コード例 #1
0
def test_id_token_hint(client, oauth_client):
    """
    Test ``id_token_hint`` parameter when hinted user is logged in
    """
    token_response = oauth2.get_token_response(client, oauth_client).json
    id_token = validate_jwt(token_response["id_token"], {"openid"})

    # Now use that id_token as a hint to the authorize endpoint
    data = {"id_token_hint": str(id_token)}

    new_token_response = oauth2.get_token_response(client,
                                                   oauth_client,
                                                   code_request_data=data)
    new_id_token = validate_jwt(token_response["id_token"], {"openid"})
    assert new_token_response.status_code == 200
    assert new_id_token["sub"] == id_token["sub"]
コード例 #2
0
def test_confidential_client_valid(client, oauth_client):
    """
    Test that a confidential client including a basic authorization header in
    the request containing its secret is successfully issued a token.
    """
    token_response = oauth2.get_token_response(client, oauth_client)
    # This function does the asserts.
    oauth2.check_token_response(token_response)
コード例 #3
0
def test_acr_values(client, oauth_client):
    """
    Test the very basic requirement that including the ``acr_values`` parameter
    does not cause any errors and the acr claim is represented in the resulting token.
    """
    data = {'acr_values': ''}
    token_response = oauth2.get_token_response(client,
                                               oauth_client,
                                               code_request_data=data).json
    id_token = validate_jwt(token_response['id_token'], {'openid'})
    assert 'acr' in id_token
コード例 #4
0
ファイル: test_max_age.py プロジェクト: damirkrstanovic/fence
def test_id_token_contains_auth_time(client, oauth_client):
    """
    Test that if ``max_age`` is included in the authentication request, then
    the ID token returned contains an ``auth_time`` claim.
    """
    data = {'max_age': 3600}
    token_response = oauth2.get_token_response(client,
                                               oauth_client,
                                               code_request_data=data).json
    id_token = validate_jwt(token_response['id_token'], {'openid'})
    assert 'auth_time' in id_token
コード例 #5
0
def test_id_token_has_nonce(client, oauth_client):
    nonce = random_str(10)
    data = {
        'client_id': oauth_client.client_id,
        'redirect_uri': oauth_client.url,
        'response_type': 'code',
        'scope': 'openid user',
        'state': random_str(10),
        'confirm': 'yes',
        'nonce': nonce,
    }
    response_json = (
        oauth2.get_token_response(client, oauth_client, code_request_data=data)
        .json
    )
    id_token = validate_jwt(response_json['id_token'], {'openid'})
    assert 'nonce' in id_token
    assert nonce == id_token['nonce']
コード例 #6
0
def test_id_token_hint_not_logged_in(app, client, oauth_client, monkeypatch):
    """
    Test ``id_token_hint`` parameter when hinted user is not logged in.
    TODO: This should attempt to log the user in
    """
    # test user is logged in right now
    token_response = oauth2.get_token_response(client, oauth_client).json
    id_token = validate_jwt(token_response["id_token"], {"openid"})

    # don't mock auth so there isn't a logged in user any more
    monkeypatch.setitem(config, "MOCK_AUTH", False)

    # Now use that id_token as a hint to the authorize endpoint
    data = {"id_token_hint": str(id_token)}

    auth_response = oauth2.post_authorize(client, oauth_client, data=data, confirm=True)
    assert auth_response.status_code == 302
    assert "Location" in auth_response.headers
    query_params = parse_qs(urlparse(auth_response.headers["Location"]).query)
    assert "error" in query_params
    assert query_params["error"][0] == "access_denied"
コード例 #7
0
ファイル: conftest.py プロジェクト: damirkrstanovic/fence
def token_response(client, oauth_client):
    """
    Return a successful token response.
    """
    return oauth2.get_token_response(client, oauth_client)