def validate_claims(self, id_token, params): jwt = JWT() claims = jwt.decode(id_token, 'secret', claims_cls=HybridIDToken, claims_params=params) claims.validate()
def validate_claims(self, id_token, params): jwt = JWT(['HS256']) claims = jwt.decode(id_token, 'secret', claims_cls=ImplicitIDToken, claims_params=params) claims.validate()
def _jwt_encode(alg, payload, key): jwt = JWT(algorithms=alg) header = {'alg': alg} if isinstance(key, dict): # JWK set format if 'keys' in key: key = random.choice(key['keys']) header['kid'] = key['kid'] elif 'kid' in key: header['kid'] = key['kid'] return to_native(jwt.encode(header, payload, key))
def test_init_algorithms(self): _jwt = JWT(['RS256']) self.assertRaises( UnsupportedAlgorithmError, _jwt.encode, {'alg': 'HS256'}, {}, 'k' ) _jwt = JWT('RS256') self.assertRaises( UnsupportedAlgorithmError, _jwt.encode, {'alg': 'HS256'}, {}, 'k' )
class TestJwt: """ Class to create JSON Web Tokens (JWTs) for testing purposes Supports generating tokens with a set of requested scopes (as either Azure 'roles' or 'scp's) using a testing signing key generated by the TestJwk class. Values for the `aud`, `iss` and `azp` claims in the payload come from the current Flask application. """ _jwt = JWT() def __init__(self, *, app: App, roles: list = None, scps: list = None): """ :type app: App :type app: Flask application :type roles: list :param scps: Optional scopes to include in the token (as a 'roles' claim) for testing authorisation :type roles: list :param scps: Optional scopes to include in the token (as a 'scp' claim) for testing authorisation """ self.signing_key = app.config["TEST_JWKS"] self.header = { "alg": self.signing_key.algorithm, "kid": self.signing_key.kid() } self.payload = { "aud": app.config["AZURE_OAUTH_APPLICATION_ID"] or "testing", "exp": int(time.time() + 10000), "iat": int(time.time()), "iss": f"https://login.microsoftonline.com/{ app.config['AZURE_OAUTH_TENANCY'] or 'testing' }/v2.0", "nbf": int(time.time()), "sub": None, "azp": app.config["AZURE_OAUTH_CLIENT_APPLICATION_IDS"][0] or "testing", } self.scopes = set() if roles is not None: self.scopes.update(set(roles)) self.payload["roles"] = " ".join(roles) if scps is not None: self.scopes.update(set(scps)) self.payload["scp"] = " ".join(scps) def dumps(self) -> str: """ Returns a signed/issued JWT encoded as a string for exchange :rtype str :return: Signed JWT """ return self._jwt.encode(self.header, self.payload, self.signing_key.private_key_pem()).decode()
def test_authorize_token(self): # generate refresh token self.prepare_data() rv = self.client.post('/oauth/authorize', data={ 'response_type': 'code', 'client_id': 'code-client', 'state': 'bar', 'scope': 'openid profile', 'redirect_uri': 'https://a.b', 'user_id': '1' }) self.assertIn('code=', rv.location) params = dict(url_decode(urlparse.urlparse(rv.location).query)) self.assertEqual(params['state'], 'bar') code = params['code'] headers = self.create_basic_header('code-client', 'code-secret') rv = self.client.post('/oauth/token', data={ 'grant_type': 'authorization_code', 'redirect_uri': 'https://a.b', 'code': code, }, headers=headers) resp = json.loads(rv.data) self.assertIn('access_token', resp) self.assertIn('id_token', resp) jwt = JWT() claims = jwt.decode(resp['id_token'], self.get_validate_key(), claims_cls=CodeIDToken, claims_options={'iss': { 'value': 'Authlib' }}) claims.validate()
class TestJwt: """ Class to create JSON Web Tokens (JWTs) for testing purposes Supports generating tokens with a set of requested scopes using a testing signing key generated by the TestJwk class. Values for the `aud`, `iss` and `azp` claims in the payment will values from the current Flask application. """ _jwt = JWT() def __init__(self, *, app: App, scopes: list = None): """ :type app: App :type app: Flask application :type scopes: list :param scopes: Optional scopes to include in the token (as a 'roles' claim) for testing authorisation """ self.signing_key = app.config['TEST_JWKS'] self.header = { 'alg': self.signing_key.algorithm, 'kid': self.signing_key.kid() } self.payload = { 'aud': app.config['AZURE_OAUTH_APPLICATION_ID'] or 'testing', 'exp': int(time.time() + 10000), 'iat': int(time.time()), 'iss': f"https://login.microsoftonline.com/{ app.config['AZURE_OAUTH_TENANCY'] or 'testing' }/v2.0", 'nbf': int(time.time()), 'sub': None, 'azp': app.config['AZURE_OAUTH_CLIENT_APPLICATION_IDS'][0] or 'testing' } if scopes is not None: self.payload['roles'] = ' '.join(scopes) def dumps(self) -> str: """ Returns a signed/issued JWT encoded as a string for exchange :rtype str :return: Signed JWT """ return self._jwt.encode(self.header, self.payload, self.signing_key.private_key_pem()).decode()