def test_access_token_srv_conf():
client_config = {
'client_id': 'client_id',
'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb']
}
service_context = ServiceContext(config=client_config)
service = service_factory(
'AccessToken', ['oauth2'],
service_context=service_context,
conf={'default_authn_method': 'client_secret_post'})
auth_request = AuthorizationRequest(
redirect_uri='https://example.com/cli/authz_cb', state='state')
auth_response = AuthorizationResponse(code='access_code')
service.store_item(auth_request, "auth_request", 'state')
service.store_item(auth_response, "auth_response", 'state')
req_args = {
'redirect_uri': 'https://example.com/cli/authz_cb',
'code': 'access_code'
}
service.endpoint = 'https://example.com/authorize'
_info = service.get_request_parameters(request_args=req_args,
state='state')
assert _info
msg = AccessTokenRequest().from_urlencoded(
service.get_urlinfo(_info['body']))
assert 'client_secret' in msg
def get_service():
service_context = ServiceContext(keyjar=None, config=CLIENT_CONF)
service_context.client_secret = "white boarding pass"
service = service_factory('AccessToken', ['oidc'],
state_db=InMemoryStateDataBase(),
service_context=service_context)
return service
def test_authz_service_conf():
client_config = {
'client_id': 'client_id',
'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb'],
'behaviour': {'response_types': ['code']}
}
srv = service_factory(
'Authorization', ['oidc'], state_db=InMemoryStateDataBase(),
service_context=ServiceContext(CLI_KEY, config=client_config),
conf={
'request_args': {
'claims': {
"id_token":
{
"auth_time": {"essential": True},
"acr": {"values": ["urn:mace:incommon:iap:silver"]}
}
}
}
})
req = srv.construct()
assert 'claims' in req
assert set(req['claims'].keys()) == {'id_token'}
def create_request(self):
self._iss = ISS
client_config = {
'client_id': 'client_id', 'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb'],
'issuer': self._iss, 'requests_dir': 'requests',
'base_url': 'https://example.com/cli/'
}
service_context = ServiceContext(config=client_config)
service_context.keyjar = CLI_KEY
service_context.behaviour = {
'userinfo_signed_response_alg': 'RS256',
"userinfo_encrypted_response_alg": "RSA-OAEP",
"userinfo_encrypted_response_enc": "A256GCM"
}
db = InMemoryStateDataBase()
auth_response = AuthorizationResponse(code='access_code').to_json()
idtval = {
'nonce': 'KUEYfRM2VzKDaaKD', 'sub': 'diana',
'iss': ISS, 'aud': 'client_id'
}
idt = create_jws(idtval)
ver_idt = IdToken().from_jwt(idt, CLI_KEY)
token_response = AccessTokenResponse(
access_token='access_token', id_token=idt,
__verified_id_token=ver_idt).to_json()
db.set('abcde', State(token_response=token_response,
auth_response=auth_response).to_json())
self.service = service_factory('UserInfo', ['oidc'], state_db=db,
service_context=service_context)
def test_access_token_srv_conf():
client_config = {
'client_id': 'client_id',
'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb']
}
service_context = ServiceContext(config=client_config)
db = InMemoryStateDataBase()
auth_request = AuthorizationRequest(
redirect_uri='https://example.com/cli/authz_cb', state='state')
auth_response = AuthorizationResponse(code='access_code')
_state = State(auth_request=auth_request.to_json(),
auth_response=auth_response.to_json())
db.set('state', _state.to_json())
service = service_factory(
'AccessToken', ['oauth2'],
state_db=db,
service_context=service_context,
conf={'default_authn_method': 'client_secret_post'})
req_args = {
'redirect_uri': 'https://example.com/cli/authz_cb',
'code': 'access_code'
}
service.endpoint = 'https://example.com/authorize'
_info = service.get_request_parameters(request_args=req_args,
state='state')
assert _info
msg = AccessTokenRequest().from_urlencoded(
service.get_urlinfo(_info['body']))
assert 'client_secret' in msg
def create_service(self):
client_config = {
'client_id': 'client_id',
'client_secret': 'another password'
}
service_context = ServiceContext(config=client_config)
self.service = {
'token': service_factory("CCAccessToken",
['oauth2/client_credentials', 'oauth2'],
service_context=service_context),
'refresh_token': service_factory("CCRefreshAccessToken",
['oauth2/client_credentials',
'oauth2'],
service_context=service_context)
}
self.service['token'].endpoint = 'https://example.com/token'
self.service['refresh_token'].endpoint = 'https://example.com/token'
def create_request(self):
client_config = {
'client_id': 'client_id', 'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb']
}
service_context = ServiceContext(CLI_KEY, config=client_config)
service_context.issuer = 'https://example.com'
self.service = service_factory('Authorization', ['oidc'],
state_db=InMemoryStateDataBase(),
service_context=service_context)
def create_request(self):
self._iss = ISS
client_config = {
'client_id': 'client_id', 'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb'],
'issuer': self._iss, 'requests_dir': 'requests',
'base_url': 'https://example.com/cli/'
}
service_context = ServiceContext(config=client_config)
self.service = service_factory('Registration', ['oidc'], state_db=None,
service_context=service_context)
def create_service(self):
client_config = {
'client_id': 'client_id',
'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb'],
'behaviour': {
'response_types': ['code']
}
}
service_context = ServiceContext(config=client_config)
self.service = service_factory('Authorization', ['oauth2'],
service_context=service_context)
def factory(service_name, ignore, **kwargs):
"""
A factory the given a service name will return a
:py:class:`oidcservice.service.Service` instance if a service matching the
name could be found.
:param service_name: A service name, could be either of the format
'group.name' or 'name'.
:param kwargs: A set of key word arguments to be used when initiating the
Service class
:return: A :py:class:`oidcservice.service.Service` instance or None
"""
if '.' in service_name:
group, name = service_name.split('.')
if group == 'oauth2':
service_factory(service_name[1], ['oauth2'], **kwargs)
elif group == 'oidc':
service_factory(service_name[1], ['oidc'], **kwargs)
else:
return get_provider_specific_service(group, name, **kwargs)
else:
return service_factory(service_name, ['oidc', 'oauth2'], **kwargs)
def create_request(self):
client_config = {
'client_id': 'client_id', 'client_secret': 'a longesh password',
'callback': {
'code': 'https://example.com/cli/authz_cb',
'implicit': 'https://example.com/cli/authz_im_cb',
'form_post': 'https://example.com/cli/authz_fp_cb'
}
}
service_context = ServiceContext(CLI_KEY, config=client_config)
self.service = service_factory('Authorization', ['oidc'],
state_db=InMemoryStateDataBase(),
service_context=service_context)
def create_request(self):
self._iss = ISS
client_config = {
"redirect_uris": ["https://example.com/cli/authz_cb"],
"issuer": self._iss,
"requests_dir": "requests",
"base_url": "https://example.com/cli/",
"client_preferences": {
"application_type": "web",
"response_types": ["code"],
"contacts": ["*****@*****.**"],
"jwks_uri": "https://example.com/rp/static/jwks.json",
"redirect_uris": ["{}/authz_cb".format(RP_BASEURL)],
"token_endpoint_auth_method": "client_secret_basic",
"grant_types": ["authorization_code"]
}
}
service_context = ServiceContext(config=client_config)
self.reg_service = service_factory("Registration", ["oidc"],
service_context=service_context)
self.read_service = service_factory("RegistrationRead", ["oidc"],
service_context=service_context)
def create_request(self):
self._iss = ISS
client_config = {
'client_id': 'client_id', 'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb'],
'issuer': self._iss, 'requests_dir': 'requests',
'base_url': 'https://example.com/cli/',
'post_logout_redirect_uris': ['https://example.com/post_logout']
}
service_context = ServiceContext(config=client_config)
self.service = service_factory('EndSession', ['oidc'],
state_db=InMemoryStateDataBase(),
service_context=service_context)
def create_request(self):
client_config = {
'client_id': 'client_id', 'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb']
}
service_context = ServiceContext(CLI_KEY, config=client_config)
_db = InMemoryStateDataBase()
auth_request = AuthorizationRequest(
redirect_uri='https://example.com/cli/authz_cb',
state='state', response_type='code').to_json()
auth_response = AuthorizationResponse(code='access_code').to_json()
_db.set('state', State(auth_response=auth_response,
auth_request=auth_request).to_json())
self.service = service_factory('AccessToken', ['oidc'], state_db=_db,
service_context=service_context)
def create_service(self):
client_config = {
'client_id': 'client_id',
'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb']
}
service_context = ServiceContext(config=client_config)
self.service = service_factory('RefreshAccessToken', ['oauth2'],
service_context=service_context)
auth_response = AuthorizationResponse(code='access_code')
token_response = AccessTokenResponse(access_token='bearer_token',
refresh_token='refresh')
self.service.store_item(auth_response, 'auth_response', 'abcdef')
self.service.store_item(token_response, 'token_response', 'abcdef')
self.service.endpoint = 'https://example.com/token'
def test_add_jwks_uri_or_jwks_3():
client_config = {
'client_id': 'client_id', 'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb'],
'issuer': ISS,
'client_preferences': {
'id_token_signed_response_alg': 'RS384',
'userinfo_signed_response_alg': 'RS384'
}
}
service_context = ServiceContext(config=client_config, jwks='{"keys":[]}')
service = service_factory('Registration', ['oidc'], state_db=None,
service_context=service_context)
req_args, post_args = add_jwks_uri_or_jwks({}, service)
assert req_args['jwks'] == '{"keys":[]}'
assert set(req_args.keys()) == {'jwks'}
def create_service(self):
client_config = {
'client_id': 'client_id',
'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb']
}
service_context = ServiceContext(config=client_config)
service_context.set('redirect_uris',
['https://example.com/cli/authz_cb'])
self.service = service_factory('AccessToken', ['oauth2'],
service_context=service_context)
auth_request = AuthorizationRequest(
redirect_uri='https://example.com/cli/authz_cb', state='state')
auth_response = AuthorizationResponse(code='access_code')
self.service.store_item(auth_request, 'auth_request', 'state')
self.service.store_item(auth_response, 'auth_response', 'state')
def test_add_jwks_uri_or_jwks_0():
client_config = {
'client_id': 'client_id',
'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb'],
'jwks_uri': 'https://example.com/jwks/jwks.json',
'issuer': ISS,
'client_preferences': {
'id_token_signed_response_alg': 'RS384',
'userinfo_signed_response_alg': 'RS384'
}
}
service_context = ServiceContext(config=client_config)
service = service_factory('Registration', ['oidc'],
service_context=service_context)
req_args, post_args = add_jwks_uri_or_jwks({}, service)
assert req_args['jwks_uri'] == 'https://example.com/jwks/jwks.json'
def create_service(self):
client_config = {
'client_id': 'client_id',
'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb']
}
service_context = ServiceContext(config=client_config)
db = InMemoryStateDataBase()
auth_response = AuthorizationResponse(code='access_code')
token_response = AccessTokenResponse(access_token='bearer_token',
refresh_token='refresh')
_state = State(auth_response=auth_response.to_json(),
token_response=token_response.to_json())
db.set('abcdef', _state.to_json())
self.service = service_factory('RefreshAccessToken', ['oauth2'],
state_db=db,
service_context=service_context)
self.service.endpoint = 'https://example.com/token'
def create_request(self):
client_config = {
'client_id': 'client_id',
'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb']
}
service_context = ServiceContext(CLI_KEY, config=client_config)
self.service = service_factory('AccessToken', ['oidc'],
service_context=service_context)
# add some history
auth_request = AuthorizationRequest(
redirect_uri='https://example.com/cli/authz_cb',
state='state',
response_type='code').to_json()
self.service.store_item(auth_request, "auth_request", 'state')
auth_response = AuthorizationResponse(code='access_code').to_json()
self.service.store_item(auth_response, "auth_response", 'state')
def create_service(self):
self._iss = ISS
client_config = {
'client_id': 'client_id',
'client_secret': 'a longesh password',
'redirect_uris': ['https://example.com/cli/authz_cb'],
'issuer': self._iss,
'client_preferences': {
"application_type": "web",
"application_name": "rphandler",
"contacts": ["*****@*****.**"],
"response_types": ["code"],
"scope": ["openid", "profile", "email", "address", "phone"],
"token_endpoint_auth_method": "client_secret_basic",
}
}
service_context = ServiceContext(config=client_config)
self.service = service_factory('ProviderInfoDiscovery', ['oidc'],
service_context=service_context)
def create_service(self):
self._iss = 'https://example.com/as'
client_config = {
'client_id': 'client_id',
'client_secret': 'a longesh password',
"client_preferences": {
"application_type": "web",
"application_name": "rphandler",
"contacts": ["*****@*****.**"],
"response_types": ["code"],
"scope": ["openid", "profile", "email", "address", "phone"],
"token_endpoint_auth_method": "client_secret_basic",
},
'redirect_uris': ['https://example.com/cli/authz_cb'],
'issuer': self._iss
}
service_context = ServiceContext(config=client_config)
self.service = service_factory('ProviderInfoDiscovery', ['oauth2'],
state_db=InMemoryStateDataBase(),
service_context=service_context)
self.service.endpoint = '{}/.well-known/openid-configuration'.format(
self._iss)
def get_service():
service_context = ServiceContext(keyjar=None, config=CLIENT_CONF)
# service_context.set('client_secret', "white boarding pass")
service = service_factory('AccessToken', ['oidc'],
service_context=service_context)
return service
