def test_verified_returns_verified_token(self, patch):
verified_token = patch("h.oauth.jwt_grant_token.VerifiedJWTGrantToken")
jwttok = jwt_token({"iss": "test-issuer"})
grant_token = JWTGrantToken(jwttok)
actual = grant_token.verified("top-secret", "test-audience")
assert actual == verified_token.return_value
def test_verified_returns_verified_token(self, patch):
verified_token = patch('h.oauth.jwt_grant_token.VerifiedJWTGrantToken')
jwttok = jwt_token({'iss': 'test-issuer'})
grant_token = JWTGrantToken(jwttok)
actual = grant_token.verified('top-secret', 'test-audience')
assert actual == verified_token.return_value
def test_verified_returns_verified_token(self, patch):
verified_token = patch("h.oauth.jwt_grant_token.VerifiedJWTGrantToken")
jwttok = jwt_token({"iss": "test-issuer"})
grant_token = JWTGrantToken(jwttok)
actual = grant_token.verified("top-secret", "test-audience")
assert actual == verified_token.return_value
def test_verified_returns_verified_token(self, patch):
verified_token = patch('h.oauth.jwt_grant_token.VerifiedJWTGrantToken')
jwttok = jwt_token({'iss': 'test-issuer'})
grant_token = JWTGrantToken(jwttok)
actual = grant_token.verified('top-secret', 'test-audience')
assert actual == verified_token.return_value
def test_verified_initializes_verified_token(self, patch):
verified_token = patch("h.oauth.jwt_grant_token.VerifiedJWTGrantToken")
jwttok = jwt_token({"iss": "test-issuer"})
grant_token = JWTGrantToken(jwttok)
grant_token.verified("top-secret", "test-audience")
verified_token.assert_called_once_with(jwttok, "top-secret", "test-audience")
def test_verified_initializes_verified_token(self, patch):
verified_token = patch("h.oauth.jwt_grant_token.VerifiedJWTGrantToken")
jwttok = jwt_token({"iss": "test-issuer"})
grant_token = JWTGrantToken(jwttok)
grant_token.verified("top-secret", "test-audience")
verified_token.assert_called_once_with(jwttok, "top-secret", "test-audience")
def test_verified_initializes_verified_token(self, patch):
verified_token = patch('h.oauth.jwt_grant_token.VerifiedJWTGrantToken')
jwttok = jwt_token({'iss': 'test-issuer'})
grant_token = JWTGrantToken(jwttok)
grant_token.verified('top-secret', 'test-audience')
verified_token.assert_called_once_with(jwttok, 'top-secret', 'test-audience')
def test_verified_initializes_verified_token(self, patch):
verified_token = patch('h.oauth.jwt_grant_token.VerifiedJWTGrantToken')
jwttok = jwt_token({'iss': 'test-issuer'})
grant_token = JWTGrantToken(jwttok)
grant_token.verified('top-secret', 'test-audience')
verified_token.assert_called_once_with(jwttok, 'top-secret',
'test-audience')
def validate_token_request(self, request):
"""
Validates a token request.
Sets the ``client_id`` property on the passed-in request to the JWT
issuer, and finds the user based on the JWT subject and sets it as
the ``user`` property.
Raises subclasses of ``oauthlib.oauth2.rfc6749.OAuth2Error`` when
validation fails.
:param request: the oauthlib request
:type request: oauthlib.common.Request
"""
try:
assertion = request.assertion
except AttributeError:
raise errors.InvalidRequestFatalError("Missing assertion.")
token = JWTGrantToken(assertion)
# Update client_id in oauthlib request
request.client_id = token.issuer
if not self.request_validator.authenticate_client_id(
request.client_id, request
):
raise errors.InvalidClientError(request=request)
# Ensure client is authorized use of this grant type
self.validate_grant_type(request)
authclient = request.client.authclient
verified_token = token.verified(key=authclient.secret, audience=self.domain)
user = self.user_svc.fetch(verified_token.subject)
if user is None:
raise errors.InvalidGrantError(
"Grant token subject (sub) could not be found."
)
if user.authority != authclient.authority:
raise errors.InvalidGrantError(
"Grant token subject (sub) does not match issuer (iss)."
)
request.user = user
def test_init_decodes_token_without_verifying(self, patch):
jwt_decode = patch("h.oauth.jwt_grant_token.jwt.decode")
JWTGrantToken("abcdef123456")
jwt_decode.assert_called_once_with("abcdef123456",
options={"verify_signature": False})
def test_issuer_raises_for_missing_iss_claim(self):
jwttok = jwt_token({'foo': 'bar'})
grant_token = JWTGrantToken(jwttok)
with pytest.raises(MissingJWTGrantTokenClaimError) as exc:
grant_token.issuer
assert exc.value.description == "Missing claim 'iss' (issuer) from grant token."
def test_issuer_returns_iss_claim(self):
jwttok = jwt_token({'iss': 'test-issuer', 'foo': 'bar'})
grant_token = JWTGrantToken(jwttok)
assert grant_token.issuer == 'test-issuer'
def test_init_raises_for_invalid_token(self):
with pytest.raises(InvalidRequestFatalError) as exc:
JWTGrantToken('abcdef123456')
assert exc.value.description == 'Invalid JWT grant token format.'
def test_init_decodes_token_without_verifying(self, patch):
jwt_decode = patch('h.oauth.jwt_grant_token.jwt.decode')
JWTGrantToken('abcdef123456')
jwt_decode.assert_called_once_with('abcdef123456', verify=False)
def test_issuer_returns_iss_claim(self):
jwttok = jwt_token({"iss": "test-issuer", "foo": "bar"})
grant_token = JWTGrantToken(jwttok)
assert grant_token.issuer == "test-issuer"
