class OpenIDHybridCodeIdTokenTest(OpenIDAuthCodeTest):
def setUp(self):
super().setUp()
self.mock_validator.get_code_challenge.return_value = None
self.request.response_type = 'code id_token'
self.request.nonce = 'zxc'
self.auth = HybridGrant(request_validator=self.mock_validator)
token = 'MOCKED_TOKEN'
self.url_query = 'https://a.b/cb?code=abc&state=abc&id_token=%s' % token
self.url_fragment = 'https://a.b/cb#code=abc&state=abc&id_token=%s' % token
@mock.patch('oauthlib.common.generate_token')
def test_required_nonce(self, generate_token):
generate_token.return_value = 'abc'
self.request.nonce = None
self.assertRaises(errors.InvalidRequestError, self.auth.validate_authorization_request, self.request)
bearer = BearerToken(self.mock_validator)
h, b, s = self.auth.create_authorization_response(self.request, bearer)
self.assertIn('error=invalid_request', h['Location'])
self.assertIsNone(b)
self.assertEqual(s, 302)
def test_id_token_contains_nonce(self):
token = {}
self.mock_validator.get_id_token.side_effect = None
self.mock_validator.get_id_token.return_value = None
token = self.auth.add_id_token(token, None, self.request)
assert self.mock_validator.finalize_id_token.call_count == 1
claims = self.mock_validator.finalize_id_token.call_args[0][0]
assert "nonce" in claims
def setUp(self):
super(OpenIDHybridCodeTokenTest, self).setUp()
self.request.response_type = 'code token'
self.request.nonce = None
self.auth = HybridGrant(request_validator=self.mock_validator)
self.url_query = 'https://a.b/cb?code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc'
self.url_fragment = 'https://a.b/cb#code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc'
def setUp(self):
super(OpenIDHybridCodeIdTokenTokenTest, self).setUp()
self.mock_validator.get_code_challenge.return_value = None
self.request.response_type = 'code id_token token'
self.request.nonce = 'xyz'
self.auth = HybridGrant(request_validator=self.mock_validator)
token = 'MOCKED_TOKEN'
self.url_query = 'https://a.b/cb?code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc&id_token=%s' % token
self.url_fragment = 'https://a.b/cb#code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc&id_token=%s' % token
def setUp(self):
super(OpenIDHybridCodeIdTokenTest, self).setUp()
self.mock_validator.get_code_challenge.return_value = None
self.request.response_type = 'code id_token'
self.request.nonce = 'zxc'
self.auth = HybridGrant(request_validator=self.mock_validator)
token = 'MOCKED_TOKEN'
self.url_query = 'https://a.b/cb?code=abc&state=abc&id_token=%s' % token
self.url_fragment = 'https://a.b/cb#code=abc&state=abc&id_token=%s' % token
def setUp(self):
super(OpenIDHybridCodeTokenTest, self).setUp()
self.request.response_type = 'code token'
self.request.nonce = None
self.auth = HybridGrant(request_validator=self.mock_validator)
self.url_query = 'https://a.b/cb?code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc'
self.url_fragment = 'https://a.b/cb#code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc'
def setUp(self):
self.mock_validator = mock.MagicMock()
self.mock_validator.get_code_challenge.return_value = None
self.addCleanup(setattr, self, 'mock_validator', mock.MagicMock())
auth_code = AuthorizationCodeGrant(
request_validator=self.mock_validator)
auth_code.save_authorization_code = mock.MagicMock()
implicit = ImplicitGrant(request_validator=self.mock_validator)
implicit.save_token = mock.MagicMock()
hybrid = HybridGrant(self.mock_validator)
response_types = {
'code': auth_code,
'token': implicit,
'id_token': implicit,
'id_token token': implicit,
'code token': hybrid,
'code id_token': hybrid,
'code token id_token': hybrid,
'none': auth_code
}
self.expires_in = 1800
token = BearerToken(self.mock_validator, expires_in=self.expires_in)
self.endpoint = AuthorizationEndpoint(default_response_type='code',
default_token_type=token,
response_types=response_types)
def setUp(self):
super(OpenIDHybridCodeIdTokenTokenTest, self).setUp()
self.mock_validator.get_code_challenge.return_value = None
self.request.response_type = 'code id_token token'
self.request.nonce = 'xyz'
self.auth = HybridGrant(request_validator=self.mock_validator)
token = 'MOCKED_TOKEN'
self.url_query = 'https://a.b/cb?code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc&id_token=%s' % token
self.url_fragment = 'https://a.b/cb#code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc&id_token=%s' % token
def setUp(self):
super(OpenIDHybridCodeIdTokenTest, self).setUp()
self.mock_validator.get_code_challenge.return_value = None
self.request.response_type = 'code id_token'
self.request.nonce = 'zxc'
self.auth = HybridGrant(request_validator=self.mock_validator)
token = 'MOCKED_TOKEN'
self.url_query = 'https://a.b/cb?code=abc&state=abc&id_token=%s' % token
self.url_fragment = 'https://a.b/cb#code=abc&state=abc&id_token=%s' % token
class OpenIDHybridCodeTokenTest(OpenIDAuthCodeTest):
def setUp(self):
super().setUp()
self.request.response_type = 'code token'
self.request.nonce = None
self.auth = HybridGrant(request_validator=self.mock_validator)
self.url_query = 'https://a.b/cb?code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc'
self.url_fragment = 'https://a.b/cb#code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc'
@mock.patch('oauthlib.common.generate_token')
def test_optional_nonce(self, generate_token):
generate_token.return_value = 'abc'
self.request.nonce = 'xyz'
scope, info = self.auth.validate_authorization_request(self.request)
bearer = BearerToken(self.mock_validator)
h, b, s = self.auth.create_authorization_response(self.request, bearer)
self.assertURLEqual(h['Location'], self.url_fragment, parse_fragment=True)
self.assertIsNone(b)
self.assertEqual(s, 302)
class OpenIDHybridCodeTokenTest(OpenIDAuthCodeTest):
def setUp(self):
super(OpenIDHybridCodeTokenTest, self).setUp()
self.request.response_type = 'code token'
self.request.nonce = None
self.auth = HybridGrant(request_validator=self.mock_validator)
self.url_query = 'https://a.b/cb?code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc'
self.url_fragment = 'https://a.b/cb#code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc'
@mock.patch('oauthlib.common.generate_token')
def test_optional_nonce(self, generate_token):
generate_token.return_value = 'abc'
self.request.nonce = 'xyz'
scope, info = self.auth.validate_authorization_request(self.request)
bearer = BearerToken(self.mock_validator)
h, b, s = self.auth.create_authorization_response(self.request, bearer)
self.assertURLEqual(h['Location'], self.url_fragment, parse_fragment=True)
self.assertEqual(b, None)
self.assertEqual(s, 302)
class OpenIDHybridCodeIdTokenTokenTest(OpenIDAuthCodeTest):
def setUp(self):
super().setUp()
self.mock_validator.get_code_challenge.return_value = None
self.request.response_type = 'code id_token token'
self.request.nonce = 'xyz'
self.auth = HybridGrant(request_validator=self.mock_validator)
token = 'MOCKED_TOKEN'
self.url_query = 'https://a.b/cb?code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc&id_token=%s' % token
self.url_fragment = 'https://a.b/cb#code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc&id_token=%s' % token
@mock.patch('oauthlib.common.generate_token')
def test_required_nonce(self, generate_token):
generate_token.return_value = 'abc'
self.request.nonce = None
self.assertRaises(errors.InvalidRequestError, self.auth.validate_authorization_request, self.request)
bearer = BearerToken(self.mock_validator)
h, b, s = self.auth.create_authorization_response(self.request, bearer)
self.assertIn('error=invalid_request', h['Location'])
self.assertIsNone(b)
self.assertEqual(s, 302)
class OpenIDHybridCodeIdTokenTokenTest(OpenIDAuthCodeTest):
def setUp(self):
super(OpenIDHybridCodeIdTokenTokenTest, self).setUp()
self.mock_validator.get_code_challenge.return_value = None
self.request.response_type = 'code id_token token'
self.request.nonce = 'xyz'
self.auth = HybridGrant(request_validator=self.mock_validator)
token = 'MOCKED_TOKEN'
self.url_query = 'https://a.b/cb?code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc&id_token=%s' % token
self.url_fragment = 'https://a.b/cb#code=abc&state=abc&token_type=Bearer&expires_in=3600&scope=hello+openid&access_token=abc&id_token=%s' % token
@mock.patch('oauthlib.common.generate_token')
def test_required_nonce(self, generate_token):
generate_token.return_value = 'abc'
self.request.nonce = None
self.assertRaises(errors.InvalidRequestError, self.auth.validate_authorization_request, self.request)
bearer = BearerToken(self.mock_validator)
h, b, s = self.auth.create_authorization_response(self.request, bearer)
self.assertIn('error=invalid_request', h['Location'])
self.assertEqual(b, None)
self.assertEqual(s, 302)
def setUp(self):
super(OpenIDHybridInterferenceTest, self).setUp()
self.auth = HybridGrant(request_validator=self.mock_validator)
def setUp(self):
super().setUp()
self.auth = HybridGrant(request_validator=self.mock_validator)
def __init__(self, request_validator, token_expires_in=None,
token_generator=None, refresh_token_generator=None,
*args, **kwargs):
"""Construct a new all-grants-in-one server.
:param request_validator: An implementation of
oauthlib.oauth2.RequestValidator.
:param token_expires_in: An int or a function to generate a token
expiration offset (in seconds) given a
oauthlib.common.Request object.
:param token_generator: A function to generate a token from a request.
:param refresh_token_generator: A function to generate a token from a
request for the refresh token.
:param kwargs: Extra parameters to pass to authorization-,
token-, resource-, and revocation-endpoint constructors.
"""
auth_grant = OAuth2AuthorizationCodeGrant(request_validator)
implicit_grant = OAuth2ImplicitGrant(request_validator)
password_grant = ResourceOwnerPasswordCredentialsGrant(
request_validator)
credentials_grant = ClientCredentialsGrant(request_validator)
refresh_grant = RefreshTokenGrant(request_validator)
openid_connect_auth = AuthorizationCodeGrant(request_validator)
openid_connect_implicit = ImplicitGrant(request_validator)
openid_connect_hybrid = HybridGrant(request_validator)
bearer = BearerToken(request_validator, token_generator,
token_expires_in, refresh_token_generator)
jwt = JWTToken(request_validator, token_generator,
token_expires_in, refresh_token_generator)
auth_grant_choice = AuthorizationCodeGrantDispatcher(default_auth_grant=auth_grant, oidc_auth_grant=openid_connect_auth)
implicit_grant_choice = ImplicitTokenGrantDispatcher(default_implicit_grant=implicit_grant, oidc_implicit_grant=openid_connect_implicit)
# See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Combinations for valid combinations
# internally our AuthorizationEndpoint will ensure they can appear in any order for any valid combination
AuthorizationEndpoint.__init__(self, default_response_type='code',
response_types={
'code': auth_grant_choice,
'token': implicit_grant_choice,
'id_token': openid_connect_implicit,
'id_token token': openid_connect_implicit,
'code token': openid_connect_hybrid,
'code id_token': openid_connect_hybrid,
'code id_token token': openid_connect_hybrid,
'none': auth_grant
},
default_token_type=bearer)
token_grant_choice = AuthorizationTokenGrantDispatcher(request_validator, default_token_grant=auth_grant, oidc_token_grant=openid_connect_auth)
TokenEndpoint.__init__(self, default_grant_type='authorization_code',
grant_types={
'authorization_code': token_grant_choice,
'password': password_grant,
'client_credentials': credentials_grant,
'refresh_token': refresh_grant,
},
default_token_type=bearer)
ResourceEndpoint.__init__(self, default_token='Bearer',
token_types={'Bearer': bearer, 'JWT': jwt})
RevocationEndpoint.__init__(self, request_validator)