def test_end_session_endpoint_with_wrong_post_logout_redirect_uri(self): self._code_auth("1234567") self._code_auth2("abcdefg") id_token = self._auth_with_id_token("1234567") _sdb = self.session_endpoint.endpoint_context.sdb _sid = self._get_sid() cookie = self._create_cookie("diana", _sid, "1234567", "client_1") post_logout_redirect_uri = "https://demo.example.com/log_out" msg = Message(id_token=id_token) verify_id_token(msg, keyjar=self.session_endpoint.endpoint_context.keyjar) with pytest.raises(RedirectURIError): self.session_endpoint.process_request( { "post_logout_redirect_uri": post_logout_redirect_uri, "state": "abcde", "id_token_hint": id_token, verified_claim_name("id_token_hint"): msg[ verified_claim_name("id_token") ], }, cookie=cookie, )
def test_end_session_endpoint_with_wrong_post_logout_redirect_uri(self): _resp = self._code_auth("1234567") self._code_auth2("abcdefg") resp_args, _session_id = self._auth_with_id_token("1234567") id_token = resp_args["id_token"] cookie = self._create_cookie(_session_id) http_info = {"cookie": [cookie]} post_logout_redirect_uri = "https://demo.example.com/log_out" msg = Message(id_token=id_token) verify_id_token( msg, keyjar=self.session_endpoint.server_get("endpoint_context").keyjar) with pytest.raises(RedirectURIError): self.session_endpoint.process_request( { "post_logout_redirect_uri": post_logout_redirect_uri, "state": "abcde", "id_token_hint": id_token, verified_claim_name("id_token_hint"): msg[verified_claim_name("id_token")], }, http_info=http_info, )
def test_end_session_endpoint_with_cookie_wrong_user(self): # Need cookie and ID Token to figure this out id_token = self._auth_with_id_token("1234567") cookie = self._create_cookie("diggins", "_sid_", "1234567", "client_1") msg = Message(id_token=id_token) verify_id_token(msg, keyjar=self.session_endpoint.endpoint_context.keyjar) msg2 = Message(id_token_hint=id_token) msg2[verified_claim_name("id_token_hint")] = msg[ verified_claim_name("id_token") ] with pytest.raises(ValueError): self.session_endpoint.process_request(msg2, cookie=cookie)
def test_end_session_endpoint_with_cookie_id_token_and_unknown_sid(self): # Need cookie and ID Token to figure this out resp_args, _session_id = self._auth_with_id_token("1234567") id_token = resp_args["id_token"] _uid, _cid, _gid = self.session_manager.decrypt_session_id(_session_id) cookie = self._create_cookie( self.session_manager.session_key(_uid, "client_66", _gid)) http_info = {"cookie": [cookie]} msg = Message(id_token=id_token) verify_id_token( msg, keyjar=self.session_endpoint.server_get("endpoint_context").keyjar) msg2 = Message(id_token_hint=id_token) msg2[verified_claim_name("id_token_hint")] = msg[verified_claim_name( "id_token")] with pytest.raises(ValueError): self.session_endpoint.process_request(msg2, http_info=http_info)
def test_id_token_claims(self): _req = AUTH_REQ_DICT.copy() _req["claims"] = CLAIMS _req["response_type"] = "code id_token token" _req["nonce"] = "rnd_nonce" _pr_resp = self.endpoint.parse_request(_req) _resp = self.endpoint.process_request(_pr_resp) idt = verify_id_token(_resp["response_args"], keyjar=self.endpoint.endpoint_context.keyjar) assert idt # from claims assert "given_name" in _resp["response_args"]["__verified_id_token"] # from config assert "email" in _resp["response_args"]["__verified_id_token"]
def test_id_token_acr(self): _req = AUTH_REQ_DICT.copy() _req["claims"] = { "id_token": {"acr": {"value": "http://www.swamid.se/policy/assurance/al1"}} } _req["response_type"] = "code id_token token" _req["nonce"] = "rnd_nonce" _pr_resp = self.endpoint.parse_request(_req) _resp = self.endpoint.process_request(_pr_resp) res = verify_id_token( _resp["response_args"], keyjar=self.endpoint.endpoint_context.keyjar ) assert res res = _resp["response_args"][verified_claim_name("id_token")] assert res["acr"] == "http://www.swamid.se/policy/assurance/al1"
def test_id_token_claims(self): _req = AUTH_REQ_DICT.copy() _req["claims"] = CLAIMS _req["response_type"] = "code id_token token" _req["nonce"] = "rnd_nonce" _pr_resp = self.endpoint.parse_request(_req) _resp = self.endpoint.process_request(_pr_resp) idt = verify_id_token( _resp["response_args"], keyjar=self.endpoint.server_get("endpoint_context").keyjar, ) assert idt # from config assert "given_name" in _resp["response_args"]["__verified_id_token"] assert "nickname" in _resp["response_args"]["__verified_id_token"] # Could have gotten email but didn't ask for it assert "email" in _resp["response_args"]["__verified_id_token"]