def test_client_user_info_get(self):
args = {
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/callback2"
],
"client_name":
"My Example Client",
"client_name#ja-Jpan-JP":
"\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D",
"token_endpoint_auth_method":
"client_secret_basic",
"scope":
"read write dolphin",
}
request = RegistrationRequest(**args)
resp = self.provider.registration_endpoint(request=request.to_json())
_resp = ClientInfoResponse().from_json(resp.message)
resp = self.provider.client_info_endpoint(
"GET",
environ={
"HTTP_AUTHORIZATION":
"Bearer %s" % (_resp["registration_access_token"], )
},
query="client_id=%s" % _resp["client_id"],
request=request.to_json())
_resp_cir = ClientInfoResponse().from_json(resp.message)
assert _resp == _resp_cir
def client_info(self, client_id):
_cinfo = self.cdb[client_id].copy()
try:
_cinfo["redirect_uris"] = self._tuples_to_uris(
_cinfo["redirect_uris"])
except KeyError:
pass
msg = ClientInfoResponse(**_cinfo)
return Response(msg.to_json(), content="application/json")
def client_info(self, client_id):
_cinfo = self.cdb[client_id].copy()
if not valid_client_info(_cinfo):
err = ErrorResponse(error="invalid_client",
error_description="Invalid client secret")
return BadRequest(err.to_json(), content="application/json")
try:
_cinfo["redirect_uris"] = self._tuples_to_uris(
_cinfo["redirect_uris"])
except KeyError:
pass
msg = ClientInfoResponse(**_cinfo)
return Response(msg.to_json(), content="application/json")
def handle_registration_info(self, response):
if response.status_code in SUCCESSFUL:
resp = ClientInfoResponse().deserialize(response.text, "json")
self.store_response(resp, response.text)
self.store_registration_info(resp)
else:
resp = ErrorResponse().deserialize(response.text, "json")
try:
resp.verify()
self.store_response(resp, response.text)
except Exception:
raise PyoidcError('Registration failed: {}'.format(
response.text))
return resp
def handle_registration_info(self, response):
if response.status_code in SUCCESSFUL:
resp = ClientInfoResponse().deserialize(response.text, "json")
self.store_response(resp, response.text)
self.store_registration_info(resp)
else:
resp = ErrorResponse().deserialize(response.text, "json")
try:
resp.verify()
self.store_response(resp, response.text)
except Exception:
raise PyoidcError(
'Registration failed: {}'.format(response.text))
return resp
def client_info(self, client_id):
_cinfo = self.cdb[client_id].copy()
if not valid_client_info(_cinfo):
err = ErrorResponse(
error="invalid_client",
error_description="Invalid client secret")
return BadRequest(err.to_json(), content="application/json")
try:
_cinfo["redirect_uris"] = self._tuples_to_uris(
_cinfo["redirect_uris"])
except KeyError:
pass
msg = ClientInfoResponse(**_cinfo)
return Response(msg.to_json(), content="application/json")
def test_client_registration_with_software_statement(self):
jwks, keyjar, kidd = build_keyjar(KEYS)
fed_operator = 'https://fedop.example.org'
self.provider.keyjar[fed_operator] = keyjar['']
ss = make_software_statement(keyjar, fed_operator, client_id='foxtrot')
args = {
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/callback2"
],
"client_name":
"XYZ Service B",
"token_endpoint_auth_method":
"client_secret_basic",
"scope":
"read write dolphin",
'software_statement':
ss
}
request = RegistrationRequest(**args)
resp = self.provider.registration_endpoint(request=request.to_json(),
environ={})
cli_resp = ClientInfoResponse().from_json(resp.message)
assert cli_resp
def test_registration_endpoint(self):
request = RegistrationRequest(
client_name="myself",
redirect_uris=["https://example.com/rp"],
grant_type=['authorization_code', 'implicit'])
resp = self.provider.registration_endpoint(request=request.to_json())
assert isinstance(resp, Response)
data = json.loads(resp.message)
assert data["client_name"] == "myself"
assert _eq(data["redirect_uris"], ["https://example.com/rp"])
_resp = ClientInfoResponse().from_json(resp.message)
assert "client_id" in _resp
def test_client_registration_delete(self):
args = {
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/callback2",
],
"client_name":
"My Example Client",
"client_name#ja-Jpan-JP":
"\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D",
"token_endpoint_auth_method":
"client_secret_basic",
"scope":
"read write dolphin",
}
request = RegistrationRequest(**args)
resp = self.provider.registration_endpoint(request=request.to_json(),
environ={})
_resp = ClientInfoResponse().from_json(resp.message)
resp = self.provider.client_info_endpoint(
request=request.to_json(),
environ={
"HTTP_AUTHORIZATION":
"Bearer %s" % (_resp["registration_access_token"], )
},
method="DELETE",
query="client_id=%s" % _resp["client_id"],
)
assert isinstance(resp, NoContent)
# A read should fail
resp = self.provider.client_info_endpoint(
"",
environ={
"HTTP_AUTHORIZATION":
"Bearer %s" % (_resp["registration_access_token"], )
},
query="client_id=%s" % _resp["client_id"],
)
assert isinstance(resp, Unauthorized)
def test_client_registration_utf_8_client_name(self):
args = {
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/callback2"
],
"client_name":
"My Example Client",
"client_name#ja-Jpan-JP":
"\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D",
"token_endpoint_auth_method":
"client_secret_basic",
"scope":
"read write dolphin",
}
request = RegistrationRequest(**args)
resp = self.provider.registration_endpoint(request=request.to_json())
_resp = ClientInfoResponse().from_json(resp.message)
assert _resp[
"client_name#ja-Jpan-JP"] == "\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D"
assert _resp["client_name"] == "My Example Client"
def create_client(self, **kwargs):
"""
Do an instantiation of a client instance.
:param: Keyword arguments
Keys are:
srv_discovery_url
client_info
client_registration
provider_info
behaviour
:return: client instance
"""
_key_set = set(list(kwargs.keys()))
try:
_verify_ssl = kwargs["verify_ssl"]
except KeyError:
_verify_ssl = self.verify_ssl
else:
_key_set.discard("verify_ssl")
_client = self.client_cls(
client_authn_method=CLIENT_AUTHN_METHOD,
behaviour=kwargs["behaviour"],
verify_ssl=_verify_ssl,
)
# The behaviour parameter is not significant for the election process
_key_set.discard("behaviour")
for param in ["allow"]:
try:
setattr(_client, param, kwargs[param])
except KeyError:
pass
else:
_key_set.discard(param)
if _key_set == {"client_info", "srv_discovery_url"}:
# Ship the webfinger part
# Gather OP information
_client.provider_config(kwargs["srv_discovery_url"])
# register the client
_client.register(
_client.provider_info["registration_endpoint"], **kwargs["client_info"]
)
self.get_path(
kwargs["client_info"]["redirect_uris"], kwargs["srv_discovery_url"]
)
elif _key_set == {"provider_info", "client_info"}:
_client.handle_provider_config(
ASConfigurationResponse(**kwargs["provider_info"]),
kwargs["provider_info"]["issuer"],
)
_client.register(
_client.provider_info["registration_endpoint"], **kwargs["client_info"]
)
self.get_path(
kwargs["client_info"]["redirect_uris"],
kwargs["provider_info"]["issuer"],
)
elif _key_set == {"provider_info", "client_registration"}:
_client.handle_provider_config(
ASConfigurationResponse(**kwargs["provider_info"]),
kwargs["provider_info"]["issuer"],
)
_client.store_registration_info(
ClientInfoResponse(**kwargs["client_registration"])
)
self.get_path(
kwargs["client_info"]["redirect_uris"],
kwargs["provider_info"]["issuer"],
)
elif _key_set == {"srv_discovery_url", "client_registration"}:
_client.provider_config(kwargs["srv_discovery_url"])
_client.store_registration_info(
ClientInfoResponse(**kwargs["client_registration"])
)
self.get_path(
kwargs["client_registration"]["redirect_uris"],
kwargs["srv_discovery_url"],
)
else:
raise Exception("Configuration error ?")
return client
def run(self):
if self.dynamic:
self.catch_exception(self.conv.entity.register, **self.req_args)
else:
self.conv.entity.store_registration_info(
ClientInfoResponse(**self.conf.INFO["registered"]))
def test_client_registration_update(self):
args = {
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/callback2"
],
"client_name":
"My Example Client",
"client_name#ja-Jpan-JP":
"\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\u540D",
"token_endpoint_auth_method":
"client_secret_basic",
"scope":
"read write dolphin",
}
request = RegistrationRequest(**args)
resp = self.provider.registration_endpoint(request=request.to_json(),
environ={})
_resp = ClientInfoResponse().from_json(resp.message)
update = {
"client_id":
_resp["client_id"],
"client_secret":
_resp["client_secret"],
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/alt"
],
"scope":
"read write dolphin",
"grant_types": ["authorization_code", "refresh_token"],
"token_endpoint_auth_method":
"client_secret_basic",
"jwks_uri":
"https://client.example.org/my_public_keys.jwks",
"client_name":
"My New Example",
"client_name#fr":
"Mon Nouvel Exemple",
}
update_req = RegistrationRequest(**update)
resp = self.provider.client_info_endpoint(
request=update_req.to_json(),
environ={
"HTTP_AUTHORIZATION":
"Bearer %s" % (_resp["registration_access_token"], )
},
method="PUT",
query="client_id=%s" % _resp["client_id"])
_resp_up = ClientInfoResponse().from_json(resp.message)
assert _resp_up["client_id"] == update["client_id"]
assert _resp_up["client_secret"] == update["client_secret"]
assert _resp_up["redirect_uris"] == update["redirect_uris"]
assert _resp_up["scope"] == update["scope"].split()
assert _resp_up["grant_types"] == update["grant_types"]
assert _resp_up["token_endpoint_auth_method"] == update[
"token_endpoint_auth_method"]
assert _resp_up["jwks_uri"] == update["jwks_uri"]
assert _resp_up["client_name"] == update["client_name"]
assert _resp_up["client_name#fr"] == update["client_name#fr"]