def test_client_secret_jwt(self, services):
_service_context = services['accesstoken'].service_context
_service_context.token_endpoint = "https://example.com/token"
_service_context.set(
'provider_info', {
'issuer': 'https://example.com/',
'token_endpoint': "https://example.com/token"
})
csj = ClientSecretJWT()
request = AccessTokenRequest()
csj.construct(request,
service=services['accesstoken'],
algorithm="HS256",
authn_endpoint='userinfo')
assert request["client_assertion_type"] == JWT_BEARER
assert "client_assertion" in request
cas = request["client_assertion"]
_kj = KeyJar()
_kj.add_symmetric(_service_context.get('client_id'),
_service_context.get('client_secret'),
usage=['sig'])
jso = JWT(key_jar=_kj, sign_alg='HS256').unpack(cas)
assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
_rj = JWS(alg='HS256')
info = _rj.verify_compact(
cas,
_kj.get_signing_key(issuer_id=_service_context.get('client_id')))
assert _eq(info.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
assert info['aud'] == [_service_context.get('provider_info')['issuer']]
def test_construct(self, services):
_service = services['accesstoken']
kb_rsa = KeyBundle(source='file://{}'.format(
os.path.join(BASE_PATH, "data/keys/rsa.key")),
fileformat='der')
for key in kb_rsa:
key.add_kid()
_service.service_context.keyjar.add_kb('', kb_rsa)
_service.service_context.set(
'provider_info', {
'issuer': 'https://example.com/',
'token_endpoint': "https://example.com/token"
})
services['accesstoken'].endpoint = "https://example.com/token"
request = AccessTokenRequest()
pkj = PrivateKeyJWT()
http_args = pkj.construct(request,
service=_service,
algorithm="RS256",
authn_endpoint='token_endpoint')
assert http_args == {}
cas = request["client_assertion"]
_kj = KeyJar()
_kj.add_kb(_service.service_context.get('client_id'), kb_rsa)
jso = JWT(key_jar=_kj).unpack(cas)
assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
# assert _jwt.headers == {'alg': 'RS256'}
assert jso['aud'] == [
_service.service_context.get('provider_info')['token_endpoint']
]
def test_construct(self, entity):
token_service = entity.client_get("service", 'accesstoken')
kb_rsa = KeyBundle(source='file://{}'.format(
os.path.join(BASE_PATH, "data/keys/rsa.key")),
fileformat='der')
for key in kb_rsa:
key.add_kid()
_context = token_service.client_get("service_context")
_context.keyjar.add_kb('', kb_rsa)
_context.provider_info = {
'issuer': 'https://example.com/',
'token_endpoint': "https://example.com/token"
}
_context.registration_response = {
'token_endpoint_auth_signing_alg': 'RS256'
}
token_service.endpoint = "https://example.com/token"
request = AccessTokenRequest()
pkj = PrivateKeyJWT()
http_args = pkj.construct(request,
service=token_service,
authn_endpoint='token_endpoint')
assert http_args == {}
cas = request["client_assertion"]
_kj = KeyJar()
_kj.add_kb(_context.client_id, kb_rsa)
jso = JWT(key_jar=_kj).unpack(cas)
assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
# assert _jwt.headers == {'alg': 'RS256'}
assert jso['aud'] == [_context.provider_info['token_endpoint']]
def test_client_secret_jwt(self, client):
_ci = client.client_info
_ci.token_endpoint = "https://example.com/token"
_ci.provider_info = {
'issuer': 'https://example.com/',
'token_endpoint': "https://example.com/token"
}
csj = ClientSecretJWT()
request = AccessTokenRequest()
csj.construct(request,
cli_info=client.client_info,
algorithm="HS256",
authn_endpoint='userinfo')
assert request["client_assertion_type"] == JWT_BEARER
assert "client_assertion" in request
cas = request["client_assertion"]
_skey = [SYMKey(k=b64e(as_bytes(_ci.client_secret)), use='sig')]
jso = JWT(rec_keys={client.client_id: _skey}).unpack(cas)
assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
_rj = JWS()
info = _rj.verify_compact(
cas, [SYMKey(k=b64e(as_bytes(_ci.client_secret)))])
assert _eq(info.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
assert info['aud'] == [_ci.provider_info['issuer']]
def test_construct(self, client):
_key = rsa_load(os.path.join(BASE_PATH, "data/keys/rsa.key"))
kc_rsa = KeyBundle([{
"key": _key,
"kty": "RSA",
"use": "ver"
}, {
"key": _key,
"kty": "RSA",
"use": "sig"
}])
client.client_info.keyjar[""] = kc_rsa
client.client_info.provider_info = {
'issuer': 'https://example.com/',
'token_endpoint': "https://example.com/token"
}
client.service['accesstoken'].endpoint = "https://example.com/token"
request = AccessTokenRequest()
pkj = PrivateKeyJWT()
http_args = pkj.construct(request,
cli_info=client.client_info,
algorithm="RS256",
authn_endpoint='token')
assert http_args == {}
cas = request["client_assertion"]
pub_kb = KeyBundle([{
"key": _key.public_key(),
"kty": "RSA",
"use": "ver"
}, {
"key": _key.public_key(),
"kty": "RSA",
"use": "sig"
}])
jso = JWT(rec_keys={client.client_id: pub_kb.get('RSA')}).unpack(cas)
assert _eq(jso.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
#assert _jwt.headers == {'alg': 'RS256'}
assert jso['aud'] == [
client.client_info.provider_info['token_endpoint']
]
def test_client_secret_jwt(self, entity):
_service_context = entity.client_get("service_context")
_service_context.token_endpoint = "https://example.com/token"
_service_context.provider_info = {
'issuer': 'https://example.com/',
'token_endpoint': "https://example.com/token"
}
_service_context.registration_response = {
'token_endpoint_auth_signing_alg': "HS256"
}
csj = ClientSecretJWT()
request = AccessTokenRequest()
csj.construct(request,
service=entity.client_get("service", 'accesstoken'),
authn_endpoint='token_endpoint')
assert request["client_assertion_type"] == JWT_BEARER
assert "client_assertion" in request
cas = request["client_assertion"]
_kj = KeyJar()
_kj.add_symmetric(_service_context.client_id,
_service_context.client_secret, ['sig'])
jso = JWT(key_jar=_kj, sign_alg='HS256').unpack(cas)
assert _eq(jso.keys(), ["aud", "iss", "sub", "exp", "iat", 'jti'])
_rj = JWS(alg='HS256')
info = _rj.verify_compact(
cas, _kj.get_signing_key(issuer_id=_service_context.client_id))
assert _eq(info.keys(), ["aud", "iss", "sub", "jti", "exp", "iat"])
assert info['aud'] == [
_service_context.provider_info['token_endpoint']
]