예제 #1
0
def test_pkce_token():
    kb = KeyBundle(JWKS["keys"])
    kj = KeyJar()
    kj.issuer_keys[''] = [kb]
    constructor = JWTToken('A', keyjar=kj, lt_pattern={'': 900},
                           iss='https://example.com/as', sign_alg='RS256',
                           encrypt=True)

    sid = rndstr(32)
    session_info = {
        'sub': 'subject_id',
        'client_id': 'https://example.com/rp',
        'response_type': ['code'],
        'authzreq': '{}'
    }

    _cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}})
    args, cv = _cli.add_code_challenge()

    access_grant = constructor(
        sid, sinfo=session_info, kid='sign1',
        code_challenge=args['code_challenge'],
        code_challenge_method=args['code_challenge_method'])

    _info = constructor.get_info(access_grant)
    assert _info['code_challenge_method'] == args['code_challenge_method']
    assert _info['code_challenge'] == args['code_challenge']
예제 #2
0
def test_pkce_token():
    kb = KeyBundle(JWKS["keys"])
    kj = KeyJar()
    kj.issuer_keys[''] = [kb]
    constructor = JWTToken('A',
                           keyjar=kj,
                           lt_pattern={'': 900},
                           iss='https://example.com/as',
                           sign_alg='RS256',
                           encrypt=True)

    sid = rndstr(32)
    session_info = {
        'sub': 'subject_id',
        'client_id': 'https://example.com/rp',
        'response_type': ['code'],
        'authzreq': '{}'
    }

    _cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}})
    args, cv = _cli.add_code_challenge()

    access_grant = constructor(
        sid,
        sinfo=session_info,
        kid='sign1',
        code_challenge=args['code_challenge'],
        code_challenge_method=args['code_challenge_method'])

    _info = constructor.get_info(access_grant)
    assert _info['code_challenge_method'] == args['code_challenge_method']
    assert _info['code_challenge'] == args['code_challenge']
예제 #3
0
def test_pkce_token():
    kb = KeyBundle(JWKS["keys"])
    kj = KeyJar()
    kj.issuer_keys[""] = [kb]
    constructor = JWTToken(
        "A",
        keyjar=kj,
        lt_pattern={"": 900},
        iss="https://example.com/as",
        sign_alg="RS256",
        encrypt=True,
    )

    sid = rndstr(32)
    session_info = {
        "sub": "subject_id",
        "client_id": "https://example.com/rp",
        "response_type": ["code"],
        "authzreq": "{}",
    }

    _cli = Client(config={"code_challenge": {"method": "S512", "length": 96}})
    args, cv = _cli.add_code_challenge()

    access_grant = constructor(
        sid,
        sinfo=session_info,
        kid="sign1",
        code_challenge=args["code_challenge"],
        code_challenge_method=args["code_challenge_method"],
    )

    _info = constructor.get_info(access_grant)
    assert _info["code_challenge_method"] == args["code_challenge_method"]
    assert _info["code_challenge"] == args["code_challenge"]
예제 #4
0
def test_pkce_verify_512():
    _cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}})
    args, cv = _cli.add_code_challenge()

    authn_broker = AuthnBroker()
    authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
    _prov = Provider("as", sdb.SessionDB(SERVER_INFO["issuer"]), CDB,
                     authn_broker, Implicit(), verify_client)

    assert _prov.verify_code_challenge(cv, args['code_challenge'],
                                       'S512') is True
예제 #5
0
def test_pkce_verify_512():
    _cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}})
    args, cv = _cli.add_code_challenge()

    authn_broker = AuthnBroker()
    authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
    _prov = Provider("as",
                     sdb.SessionDB(SERVER_INFO["issuer"]), CDB,
                     authn_broker, Implicit(), verify_client)

    assert _prov.verify_code_challenge(cv, args['code_challenge'],'S512') is True
예제 #6
0
def test_pkce_verify_512(session_db_factory):
    _cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}})
    args, cv = _cli.add_code_challenge()

    authn_broker = AuthnBroker()
    authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
    _prov = Provider("as",
                     session_db_factory(SERVER_INFO["issuer"]), CDB,
                     authn_broker, Implicit(), verify_client)

    assert _prov.verify_code_challenge(cv, args['code_challenge'], 'S512') is True
    resp = _prov.verify_code_challenge('XXX', args['code_challenge'])
    assert isinstance(resp, Response)
    assert resp.info()['status_code'] == 401
예제 #7
0
def test_pkce_verify_512(session_db_factory):
    _cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}})
    args, cv = _cli.add_code_challenge()

    authn_broker = AuthnBroker()
    authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
    _prov = Provider("as", session_db_factory(SERVER_INFO["issuer"]), CDB,
                     authn_broker, Implicit(), verify_client)

    assert _prov.verify_code_challenge(cv, args['code_challenge'],
                                       'S512') is True
    resp = _prov.verify_code_challenge('XXX', args['code_challenge'])
    assert isinstance(resp, Response)
    assert resp.info()['status_code'] == 401
예제 #8
0
def test_pkce_verify_512(session_db_factory):
    _cli = Client(config={"code_challenge": {"method": "S512", "length": 96}})
    args, cv = _cli.add_code_challenge()

    authn_broker = AuthnBroker()
    authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
    _prov = Provider(
        "as",
        session_db_factory(SERVER_INFO["issuer"]),
        CDB,
        authn_broker,
        Implicit(),
        verify_client,
    )

    assert _prov.verify_code_challenge(cv, args["code_challenge"],
                                       "S512") is True
    resp = _prov.verify_code_challenge("XXX", args["code_challenge"])
    assert isinstance(resp, Response)
    assert resp.info()["status_code"] == 401
예제 #9
0
def test_pkce_create():
    _cli = Client(config={'code_challenge': {'method': 'S256', 'length': 64}})
    args, cv = _cli.add_code_challenge()
    assert args['code_challenge_method'] == 'S256'
    assert _eq(list(args.keys()), ['code_challenge_method', 'code_challenge'])
예제 #10
0
def test_pkce_create():
    _cli = Client(config={'code_challenge': {'method': 'S256', 'length': 64}})
    args, cv = _cli.add_code_challenge()
    assert args['code_challenge_method'] == 'S256'
    assert _eq(list(args.keys()), ['code_challenge_method', 'code_challenge'])
예제 #11
0
def test_pkce_create():
    _cli = Client(config={"code_challenge": {"method": "S256", "length": 64}})
    args, cv = _cli.add_code_challenge()
    assert args["code_challenge_method"] == "S256"
    assert _eq(list(args.keys()), ["code_challenge_method", "code_challenge"])