def test_construct_with_resource_request(self):
bh = BearerHeader()
request = ResourceRequest(access_token="Sesame")
http_args = bh.construct(request, service=get_service())
assert "access_token" not in request
assert http_args == {"headers": {"Authorization": "Bearer Sesame"}}
def test_construct_with_http_args(self):
request = ResourceRequest(access_token="Sesame")
bh = BearerHeader()
# Any HTTP args should just be passed on
http_args = bh.construct(request,
service=get_service(),
http_args={"foo": "bar"})
assert _eq(http_args.keys(), ["foo", "headers"])
assert http_args["headers"] == {"Authorization": "Bearer Sesame"}
def test_construct_with_headers_in_http_args(self):
request = ResourceRequest(access_token="Sesame")
bh = BearerHeader()
http_args = bh.construct(request,
service=get_service(),
http_args={"headers": {
"x-foo": "bar"
}})
assert _eq(http_args.keys(), ["headers"])
assert _eq(http_args["headers"].keys(), ["Authorization", "x-foo"])
assert http_args["headers"]["Authorization"] == "Bearer Sesame"
def test_construct_with_token(self, services):
authz_service = services['authorization']
_state = authz_service.create_state('Issuer')
req = AuthorizationRequest(state=_state,
response_type='code',
redirect_uri='https://example.com',
scope=['openid'])
authz_service.store_item(req, 'auth_request', _state)
# Add a state and bind a code to it
resp1 = AuthorizationResponse(code="auth_grant", state=_state)
response = services['authorization'].parse_response(
resp1.to_urlencoded(), "urlencoded")
services['authorization'].update_service_context(response, key=_state)
# based on state find the code and then get an access token
resp2 = AccessTokenResponse(access_token="token1",
token_type="Bearer",
expires_in=0,
state=_state)
response = services['accesstoken'].parse_response(
resp2.to_urlencoded(), "urlencoded")
services['accesstoken'].update_service_context(response, key=_state)
# and finally use the access token, bound to a state, to
# construct the authorization header
http_args = BearerHeader().construct(ResourceRequest(),
services['accesstoken'],
key=_state)
assert http_args == {"headers": {"Authorization": "Bearer token1"}}
def fetch_distributed_claims(self, userinfo, callback=None):
"""
:param userinfo: A :py:class:`oidcmsg.message.Message` sub class
instance
:param callback: A function that can be used to fetch things
:return: Updated userinfo instance
"""
try:
_csrc = userinfo["_claim_sources"]
except KeyError:
pass
else:
for csrc, spec in _csrc.items():
if "endpoint" in spec:
if "access_token" in spec:
cauth = BearerHeader()
http_args = cauth.construct(
service=self.service['userinfo'],
access_token=spec['access_token'])
_resp = self.http.send(spec["endpoint"], 'GET',
**http_args)
else:
if callback:
token = callback(spec['endpoint'])
cauth = BearerHeader()
http_args = cauth.construct(
service=self.service['userinfo'],
access_token=token)
_resp = self.http.send(spec["endpoint"], 'GET',
**http_args)
else:
_resp = self.http.send(spec["endpoint"], 'GET')
if _resp.status_code == 200:
_uinfo = json.loads(_resp.text)
else: # There shouldn't be any redirect
raise FetchException('HTTP error {}: {}'.format(
_resp.status_code, _resp.reason))
claims = [
value
for value, src in userinfo["_claim_names"].items()
if src == csrc
]
if set(claims) != set(_uinfo.keys()):
logger.warning(
"Claims from claim source doesn't match what's in "
"the userinfo")
# only add those I expected
for key in claims:
userinfo[key] = _uinfo[key]
return userinfo