def test_access_token_storage_with_custom_response_class(self): _state = "state" # AccessTokenResponse custom class class AccessTokenResponseWrapper(AccessTokenResponse): """Response wrapper to get "expires_in" in hours.""" c_param = AccessTokenResponse.c_param.copy() c_param.update({"expires_in_hours": SINGLE_OPTIONAL_INT}) def __init__(self, **kwargs): super(AccessTokenResponseWrapper, self).__init__(**kwargs) if "expires_in" in self and self["expires_in"]: self["expires_in_hours"] = self["expires_in"] // 3600 resp = AccessTokenResponseWrapper( access_token="2YotnFZFEjr1zCsiAB", token_type="Bearer", expires_in=3600, state=_state, ) self.consumer.parse_response(AccessTokenResponseWrapper, resp.to_urlencoded(), "urlencoded") grant = self.consumer.grant[_state] assert len(grant.tokens) == 1 assert grant.tokens[0].access_token == "2YotnFZFEjr1zCsiAB" assert grant.tokens[ 0].token_expiration_time > time_util.time_sans_frac() assert grant.tokens[0].expires_in_hours == 1 # type: ignore
def test_do_user_info_request_with_access_token_refresh(self): self.client.userinfo_endpoint = "http://oic.example.org/userinfo" token = self.client.get_token(state=self.client.state, scope="openid") token.token_expiration_time = time_sans_frac() - 86400 resp = self.client.do_user_info_request(state=self.client.state) assert resp.type() == "OpenIDSchema" assert _eq(resp.keys(), ["name", "email", "verified", "nickname"]) assert resp["name"] == "Melody Gardot"
def device_endpoint(self, request, authn=None): _req = AuthorizationRequest(**request) device_code = rndstr(10) user_code = rndstr(6) self.device2user[device_code] = user_code self.user_auth[user_code] = False self.client_id2device[_req['client_id']] = device_code self.device_code_expire_at[device_code] = time_sans_frac( ) + self.device_code_life_time
def token_endpoint(self, request, authn=None): _req = TokenRequest(**request) _dc = _req['device_code'] if time_sans_frac() > self.device_code_expire_at[_dc]: return self.host.error_code(error='expired_token') _uc = self.device2user[_dc] if self.user_auth[_uc]: # User is authenticated pass else: return self.host.error_code(error='authorization_pending')
def test_get_access_token_request_override(self): self.client.reset() self.client.redirect_uris = ["http://client.example.com/authz"] grant = Grant() grant.code = "AbCdEf" grant.grant_expiration_time = time_util.time_sans_frac() + 30 self.client.grant = {"xyz": grant} atr = self.client.construct_AccessTokenRequest(state="xyz") assert atr["grant_type"] == "authorization_code" assert atr["code"] == "AbCdEf" assert atr["redirect_uri"] == "http://client.example.com/authz"
def __init__(self, uid, salt, valid=3600, authn_info=None, time_stamp=0): """ Creates a representation of an authentication event. :param uid: The local user identifier :param salt: Salt to be used in creating a sub :param valid: How long the authentication is expected to be valid :param authn_info: Info about the authentication event :return: """ self.uid = uid self.salt = salt self.authn_time = int(time_stamp) or time_sans_frac() self.valid_until = self.authn_time + int(valid) self.authn_info = authn_info
def test_parse_access_token_resp(self): atr = AccessTokenResponse( access_token="2YotnFZFEjr1zCsicMWpAA", token_type="example", expires_in=3600, refresh_token="tGzv3JOkF0XG5Qx2TlKWIA", example_parameter="example_value", ) self.client.parse_response(AccessTokenResponse, info=json.dumps(atr.to_dict())) _grant = self.client.grant[""] assert len(_grant.tokens) == 1 token = _grant.tokens[0] assert token.access_token == "2YotnFZFEjr1zCsicMWpAA" assert token.token_type == "example" assert token.token_expiration_time > time_util.time_sans_frac() assert token.refresh_token == "tGzv3JOkF0XG5Qx2TlKWIA"
def create_idtoken_hint_other_issuer(oper, arg): """ Context: EndSession Action: Sets the 'id_token_hint' argument in a end_session request. The value of the argument is a correct signed JWT but not the one that should have been used. Example: "create_idtoken_hint_other_issuer": null """ iss = oper.conv.entity.client_id op = oper.conv.entity.provider_info['issuer'] iat = time_sans_frac() exp = iat + 3600 idt = IdToken(iss=iss, aud=[op], iat=iat, exp=exp, **arg) keys = oper.conv.entity.keyjar.get_signing_key('rsa') _jwt = idt.to_jwt(keys, 'RS256') oper.req_args["id_token_hint"] = _jwt
def issuer(self, query): request = self.parse_issuer_request(query) if request["principal"] == "*****@*****.**": resp = IssuerResponse(locations="http://example.com/") elif request["principal"] == "*****@*****.**": swd = SWDServiceRedirect(location="https://example.net/swd_server") resp = IssuerResponse(SWD_service_redirect=swd, expires=time_sans_frac() + 600) else: resp = None if resp is None: response = Response() response.status = 401 return response, "" else: response = Response() response.headers = {"content-type":"application/json"} response.text = resp.to_json() return response
_cinfo[key] = val response = RegistrationResponseCU(client_id=client_id) self.keystore.load_keys(request, client_id, replace=True) else: resp = BadRequest("Unknown request type: %s" % request.type) return resp(environ, start_response) # Add the key to the keystore if client_secret: _keystore.set_sign_key(client_secret, owner=client_id) _keystore.set_verify_key(client_secret, owner=client_id) _cinfo["registration_expires"] = time_util.time_sans_frac()+3600 response["client_secret"] = client_secret response["expires_at"] = _cinfo["registration_expires"] if self.test_mode: logger.info("registration_response: %s" % response.to_dict()) resp = Response(response.to_json(), content="application/json", headers=[("Cache-Control", "no-store")]) return resp(environ, start_response) #noinspection PyUnusedLocal def providerinfo_endpoint(self, environ, start_response, **kwargs): logger.info("@providerinfo_endpoint") try:
CLIENT_SECRET = "abcdefghijklmnop" CLIENT_ID = "client_1" rsapub = rsa_load("../oc3/certs/mycert.key") KEYS = [ ["abcdefghijklmnop", "hmac", "ver", "client_1"], ["abcdefghijklmnop", "hmac", "sig", "client_1"], [rsapub, "rsa", "sig", "."], [rsapub, "rsa", "ver", "."], ] SIGN_KEY = {"hmac": ["abcdefghijklmnop"]} IDTOKEN = IdToken( iss="http://oic.example.org/", user_id="user_id", aud=CLIENT_ID, exp=time_sans_frac() + 86400, nonce="N0nce" ) # ----------------- CLIENT -------------------- class TestOICClient: def setup_class(self): self.client = Client(CLIENT_ID) self.client.redirect_uris = ["http://example.com/redirect"] self.client.client_secret = CLIENT_SECRET self.client.keystore.set_sign_key(rsapub, "rsa") self.client.keystore.set_verify_key(rsapub, "rsa") def test_areq_1(self): ar = self.client.construct_AuthorizationRequest(request_args={"response_type": ["code"]})