def test_provider_configuration_endpoint(self, context, frontend): expected_capabilities = { "response_types_supported": ["code", "id_token", "code id_token token"], "jwks_uri": "{}/{}/jwks".format(BASE_URL, frontend.name), "authorization_endpoint": "{}/foo_backend/{}/authorization".format(BASE_URL, frontend.name), "token_endpoint": "{}/{}/token".format(BASE_URL, frontend.name), "userinfo_endpoint": "{}/{}/userinfo".format(BASE_URL, frontend.name), "id_token_signing_alg_values_supported": ["RS256"], "response_modes_supported": ["fragment", "query"], "subject_types_supported": ["pairwise"], "claim_types_supported": ["normal"], "claims_parameter_supported": True, "request_parameter_supported": False, "request_uri_parameter_supported": False, "scopes_supported": ["openid", "email"], "claims_supported": ["email"], "grant_types_supported": ["authorization_code", "implicit"], "issuer": BASE_URL, "require_request_uri_registration": True, "token_endpoint_auth_methods_supported": ["client_secret_basic"], "version": "3.0", } http_response = frontend.provider_config(context) provider_config = ProviderConfigurationResponse().deserialize(http_response.message, "json") assert provider_config.to_dict() == expected_capabilities
def test_provider_configuration_endpoint(self, context, frontend): expected_capabilities = { "response_types_supported": ["code", "id_token", "code id_token token"], "jwks_uri": "{}/{}/jwks".format(BASE_URL, frontend.name), "authorization_endpoint": "{}/foo_backend/{}/authorization".format(BASE_URL, frontend.name), "token_endpoint": "{}/{}/token".format(BASE_URL, frontend.name), "userinfo_endpoint": "{}/{}/userinfo".format(BASE_URL, frontend.name), "id_token_signing_alg_values_supported": ["RS256"], "response_modes_supported": ["fragment", "query"], "subject_types_supported": ["pairwise"], "claim_types_supported": ["normal"], "claims_parameter_supported": True, "request_parameter_supported": False, "request_uri_parameter_supported": False, "claims_supported": ["email"], "grant_types_supported": ["authorization_code", "implicit"], "issuer": BASE_URL, "require_request_uri_registration": False, "token_endpoint_auth_methods_supported": ["client_secret_basic"], "version": "3.0" } http_response = frontend.provider_config(context) provider_config = ProviderConfigurationResponse().deserialize(http_response.message, "json") provider_config_dict = provider_config.to_dict() scopes_supported = provider_config_dict.pop("scopes_supported") assert all(scope in scopes_supported for scope in ["openid", "email"]) assert provider_config_dict == expected_capabilities
def providerinfo_endpoint(self, environ, start_response, **kwargs): logger.info("@providerinfo_endpoint") try: _response = ProviderConfigurationResponse( issuer=self.baseurl, token_endpoint_auth_types_supported=[ "client_secret_post", "client_secret_basic", "client_secret_jwt"], scopes_supported=["openid"], response_types_supported=["code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token"], user_id_types_supported=["public"], #request_object_algs_supported=["HS256"] ) if not self.baseurl.endswith("/"): self.baseurl += "/" #keys = self.keystore.keys_by_owner(owner=".") #for cert in self.cert: # _response["x509_url"] = "%s%s" % (self.baseurl, cert) if self.jwk: _response["jwk_url"] = self.jwk #logger.info("endpoints: %s" % self.endpoints) for endp in self.endpoints: #logger.info("# %s, %s" % (endp, endp.name)) _response[endp.name] = "%s%s" % (self.baseurl, endp.type) #if self.test_mode: #print sys.stderr >> "providerinfo_endpoint.handle: %s" % # kwargs["handle"] logger.info("provider_info_response: %s" % (_response.to_dict(),)) headers=[("Cache-Control", "no-store"), ("x-ffo", "bar")] if "handle" in kwargs: (key, timestamp) = kwargs["handle"] if key.startswith(STR) and key.endswith(STR): cookie = self.cookie_func(self.cookie_name, key, self.seed, self.cookie_ttl) headers.append(cookie) resp = Response(_response.to_json(), content="application/json", headers=headers) except Exception, err: message = traceback.format_exception(*sys.exc_info()) logger.error(message) resp = Response(message, content="html/text")
def test_provider_configuration_endpoint(self): expected_capabilities = { "response_types_supported": ["id_token"], "id_token_signing_alg_values_supported": ["RS256"], "response_modes_supported": ["fragment", "query"], "subject_types_supported": ["public", "pairwise"], "grant_types_supported": ["implicit"], "claim_types_supported": ["normal"], "claims_parameter_supported": True, "request_parameter_supported": False, "request_uri_parameter_supported": False, } http_response = self.instance._provider_config(Context()) provider_config = ProviderConfigurationResponse().deserialize(http_response.message, "json") assert all( item in provider_config.to_dict().items() for item in expected_capabilities.items()) assert provider_config["authorization_endpoint"] == "{}/foo_backend/authorization".format(self.ISSUER)
def providerinfo_endpoint(self, handle="", **kwargs): _log_debug = logger.debug _log_info = logger.info _log_info("@providerinfo_endpoint") try: _response = ProviderConfigurationResponse( issuer=self.baseurl, token_endpoint_auth_methods_supported=[ "client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt"], scopes_supported=["openid"], response_types_supported=["code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token"], subject_types_supported=["public", "pairwise"], grant_types_supported=[ "authorization_code", "implicit", "urn:ietf:params:oauth:grant-type:jwt-bearer"], claim_types_supported=["normal", "aggregated", "distributed"], claims_supported=SCOPE2CLAIMS.keys(), claims_parameter_supported="true", request_parameter_supported="true", request_uri_parameter_supported="true", #request_object_algs_supported=["HS256"] ) sign_algs = jws.SIGNER_ALGS.keys() for typ in ["userinfo", "id_token", "request_object", "token_endpoint_auth"]: _response["%s_signing_alg_values_supported" % typ] = sign_algs algs = jwe.SUPPORTED["alg"] for typ in ["userinfo", "id_token", "request_object"]: _response["%s_encryption_alg_values_supported" % typ] = algs encs = jwe.SUPPORTED["enc"] for typ in ["userinfo", "id_token", "request_object"]: _response["%s_encryption_enc_values_supported" % typ] = encs if not self.baseurl.endswith("/"): self.baseurl += "/" #keys = self.keyjar.keys_by_owner(owner=".") if self.jwks_uri: _response["jwks_uri"] = self.jwks_uri #_log_info("endpoints: %s" % self.endpoints) for endp in self.endpoints: #_log_info("# %s, %s" % (endp, endp.name)) _response[endp.name] = "%s%s" % (self.baseurl, endp.etype) _log_info("provider_info_response: %s" % (_response.to_dict(),)) headers = [("Cache-Control", "no-store"), ("x-ffo", "bar")] if handle: (key, timestamp) = handle if key.startswith(STR) and key.endswith(STR): cookie = self.cookie_func(key, self.cookie_name, "pinfo", self.sso_ttl) headers.append(cookie) resp = Response(_response.to_json(), content="application/json", headers=headers) except Exception, err: message = traceback.format_exception(*sys.exc_info()) logger.error(message) resp = Response(message, content="html/text")