def test_multiple_response_types_json(self):
ar = AuthorizationRequest(response_type=["code", "token"], client_id="foobar")
ue = ar.to_json()
ue_obj = json.loads(ue)
expected_ue_obj = {"response_type": "code token", "client_id": "foobar"}
assert ue_obj == expected_ue_obj
are = AuthorizationRequest().deserialize(ue, "json")
assert _eq(are.keys(), ["response_type", "client_id"])
assert _eq(are["response_type"], ["code", "token"])
def test_multiple_response_types_urlencoded(self):
ar = AuthorizationRequest(response_type=["code", "token"], client_id="foobar")
ue = ar.to_urlencoded()
ue_splits = ue.split("&")
expected_ue_splits = "response_type=code+token&client_id=foobar".split("&")
assert _eq(ue_splits, expected_ue_splits)
are = AuthorizationRequest().deserialize(ue, "urlencoded")
assert _eq(are.keys(), ["response_type", "client_id"])
assert _eq(are["response_type"], ["code", "token"])
def test_multiple_response_types_urlencoded(self):
ar = AuthorizationRequest(response_type=["code", "token"],
client_id="foobar")
ue = ar.to_urlencoded()
ue_splits = ue.split('&')
expected_ue_splits = "response_type=code+token&client_id=foobar".split(
'&')
assert _eq(ue_splits, expected_ue_splits)
are = AuthorizationRequest().deserialize(ue, "urlencoded")
assert _eq(are.keys(), ["response_type", "client_id"])
assert _eq(are["response_type"], ["code", "token"])
def test_multiple_response_types_json(self):
ar = AuthorizationRequest(response_type=["code", "token"],
client_id="foobar")
ue = ar.to_json()
ue_obj = json.loads(ue)
expected_ue_obj = {
"response_type": "code token",
"client_id": "foobar"
}
assert ue_obj == expected_ue_obj
are = AuthorizationRequest().deserialize(ue, "json")
assert _eq(are.keys(), ["response_type", "client_id"])
assert _eq(are["response_type"], ["code", "token"])
# To authenticate or Not
if identity is None: # No!
if "prompt" in areq and "none" in areq["prompt"]:
# Need to authenticate but not allowed
return self._redirect_authz_error("login_required",
redirect_uri)
else:
# Do authentication
return _authn(**authn_args)
else:
user = identity["uid"]
aevent = AuthnEvent(user, authn_info=acr)
# If I get this far the person is already authenticated
logger.debug("- authenticated -")
logger.debug("AREQ keys: %s" % areq.keys())
try:
oidc_req = areq["request"]
except KeyError:
oidc_req = None
skey = self.sdb.create_authz_session(aevent, areq, oidreq=oidc_req)
# Now about the authorization step.
try:
permissions = self.authz.permissions(cookie)
if not permissions:
return self.authz(user, skey)
except (ToOld, TamperAllert):
return self.authz(user, areq, skey)
# To authenticate or Not
if identity is None: # No!
if "prompt" in areq and "none" in areq["prompt"]:
# Need to authenticate but not allowed
return self._redirect_authz_error("login_required",
redirect_uri)
else:
# Do authentication
return _authn(**authn_args)
else:
user = identity["uid"]
aevent = AuthnEvent(user, authn_info=acr)
# If I get this far the person is already authenticated
logger.debug("- authenticated -")
logger.debug("AREQ keys: %s" % areq.keys())
try:
oidc_req = areq["request"]
except KeyError:
oidc_req = None
skey = self.sdb.create_authz_session(aevent, areq, oidreq=oidc_req)
# Now about the authorization step.
try:
permissions = self.authz.permissions(cookie)
if not permissions:
return self.authz(user, skey)
except (ToOld, TamperAllert):
return self.authz(user, areq, skey)