def test_register_client(self):
federation = Federation(TestOP.federation_key)
rp_root_key = rsa_key()
rp_intermediate_key = rsa_key()
rp_signed_intermediate_key = JWS(
json.dumps(rp_intermediate_key.serialize(private=False)), alg=rp_root_key.alg
).sign_compact(keys=[rp_root_key])
rp_software_statement = federation.create_software_statement(
dict(root_key=rp_root_key.serialize(private=False), response_types=["code"])
)
client_metadata = {
"signing_key": rp_signed_intermediate_key,
"signed_jwks_uri": "https://rp.example.com/signed_jwks",
"software_statements": [rp_software_statement],
"redirect_uris": ["https://rp.example.com"],
"response_types": ["id_token"],
}
req = FederationRegistrationRequest(**client_metadata)
signature = SignedHttpRequest(rp_intermediate_key).sign(rp_intermediate_key.alg, body=req.to_json())
response = self.op.register_client("pop {}".format(signature), req.to_json())
client_metadata = json.loads(response.message)
registration_response = FederationRegistrationResponse().from_dict(client_metadata)
assert registration_response.verify()
assert "client_id" in registration_response
assert registration_response["provider_software_statement"] == self.op.software_statements_jws[0]
assert registration_response["response_types"] == ["code"]
def test_register_with_provider(self):
registration_endpoint = "{}/registration".format(ISSUER)
signed_jwks_uri = "{}/signed_jwks".format(ISSUER)
federation_key = sym_key()
rp_root_key = rsa_key()
rp_software_statement = Federation(federation_key).create_software_statement(
dict(redirect_uris=["https://rp.example.com"]))
op_root_key = rsa_key()
op_intermediate_key = rsa_key()
op_signed_intermediate_key = JWS(json.dumps(op_intermediate_key.serialize(private=False)),
alg=op_root_key.alg).sign_compact(keys=[op_root_key])
op_software_statement = Federation(federation_key).create_software_statement(
dict(issuer=ISSUER, root_key=op_root_key.serialize(private=False),
scopes_supported=["openid", "test_scope"]))
# signed_jwks_uri
expected_kid = "OP key 1"
keys = [RSAKey(key=RSA.generate(1024), kid=expected_kid).serialize(private=False)]
jwks = json.dumps(dict(keys=keys))
jws = JWS(jwks, alg=op_intermediate_key.alg).sign_compact(keys=[op_intermediate_key])
responses.add(responses.GET, signed_jwks_uri, body=jws, status=200,
content_type="application/jose")
rp = RP(None, rp_root_key, [rp_software_statement], [federation_key], None)
rp.client.provider_info = FederationProviderConfigurationResponse(
**dict(issuer=ISSUER, signing_key=op_signed_intermediate_key,
registration_endpoint=registration_endpoint,
signed_jwks_uri=signed_jwks_uri))
reg_resp = FederationRegistrationResponse(
**dict(provider_software_statement=op_software_statement,
client_id="foo", redirect_uris=["https://rp.example.com"]))
responses.add(responses.POST, registration_endpoint, body=reg_resp.to_json(), status=201,
content_type="application/json")
client_registration_data = {}
rp.register_with_provider(ISSUER, client_registration_data)
assert rp.client.client_id == "foo"
assert rp.client.provider_signing_key == op_intermediate_key
assert rp.client.keyjar[ISSUER][0].keys()[0].kid == expected_kid
