10,
"scope": "scope1",
"refresh_token": "RT1",
"other_tokens": [],
"token_type": "1",
"id_token": SDKTESTER1A_NATIVE1_ID_TOKEN,
"access_token": SDKTESTER1A_ID_ACCESS_TOKEN
}
self.other_token1 = { # invalid id_token with valid access_token
"resource_server": "server2",
"expires_in": 20,
"scope": "scope2",
"refresh_token": "RT2",
"other_tokens": [],
"token_type": "2",
"id_token": "invalid_id_token",
"access_token": SDKTESTER1A_ID_ACCESS_TOKEN
}
self.other_token2 = { # valid id_token with invalid access_token
"resource_server": "server3",
"expires_in": 30,
"scope": "scope3 scope4",
"refresh_token": "RT3",
"other_tokens": [],
"token_type": "3",
"id_token": SDKTESTER1A_NATIVE1_ID_TOKEN,
"access_token": "invalid_access_token"
}
self.top_token["other_tokens"] = [self.other_token1, self.other_token2]
# mock AuthClient
self.ac = mock.Mock()
self.ac.client_id = get_client_data()["native_app_client1"]["id"]
self.ac._verify = True
self.ac.get = mock.Mock(
return_value={
"jwks_uri": "https://auth.globus.org/jwk.json",
"id_token_signing_alg_values_supported": ["RS512"]
})
# create the response
http_response = requests.Response()
http_response._content = six.b(json.dumps(self.top_token))
http_response.headers["Content-Type"] = "application/json"
self.response = OAuthTokenResponse(http_response, client=self.ac)
def setUpClass(self):
"""
Creates a BaseClient object for testing
"""
ac = globus_sdk.NativeAppAuthClient(
client_id=get_client_data()["native_app_client1"]["id"])
authorizer = globus_sdk.RefreshTokenAuthorizer(
SDKTESTER1A_NATIVE1_TRANSFER_RT, ac)
self.bc = BaseClient("transfer",
base_path="/v0.10/",
authorizer=authorizer)
def test_oauth2_exchange_code_for_tokens_native(self):
"""
Starts a NativeAppFlowManager, Confirms invalid code raises 401
Further testing cannot be done without user login credentials
"""
ac = globus_sdk.AuthClient(
client_id=get_client_data()["native_app_client1"]["id"])
flow_manager = globus_sdk.auth.GlobusNativeAppFlowManager(ac)
ac.current_oauth2_flow_manager = flow_manager
with self.assertRaises(AuthAPIError) as apiErr:
ac.oauth2_exchange_code_for_tokens("invalid_code")
self.assertEqual(apiErr.exception.http_status, 401)
self.assertEqual(apiErr.exception.code, "Error")
def test_oauth2_token(self):
"""
Gets an access_token using oauth2/token directly, validates results.
"""
client_id = get_client_data()["native_app_client1"]["id"]
form_data = {
'refresh_token': SDKTESTER1A_NATIVE1_AUTH_RT,
'grant_type': 'refresh_token',
'client_id': client_id
}
# valid client
token_res = globus_sdk.AuthClient().oauth2_token(form_data)
self.assertIn("access_token", token_res)
self.assertIn("expires_in", token_res)
self.assertIn("scope", token_res)
def test_oauth2_get_authorize_url_native(self):
"""
Starts an auth flow with a NativeAppFlowManager, gets the authorize url
validates expected results with both default and specified parameters.
"""
ac = globus_sdk.AuthClient(
client_id=get_client_data()["native_app_client1"]["id"])
# default parameters for starting auth flow
flow_manager = globus_sdk.auth.GlobusNativeAppFlowManager(ac)
ac.current_oauth2_flow_manager = flow_manager
# get url_and validate results
url_res = ac.oauth2_get_authorize_url()
expected_vals = [
ac.base_url + "v2/oauth2/authorize?", "client_id=" + ac.client_id,
"redirect_uri=" + quote_plus(ac.base_url + "v2/web/auth-code"),
"scope=" + quote_plus(" ".join(DEFAULT_REQUESTED_SCOPES)),
"state=" + "_default", "response_type=" + "code",
"code_challenge=" + quote_plus(flow_manager.challenge),
"code_challenge_method=" + "S256", "access_type=" + "online"
]
for val in expected_vals:
self.assertIn(val, url_res)
# starting flow with specified paramaters
flow_manager = globus_sdk.auth.GlobusNativeAppFlowManager(
ac,
requested_scopes="scopes",
redirect_uri="uri",
state="state",
verifier=("a" * 43),
refresh_tokens=True)
ac.current_oauth2_flow_manager = flow_manager
# get url_and validate results
url_res = ac.oauth2_get_authorize_url()
verifier, remade_challenge = make_native_app_challenge("a" * 43)
expected_vals = [
ac.base_url + "v2/oauth2/authorize?", "client_id=" + ac.client_id,
"redirect_uri=" + "uri", "scope=" + "scopes", "state=" + "state",
"response_type=" + "code",
"code_challenge=" + quote_plus(remade_challenge),
"code_challenge_method=" + "S256", "access_type=" + "offline"
]
for val in expected_vals:
self.assertIn(val, url_res)
def setUp(self):
"""
Instantiates an AuthClient with an access_token authorizer
"""
super(AuthClientTests, self).setUp()
# get access token
client_id = get_client_data()["native_app_client1"]["id"]
form_data = {
'refresh_token': SDKTESTER1A_NATIVE1_AUTH_RT,
'grant_type': 'refresh_token',
'client_id': client_id
}
token_res = globus_sdk.AuthClient().oauth2_token(form_data)
self.access_token = token_res["access_token"]
# make auth client
self.ac = globus_sdk.AuthClient(
authorizer=globus_sdk.AccessTokenAuthorizer(self.access_token),
client_id=client_id)
def test_oauth2_revoke_token(self):
"""
Gets an access_token from test_oauth2_refresh_token, then revokes it
Confirms that the base AuthClient logic for handling Null Authorizers
passes the client id correctly, and the token can no longer be used
"""
# get and then revoke the token
access_token = self.test_oauth2_refresh_token()
rev_res = self.nac.oauth2_revoke_token(access_token)
# validate results
self.assertFalse(rev_res["active"])
# confirm token is no longer usable
with self.assertRaises(AuthAPIError) as apiErr:
ac = globus_sdk.AuthClient(
authorizer=globus_sdk.AccessTokenAuthorizer(access_token),
client_id=get_client_data()["native_app_client1"]["id"])
ac.oauth2_userinfo()
self.assertEqual(apiErr.exception.http_status, 403)
self.assertEqual(apiErr.exception.code, "FORBIDDEN")
def setUp(self):
"""
Do a refresh_token grant token call to get token responses, test with
those results that.
"""
super(RefreshTokenResponsePickleTests, self).setUp()
client_id = get_client_data()["native_app_client1"]["id"]
form_data = {
'refresh_token': SDKTESTER1A_NATIVE1_TRANSFER_RT,
'grant_type': 'refresh_token',
'client_id': client_id
}
self.ac = globus_sdk.AuthClient()
# add a logger with an open file handle to ensure that the client
# cannot be pickled -- this is the common way that pickleability is
# broken
# also, this looks odd -- logger.logger -- but it's correct, "logger"
# is what we named our LoggerAdapter, and "logger" is the name of the
# underlying logger object on a LoggerAdapter
tmplog_handle, self.tmplog = tempfile.mkstemp()
self.ac.logger.logger.addHandler(logging.FileHandler(self.tmplog))
self.token_response = self.ac.oauth2_token(form_data)
def test_oauth2_refresh_token(self):
"""
Sends a refresh_token grant, validates results
Confirms received access_token can be used to authorize userinfo
Returns the access token for use in test_oauth2_revoke_token
"""
ref_res = self.nac.oauth2_refresh_token(SDKTESTER1A_NATIVE1_AUTH_RT)
self.assertIn("access_token", ref_res)
self.assertIn("expires_in", ref_res)
self.assertIn("scope", ref_res)
self.assertEqual(ref_res["resource_server"], "auth.globus.org")
self.assertEqual(ref_res["token_type"], "Bearer")
# confirm token can be used
access_token = ref_res["access_token"]
ac = globus_sdk.AuthClient(
authorizer=globus_sdk.AccessTokenAuthorizer(access_token),
client_id=get_client_data()["native_app_client1"]["id"])
userinfo_res = ac.oauth2_userinfo()
self.assertEqual(userinfo_res["sub"],
get_user_data()["sdktester1a"]["id"])
# return access_token
return access_token
