def test_complete_secret_auth():
consumer = Consumer(SessionDB(), CONFIG, CLIENT_CONFIG, SERVER_INFO)
mfos = MyFakeOICServer("http://localhost:8088")
mfos.keyjar = SRVKEYS
consumer.http_request = mfos.http_request
consumer.redirect_uris = ["http://example.com/authz"]
consumer.state = "state0"
consumer.nonce = rndstr()
consumer.client_secret = "hemlig"
consumer.secret_type = "basic"
del consumer.config["password"]
args = {
"client_id": consumer.client_id,
"response_type": "code",
"scope": ["openid"],
}
result = consumer.do_authorization_request(state=consumer.state,
request_args=args)
assert result.status_code == 302
assert result.headers["location"].startswith(consumer.redirect_uris[0])
_, query = result.headers["location"].split("?")
consumer.parse_response(AuthorizationResponse, info=query,
sformat="urlencoded")
resp = consumer.complete()
print resp
assert resp.type() == "AccessTokenResponse"
print resp.keys()
assert _eq(resp.keys(), ['token_type', 'state', 'access_token',
'scope', 'expires_in', 'refresh_token'])
assert resp["state"] == consumer.state
def setup_consumer(self):
client_id = "client_1"
client_config = {
"client_id": client_id,
"client_authn_method": CLIENT_AUTHN_METHOD,
# 'config': {}
}
self.consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
client_config, SERVER_INFO)
self.consumer.behaviour = {
"request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]
}
self.consumer.client_secret = "abcdefghijklmnop"
self.consumer.keyjar = CLIKEYS
self.consumer.redirect_uris = ["https://example.com/cb"]
self.consumer.authorization_endpoint = \
"http://example.com/authorization"
self.consumer.token_endpoint = "http://example.com/token"
self.consumer.userinfo_endpoint = "http://example.com/userinfo"
self.consumer.client_secret = "hemlig"
self.consumer.secret_type = "basic"
mfos = MyFakeOICServer("http://localhost:8088")
mfos.keyjar = SRVKEYS
self.consumer.http_request = mfos.http_request
def test_parse_authz(self):
mfos = MyFakeOICServer("http://localhost:8088")
mfos.keyjar = SRVKEYS
self.consumer.http_request = mfos.http_request
self.consumer.state = "state0"
self.consumer.nonce = rndstr()
args = {
"client_id": self.consumer.client_id,
"response_type": "code",
"scope": ["openid"],
}
result = self.consumer.do_authorization_request(
state=self.consumer.state, request_args=args)
print self.consumer.sdb.keys()
print self.consumer.sdb["state0"].keys()
part = self.consumer.parse_authz(query=result.headers["location"])
print part
atr = part[0]
assert part[1] is None
assert part[2] is None
assert atr.type() == "AuthorizationResponse"
assert atr["state"] == "state0"
assert "code" in atr
def test_provider_config(self):
c = Consumer(None, None)
mfos = MyFakeOICServer("http://example.com")
mfos.keyjar = SRVKEYS
c.http_request = mfos.http_request
principal = "*****@*****.**"
res = c.discover(principal)
info = c.provider_config(res)
assert isinstance(info, ProviderConfigurationResponse)
assert _eq(info.keys(), ['registration_endpoint', 'jwks_uri',
'check_session_endpoint',
'refresh_session_endpoint',
'register_endpoint',
'subject_types_supported',
'token_endpoint_auth_methods_supported',
'id_token_signing_alg_values_supported',
'grant_types_supported', 'user_info_endpoint',
'claims_parameter_supported',
'request_parameter_supported',
'discovery_endpoint', 'issuer',
'authorization_endpoint', 'scopes_supported',
'require_request_uri_registration',
'identifiers_supported', 'token_endpoint',
'request_uri_parameter_supported', 'version',
'response_types_supported',
'end_session_endpoint', 'flows_supported'])
assert info["end_session_endpoint"] == "http://example.com/end_session"
def setup_consumer(self):
client_id = "client_1"
client_config = {
"client_id": client_id,
"client_authn_method": CLIENT_AUTHN_METHOD,
# 'config': {}
}
self.consumer = Consumer(SessionDB(SERVER_INFO["issuer"]),
CONFIG, client_config, SERVER_INFO)
self.consumer.behaviour = {
"request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]}
self.consumer.client_secret = "abcdefghijklmnop"
self.consumer.keyjar = CLIKEYS
self.consumer.redirect_uris = ["https://example.com/cb"]
self.consumer.authorization_endpoint = \
"http://example.com/authorization"
self.consumer.token_endpoint = "http://example.com/token"
self.consumer.userinfo_endpoint = "http://example.com/userinfo"
self.consumer.client_secret = "hemlig"
self.consumer.secret_type = "basic"
mfos = MyFakeOICServer("http://localhost:8088")
mfos.keyjar = SRVKEYS
self.consumer.http_request = mfos.http_request
def test_parse_authz_implicit(self):
mfos = MyFakeOICServer("http://localhost:8088")
mfos.keyjar = SRVKEYS
self.consumer.http_request = mfos.http_request
self.consumer.config["response_type"] = ["token"]
_state = "statxxx"
args = {
"client_id": self.consumer.client_id,
"response_type": "implicit",
"scope": ["openid"],
"redirect_uri": "http://localhost:8088/cb"
}
result = self.consumer.do_authorization_request(state=_state,
request_args=args)
part = self.consumer.parse_authz(query=result.headers["location"])
print part
assert part[0] is None
atr = part[1]
assert part[2] is None
assert atr.type() == "AccessTokenResponse"
assert atr["state"] == _state
assert "access_token" in atr
def test_parse_authz(self):
mfos = MyFakeOICServer("http://localhost:8088")
mfos.keyjar = SRVKEYS
self.consumer.http_request = mfos.http_request
_state = "state0"
self.consumer.nonce = rndstr()
args = {
"client_id": self.consumer.client_id,
"response_type": "code",
"scope": ["openid"],
}
result = self.consumer.do_authorization_request(state=_state,
request_args=args)
print self.consumer.sdb["state0"].keys()
part = self.consumer.parse_authz(query=result.headers["location"])
print part
atr = part[0]
assert part[1] is None
assert part[2] is None
assert atr.type() == "AuthorizationResponse"
assert atr["state"] == _state
assert "code" in atr
def test_userinfo():
consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
CLIENT_CONFIG, SERVER_INFO)
consumer.keyjar = CLIKEYS
mfos = MyFakeOICServer("http://localhost:8088")
mfos.keyjar = SRVKEYS
consumer.http_request = mfos.http_request
consumer.redirect_uris = ["http://example.com/authz"]
_state = "state0"
consumer.nonce = rndstr()
consumer.secret_type = "basic"
consumer.set_client_secret("hemligt")
consumer.keyjar = CLIKEYS
args = {
"client_id": consumer.client_id,
"response_type": "code",
"scope": ["openid"],
}
result = consumer.do_authorization_request(state=_state, request_args=args)
assert result.status_code == 302
assert result.headers["location"].startswith(consumer.redirect_uris[0])
_, query = result.headers["location"].split("?")
consumer.parse_response(AuthorizationResponse,
info=query,
sformat="urlencoded")
consumer.complete(_state)
result = consumer.get_user_info(_state)
print result
assert result.type() == "OpenIDSchema"
assert _eq(result.keys(), ['name', 'email', 'verified', 'nickname', 'sub'])
def test_complete_secret_auth():
consumer = Consumer(SessionDB(), CONFIG, CLIENT_CONFIG, SERVER_INFO)
mfos = MyFakeOICServer("http://localhost:8088")
mfos.keyjar = SRVKEYS
consumer.http_request = mfos.http_request
consumer.redirect_uris = ["http://example.com/authz"]
consumer.state = "state0"
consumer.nonce = rndstr()
consumer.client_secret = "hemlig"
consumer.secret_type = "basic"
del consumer.config["password"]
args = {
"client_id": consumer.client_id,
"response_type": "code",
"scope": ["openid"],
}
result = consumer.do_authorization_request(state=consumer.state,
request_args=args)
assert result.status_code == 302
assert result.headers["location"].startswith(consumer.redirect_uris[0])
_, query = result.headers["location"].split("?")
consumer.parse_response(AuthorizationResponse, info=query,
sformat="urlencoded")
resp = consumer.complete()
print resp
assert resp.type() == "AccessTokenResponse"
print resp.keys()
assert _eq(resp.keys(), ['token_type', 'state', 'access_token',
'scope', 'expires_in', 'refresh_token'])
assert resp["state"] == consumer.state
def test_provider_config():
c = Consumer(None, None)
mfos = MyFakeOICServer("http://example.com")
mfos.keyjar = SRVKEYS
c.http_request = mfos.http_request
principal = "*****@*****.**"
res = c.discover(principal)
info = c.provider_config(res)
assert info.type() == "ProviderConfigurationResponse"
print info.keys()
assert _eq(info.keys(), [
'registration_endpoint', 'jwks_uri', 'check_session_endpoint',
'refresh_session_endpoint', 'register_endpoint',
'subject_types_supported', 'token_endpoint_auth_methods_supported',
'id_token_signing_alg_values_supported', 'grant_types_supported',
'user_info_endpoint', 'claims_parameter_supported',
'request_parameter_supported', 'discovery_endpoint', 'issuer',
'authorization_endpoint', 'scopes_supported',
'require_request_uri_registration', 'identifiers_supported',
'token_endpoint', 'request_uri_parameter_supported', 'version',
'response_types_supported', 'end_session_endpoint', 'flows_supported'
])
assert info["end_session_endpoint"] == "http://example.com/end_session"
def test_userinfo():
consumer = Consumer(SessionDB(), CONFIG, CLIENT_CONFIG, SERVER_INFO)
consumer.keyjar = CLIKEYS
mfos = MyFakeOICServer("http://localhost:8088")
mfos.keyjar = SRVKEYS
consumer.http_request = mfos.http_request
consumer.redirect_uris = ["http://example.com/authz"]
consumer.state = "state0"
consumer.nonce = rndstr()
consumer.secret_type = "basic"
consumer.set_client_secret("hemligt")
consumer.keyjar = CLIKEYS
args = {
"client_id": consumer.client_id,
"response_type": "code",
"scope": ["openid"],
}
result = consumer.do_authorization_request(state=consumer.state,
request_args=args)
assert result.status_code == 302
assert result.headers["location"].startswith(consumer.redirect_uris[0])
_, query = result.headers["location"].split("?")
consumer.parse_response(AuthorizationResponse, info=query,
sformat="urlencoded")
consumer.complete()
result = consumer.get_user_info()
print result
assert result.type() == "OpenIDSchema"
assert _eq(result.keys(), ['name', 'email', 'verified', 'nickname', 'sub'])
def test_parse_authz_implicit(self):
mfos = MyFakeOICServer("http://localhost:8088")
mfos.keyjar = SRVKEYS
self.consumer.http_request = mfos.http_request
self.consumer.config["response_type"] = ["token"]
_state = "statxxx"
args = {
"client_id": self.consumer.client_id,
"response_type": "implicit",
"scope": ["openid"],
"redirect_uri": "http://localhost:8088/cb"
}
result = self.consumer.do_authorization_request(
state=_state, request_args=args)
part = self.consumer.parse_authz(query=result.headers["location"])
print part
assert part[0] is None
atr = part[1]
assert part[2] is None
assert atr.type() == "AccessTokenResponse"
assert atr["state"] == _state
assert "access_token" in atr
def test_discover(self):
c = Consumer(None, None)
mfos = MyFakeOICServer("https://*****:*****@example.com"
res = c.discover(principal)
assert res == "https://localhost:8088/"
def test_discover(self):
c = Consumer(None, None)
mfos = MyFakeOICServer("http://*****:*****@example.com"
res = c.discover(principal)
assert res == "http://localhost:8088/"
def test_complete_auth_token_idtoken():
consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
CLIENT_CONFIG, SERVER_INFO)
consumer.keyjar = CLIKEYS
mfos = MyFakeOICServer("http://localhost:8088")
mfos.keyjar = SRVKEYS
consumer.http_request = mfos.http_request
consumer.redirect_uris = ["http://example.com/authz"]
_state = "state0"
consumer.nonce = rndstr()
consumer.client_secret = "hemlig"
consumer.secret_type = "basic"
consumer.config["response_type"] = ["id_token", "token"]
consumer.registration_response = {
"id_token_signed_response_alg": "RS256",
}
consumer.provider_info = {"issuer": "http://localhost:8088/"} # abs min
consumer.authz_req = {} # Store AuthzReq with state as key
args = {
"client_id": consumer.client_id,
"response_type": consumer.config["response_type"],
"scope": ["openid"],
}
result = consumer.do_authorization_request(state=_state, request_args=args)
# consumer._backup("state0")
assert result.status_code == 302
#assert result.location.startswith(consumer.redirect_uri[0])
_, query = result.headers["location"].split("?")
print query
part = consumer.parse_authz(query=query,
algs=consumer.sign_enc_algs("id_token"))
print part
auth = part[0]
atr = part[1]
assert part[2] is None
#print auth.dictionary()
#print acc.dictionary()
assert auth is None
assert atr.type() == "AccessTokenResponse"
assert _eq(atr.keys(), [
'access_token', 'id_token', 'expires_in', 'token_type', 'state',
'scope'
])
consumer.verify_id_token(atr["id_token"], consumer.authz_req[atr["state"]])
def test_complete_auth_token_idtoken():
consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
CLIENT_CONFIG, SERVER_INFO)
consumer.keyjar = CLIKEYS
mfos = MyFakeOICServer("http://localhost:8088")
mfos.keyjar = SRVKEYS
consumer.http_request = mfos.http_request
consumer.redirect_uris = ["http://example.com/authz"]
_state = "state0"
consumer.nonce = rndstr()
consumer.client_secret = "hemlig"
consumer.secret_type = "basic"
consumer.config["response_type"] = ["id_token", "token"]
consumer.registration_response = {
"id_token_signed_response_alg": "RS256",
}
consumer.provider_info = {"issuer": "http://localhost:8088/"} # abs min
consumer.authz_req = {} # Store AuthzReq with state as key
args = {
"client_id": consumer.client_id,
"response_type": consumer.config["response_type"],
"scope": ["openid"],
}
result = consumer.do_authorization_request(state=_state,
request_args=args)
# consumer._backup("state0")
assert result.status_code == 302
#assert result.location.startswith(consumer.redirect_uri[0])
_, query = result.headers["location"].split("?")
print query
part = consumer.parse_authz(query=query,
algs=consumer.sign_enc_algs("id_token"))
print part
auth = part[0]
atr = part[1]
assert part[2] is None
#print auth.dictionary()
#print acc.dictionary()
assert auth is None
assert atr.type() == "AccessTokenResponse"
assert _eq(atr.keys(), ['access_token', 'id_token', 'expires_in',
'token_type', 'state', 'scope'])
consumer.verify_id_token(atr["id_token"], consumer.authz_req[atr["state"]])
def create_client(self):
self.redirect_uri = "http://example.com/redirect"
self.client = Client(CLIENT_ID, client_authn_method=CLIENT_AUTHN_METHOD)
self.client.redirect_uris = [self.redirect_uri]
self.client.authorization_endpoint = "http://example.com/authorization"
self.client.token_endpoint = "http://example.com/token"
self.client.userinfo_endpoint = "http://example.com/userinfo"
self.client.check_session_endpoint = "https://example.com/check_session"
self.client.client_secret = "abcdefghijklmnop"
self.client.keyjar[""] = KC_RSA
self.client.behaviour = {
"request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]}
mfos = MyFakeOICServer()
mfos.keyjar = KEYJ
self.client.http_request = mfos.http_request
def test_sign_userinfo():
consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
CLIENT_CONFIG, SERVER_INFO)
consumer.keyjar = CLIKEYS
mfos = MyFakeOICServer("http://localhost:8088")
mfos.keyjar = SRVKEYS
mfos.userinfo_signed_response_alg = "RS256"
consumer.http_request = mfos.http_request
consumer.redirect_uris = ["http://example.com/authz"]
_state = "state0"
consumer.nonce = rndstr()
consumer.secret_type = "basic"
consumer.set_client_secret("hemligt")
consumer.keyjar = CLIKEYS
consumer.client_prefs = {"userinfo_signed_response_alg": "RS256"}
consumer.provider_info = {
"userinfo_endpoint": "http://localhost:8088/userinfo",
"issuer": "http://localhost:8088/"}
del consumer.config["request_method"]
args = {
"client_id": consumer.client_id,
"response_type": "code",
"scope": ["openid"],
}
sid, location = consumer.begin("openid", "code")
print location
result = consumer.do_authorization_request(state=_state,
request_args=args)
assert result.status_code == 302
assert result.headers["location"].startswith(consumer.redirect_uris[0])
_, query = result.headers["location"].split("?")
consumer.parse_response(AuthorizationResponse, info=query,
sformat="urlencoded")
consumer.complete(_state)
result = consumer.get_user_info(_state)
print result
assert result.type() == "OpenIDSchema"
assert _eq(result.keys(), ['name', 'email', 'verified', 'nickname', 'sub'])
def create_client(self):
self.redirect_uri = "http://example.com/redirect"
self.client = Client(CLIENT_ID,
client_authn_method=CLIENT_AUTHN_METHOD)
self.client.redirect_uris = [self.redirect_uri]
self.client.authorization_endpoint = "http://example.com/authorization"
self.client.token_endpoint = "http://example.com/token"
self.client.userinfo_endpoint = "http://example.com/userinfo"
self.client.check_session_endpoint = "https://example.com/check_session"
self.client.client_secret = "abcdefghijklmnop"
self.client.keyjar[""] = KC_RSA
self.client.behaviour = {
"request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]
}
mfos = MyFakeOICServer()
mfos.keyjar = KEYJ
self.client.http_request = mfos.http_request
def test_complete_auth_token():
consumer = Consumer(SessionDB(SERVER_INFO["issuer"]), CONFIG,
CLIENT_CONFIG, SERVER_INFO)
mfos = MyFakeOICServer("http://localhost:8088")
mfos.keyjar = SRVKEYS
consumer.http_request = mfos.http_request
consumer.redirect_uris = ["http://example.com/authz"]
_state = "state0"
consumer.nonce = rndstr()
consumer.client_secret = "hemlig"
consumer.secret_type = "basic"
consumer.config["response_type"] = ["code", "token"]
args = {
"client_id": consumer.client_id,
"response_type": consumer.config["response_type"],
"scope": ["openid"],
}
result = consumer.do_authorization_request(state=_state, request_args=args)
consumer._backup("state0")
assert result.status_code == 302
# assert result.location.startswith(consumer.redirect_uri[0])
_, query = result.headers["location"].split("?")
print query
part = consumer.parse_authz(query=query)
print part
auth = part[0]
acc = part[1]
assert part[2] is None
#print auth.dictionary()
#print acc.dictionary()
assert auth.type() == "AuthorizationResponse"
assert acc.type() == "AccessTokenResponse"
print auth.keys()
assert _eq(auth.keys(), [
'code', 'access_token', 'expires_in', 'token_type', 'state', 'scope',
'refresh_token'
])
assert _eq(acc.keys(), [
'token_type', 'state', 'access_token', 'scope', 'expires_in',
'refresh_token'
])
def test_client_register():
c = Consumer(None, None)
c.application_type = "web"
c.application_name = "My super service"
c.redirect_uris = ["http://example.com/authz"]
c.contact = ["*****@*****.**"]
mfos = MyFakeOICServer("http://example.com")
mfos.keyjar = SRVKEYS
c.http_request = mfos.http_request
location = c.discover("*****@*****.**")
info = c.provider_config(location)
c.register(info["registration_endpoint"])
assert c.client_id is not None
assert c.client_secret is not None
assert c.registration_expires > utc_time_sans_frac()
def test_client_register(self):
c = Consumer(None, None)
c.application_type = "web"
c.application_name = "My super service"
c.redirect_uris = ["http://example.com/authz"]
c.contact = ["*****@*****.**"]
mfos = MyFakeOICServer("http://example.com")
mfos.keyjar = SRVKEYS
c.http_request = mfos.http_request
location = c.discover("*****@*****.**")
info = c.provider_config(location)
c.register(info["registration_endpoint"])
assert c.client_id is not None
assert c.client_secret is not None
assert c.registration_expires > utc_time_sans_frac()
def test_complete_auth_token():
consumer = Consumer(SessionDB(), CONFIG, CLIENT_CONFIG, SERVER_INFO)
mfos = MyFakeOICServer("http://localhost:8088")
mfos.keyjar = SRVKEYS
consumer.http_request = mfos.http_request
consumer.redirect_uris = ["http://example.com/authz"]
consumer.state = "state0"
consumer.nonce = rndstr()
consumer.client_secret = "hemlig"
consumer.secret_type = "basic"
consumer.config["response_type"] = ["code", "token"]
args = {
"client_id": consumer.client_id,
"response_type": consumer.config["response_type"],
"scope": ["openid"],
}
result = consumer.do_authorization_request(state=consumer.state,
request_args=args)
consumer._backup("state0")
assert result.status_code == 302
#assert result.location.startswith(consumer.redirect_uri[0])
_, query = result.headers["location"].split("?")
print query
environ = redirect_environment(query)
part = consumer.parse_authz(environ, start_response)
print part
auth = part[0]
acc = part[1]
assert part[2] is None
#print auth.dictionary()
#print acc.dictionary()
assert auth.type() == "AuthorizationResponse"
assert acc.type() == "AccessTokenResponse"
print auth.keys()
assert _eq(auth.keys(), ['nonce', 'code', 'access_token', 'expires_in',
'token_type', 'state', 'scope', 'refresh_token'])
assert _eq(acc.keys(), ['token_type', 'state', 'access_token', 'scope',
'expires_in', 'refresh_token'])
def test_do_authorization_request(self):
self.client.grant = {}
self.client.redirect_uris = ["https://www.example.com/authz"]
self.client.authorization_endpoint = "http://oic.example.org/authorization"
self.client.client_id = "a1b2c3"
self.client.state = "state0"
mfos = MyFakeOICServer()
mfos.keyjar = KEYJ
self.client.http_request = mfos.http_request
args = {"response_type":["code"],
"scope": ["openid"]}
result = self.client.do_authorization_request(state=self.client.state,
request_args=args)
assert result.status_code == 302
_loc = result.headers["location"]
assert _loc.startswith(self.client.redirect_uris[0])
_, query = _loc.split("?")
self.client.parse_response(AuthorizationResponse, info=query,
sformat="urlencoded")
def test_complete(self):
mfos = MyFakeOICServer("http://localhost:8088")
mfos.keyjar = SRVKEYS
self.consumer.http_request = mfos.http_request
_state = "state0"
self.consumer.nonce = rndstr()
self.consumer.redirect_uris = ["https://example.com/cb"]
args = {
"client_id": self.consumer.client_id,
"response_type": "code",
"scope": ["openid"],
}
result = self.consumer.do_authorization_request(state=_state,
request_args=args)
assert result.status_code == 302
print "redirect_uris", self.consumer.redirect_uris
print result.headers["location"]
assert result.headers["location"].startswith(
self.consumer.redirect_uris[0])
_, query = result.headers["location"].split("?")
# vkeys = {".": self.consumer.keyjar.get_verify_key()}
self.consumer.parse_response(AuthorizationResponse,
info=query,
sformat="urlencoded")
resp = self.consumer.complete(_state)
print resp
assert resp.type() == "AccessTokenResponse"
print resp.keys()
assert _eq(resp.keys(), [
'token_type', 'state', 'access_token', 'scope', 'expires_in',
'refresh_token'
])
assert resp["state"] == _state
def test_do_authorization_request(self):
self.client.grant = {}
self.client.redirect_uris = ["https://www.example.com/authz"]
self.client.authorization_endpoint = \
"http://oic.example.org/authorization"
self.client.client_id = "a1b2c3"
self.client.state = "state0"
mfos = MyFakeOICServer()
mfos.keyjar = KEYJ
self.client.http_request = mfos.http_request
args = {"response_type": ["code"], "scope": ["openid"]}
result = self.client.do_authorization_request(state=self.client.state,
request_args=args)
assert result.status_code == 302
_loc = result.headers["location"]
assert _loc.startswith(self.client.redirect_uris[0])
_, query = _loc.split("?")
self.client.parse_response(AuthorizationResponse,
info=query,
sformat="urlencoded")
def test_complete(self):
mfos = MyFakeOICServer("http://localhost:8088")
mfos.keyjar = SRVKEYS
self.consumer.http_request = mfos.http_request
self.consumer.state = "state0"
self.consumer.nonce = rndstr()
self.consumer.redirect_uris = ["https://example.com/cb"]
args = {
"client_id": self.consumer.client_id,
"response_type": "code",
"scope": ["openid"],
}
result = self.consumer.do_authorization_request(
state=self.consumer.state, request_args=args)
assert result.status_code == 302
print "redirect_uris", self.consumer.redirect_uris
print result.headers["location"]
assert result.headers["location"].startswith(
self.consumer.redirect_uris[0])
_, query = result.headers["location"].split("?")
#vkeys = {".": self.consumer.keyjar.get_verify_key()}
self.consumer.parse_response(AuthorizationResponse, info=query,
sformat="urlencoded")
resp = self.consumer.complete()
print resp
assert resp.type() == "AccessTokenResponse"
print resp.keys()
assert _eq(resp.keys(), ['token_type', 'state', 'access_token',
'scope', 'expires_in', 'refresh_token'])
assert resp["state"] == self.consumer.state
def test_provider_config():
c = Consumer(None, None)
mfos = MyFakeOICServer("http://example.com")
mfos.keyjar = SRVKEYS
c.http_request = mfos.http_request
principal = "*****@*****.**"
res = c.discover(principal)
info = c.provider_config(res)
assert info.type() == "ProviderConfigurationResponse"
print info.keys()
assert _eq(info.keys(), ['registration_endpoint', u'check_session_endpoint',
u'refresh_session_endpoint', 'scopes_supported',
'subject_types_supported',
'token_endpoint_auth_methods_supported',
'id_token_signing_alg_values_supported',
u'flows_supported', 'version',
u'identifiers_supported', u'user_info_endpoint',
'response_types_supported', 'end_session_endpoint',
'authorization_endpoint', u'discovery_endpoint',
'token_endpoint', 'x509_url', 'issuer'])
assert info["end_session_endpoint"] == "http://example.com/end_session"
from oic.oic.consumer import Consumer
from oic.utils.keyio import KeyChain, KeyJar
__author__ = 'rohe0002'
from fakeoicsrv import MyFakeOICServer
CLIENT_SECRET = "abcdefghijklmnop"
CLIENT_ID = "client_1"
RSAPUB = "../oc3/certs/mycert.key"
KC_HMAC_VS = KeyChain({"hmac": CLIENT_SECRET}, usage=["ver", "sig"])
KC_RSA = KeyChain(source="file://%s" % RSAPUB, type="rsa", usage=["ver", "sig"])
KC_HMAC_S = KeyChain({"hmac": CLIENT_SECRET}, usage=["sig"])
SRVKEYS = KeyJar()
SRVKEYS[""] = [KC_RSA]
SRVKEYS["client_1"] = [KC_HMAC_VS, KC_RSA]
c = Consumer(None, None)
mfos = MyFakeOICServer("http://example.com")
mfos.keyjar = SRVKEYS
c.http_request = mfos.http_request
principal = "*****@*****.**"
res = c.discover(principal)
info = c.provider_config(res)
assert info.type() == "ProviderConfigurationResponse"