def test_validate_pkce_raises_error_when_code_challenge_missing():
"""
GIVEN: Public client configured
WHEN: AuthorizationRequest with code_challenge attribute missing
THEN: validate_pkce raises a AuthorizeRequestError
"""
client = {
'scope': 'read write',
'token_endpoint_auth_method': 'None'
}
with pytest.raises(AuthorizeRequestError) as ex:
ar = AuthorizeRequest()
ar.validate_pkce(client)
assert ex.value.args[0] == 'invalid_request'
assert ex.value.args[1] == 'code challenge required'
def test_validate_pkce_raises_error_when_code_challenge_method_incorrect():
"""
GIVEN: Public client configured
WHEN: AuthorizationRequest with unsupported code_challenge_method attribute
THEN: validate_pkce raises a AuthorizeRequestError
"""
client = {
'scope': 'read write',
'token_endpoint_auth_method': 'None',
'code_challenge_method': 'plain'
}
with pytest.raises(AuthorizeRequestError) as ex:
ar = AuthorizeRequest(code_challenge='')
ar.validate_pkce(client)
assert ex.value.args[1] == 'invalid_request'
assert ex.value.args[2] == 'Invalid code challenge method'