def test_should_register_dynamic_client_if_client_registration_info_is_given( self): registration_endpoint = self.PROVIDER_BASEURL + '/register' redirect_uris = [ 'https://client.example.com/redirect', 'https://client.example.com/redirect2' ] post_logout_redirect_uris = ['https://client.example.com/logout'] responses.add(responses.POST, registration_endpoint, json={ 'client_id': 'client1', 'client_secret': 'secret1', 'redirect_uris': redirect_uris, 'post_logout_redirect_uris': post_logout_redirect_uris }) provider_config = ProviderConfiguration( provider_metadata=self.provider_metadata( registration_endpoint=registration_endpoint), client_registration_info=ClientRegistrationInfo( redirect_uris=redirect_uris, post_logout_redirect_uris=post_logout_redirect_uris)) provider_config.register_client(Client(CLIENT_AUTHN_METHOD)) assert provider_config._client_metadata['client_id'] == 'client1' assert provider_config._client_metadata['client_secret'] == 'secret1' assert provider_config._client_metadata[ 'redirect_uris'] == redirect_uris assert provider_config._client_metadata[ 'post_logout_redirect_uris'] == post_logout_redirect_uris
def test_should_register_dynamic_client_if_client_registration_info_is_given( self): registration_endpoint = self.PROVIDER_BASEURL + '/register' responses.add(responses.POST, registration_endpoint, json={ 'client_id': 'client1', 'client_secret': 'secret1' }) provider_config = ProviderConfiguration( provider_metadata=self.provider_metadata( registration_endpoint=registration_endpoint), client_registration_info=ClientRegistrationInfo()) extra_args = {'extra_args': 'should be passed'} redirect_uris = ['https://client.example.com/redirect'] provider_config.register_client(redirect_uris, extra_args) assert provider_config._client_metadata['client_id'] == 'client1' assert provider_config._client_metadata['client_secret'] == 'secret1' assert provider_config._client_metadata[ 'redirect_uris'] == redirect_uris expected_registration_request = {'redirect_uris': redirect_uris} expected_registration_request.update(extra_args) assert json.loads(responses.calls[0].request.body.decode( 'utf-8')) == expected_registration_request
def test_should_raise_exception_for_non_registered_client_when_missing_registration_endpoint( self): provider_config = ProviderConfiguration( provider_metadata=self.provider_metadata(), client_registration_info=ClientRegistrationInfo()) with pytest.raises(ValueError) as exc_info: provider_config.register_client([]) assert 'registration_endpoint' in str(exc_info.value)
def test_should_raise_exception_for_non_registered_client_when_missing_registration_endpoint( self): provider_config = ProviderConfiguration( provider_metadata=self.provider_metadata(), client_registration_info=ClientRegistrationInfo()) assert provider_config._provider_metadata[ 'registration_endpoint'] is None with pytest.raises(ValueError): provider_config.register_client(None)
def test_should_not_register_dynamic_client_if_client_metadata_is_given( self): client_metadata = ClientMetadata(client_id='client1', client_secret='secret1') provider_config = ProviderConfiguration( provider_metadata=self.provider_metadata(), client_metadata=client_metadata) provider_config.register_client(None) assert provider_config._client_metadata == client_metadata
def test_should_not_register_dynamic_client_if_client_metadata_is_given( self): client_metadata = ClientMetadata( client_id='client1', client_secret='secret1', redirect_uris=['https://client.example.com/redirect']) provider_config = ProviderConfiguration( provider_metadata=self.provider_metadata(), client_metadata=client_metadata) provider_config.register_client([]) assert provider_config._client_metadata == client_metadata
def test_register_client_should_register_dynamic_client_if_initial_access_token_present( self): registration_endpoint = self.PROVIDER_BASEURL + '/register' redirect_uris = [ 'https://client.example.com/redirect', 'https://client.example.com/redirect2' ] post_logout_redirect_uris = ['https://client.example.com/logout'] client_registration_response = { 'client_id': 'client1', 'client_secret': 'secret1', 'client_name': 'Test Client', 'redirect_uris': redirect_uris, 'post_logout_redirect_uris': post_logout_redirect_uris, 'registration_client_uri': 'https://op.example.com/register/client1', 'registration_access_token': 'registration_access_token1' } responses.add(responses.POST, registration_endpoint, json=client_registration_response) provider_config = ProviderConfiguration( provider_metadata=self.provider_metadata( registration_endpoint=registration_endpoint), client_registration_info=ClientRegistrationInfo( client_name='Test Client', redirect_uris=redirect_uris, post_logout_redirect_uris=post_logout_redirect_uris, registration_token='initial_access_token')) provider_config.register_client(Client(CLIENT_AUTHN_METHOD)) assert provider_config._client_metadata['client_id'] == 'client1' assert provider_config._client_metadata['client_secret'] == 'secret1' assert provider_config._client_metadata['client_name'] == 'Test Client' assert provider_config._client_metadata[ 'registration_client_uri'] == 'https://op.example.com/register/client1' assert provider_config._client_metadata[ 'registration_access_token'] == 'registration_access_token1' assert provider_config._client_metadata[ 'redirect_uris'] == redirect_uris assert provider_config._client_metadata[ 'post_logout_redirect_uris'] == post_logout_redirect_uris assert responses.calls[0].request.headers['Authorization'] == \ f"Bearer {base64.b64encode('initial_access_token'.encode()).decode()}"
def test_register_client_should_register_client_even_if_post_logout_redirect_uris_missing( self): registration_endpoint = self.PROVIDER_BASEURL + '/register' redirect_uris = [ 'https://client.example.com/redirect', 'https://client.example.com/redirect2' ] client_registration_response = { 'client_id': 'client1', 'client_secret': 'secret1', 'client_name': 'Test Client', 'redirect_uris': redirect_uris, 'registration_client_uri': 'https://op.example.com/register/client1', 'registration_access_token': 'registration_access_token1' } responses.add(responses.POST, registration_endpoint, json=client_registration_response) provider_config = ProviderConfiguration( provider_metadata=self.provider_metadata( registration_endpoint=registration_endpoint), client_registration_info=ClientRegistrationInfo( client_name='Test Client', redirect_uris=redirect_uris, post_logout_redirect_uris=[], registration_token='initial_access_token')) provider_config.register_client(client=Client(CLIENT_AUTHN_METHOD)) assert provider_config._client_metadata['client_id'] == 'client1' assert provider_config._client_metadata['client_secret'] == 'secret1' assert provider_config._client_metadata['client_name'] == 'Test Client' assert provider_config._client_metadata[ 'registration_client_uri'] == 'https://op.example.com/register/client1' assert provider_config._client_metadata[ 'registration_access_token'] == 'registration_access_token1' assert provider_config._client_metadata[ 'redirect_uris'] == redirect_uris assert provider_config._client_metadata.get( 'post_logout_redirect_uris') is None