async def test_introspect_token(make_mock_async_client):
openid_bearer = OIDCUser("openid_url", "id", "secret")
openid_bearer.openid_config = OIDCConfig.parse_obj(discovery)
mock_async_client = make_mock_async_client(user_info_matching)
result = await openid_bearer.introspect_token(mock_async_client,
access_token)
assert result == user_info_matching
mock_async_client.post.assert_called_once_with(
discovery["introspect_endpoint"],
auth=MockBasicAuth("id", "secret"),
headers={"Content-Type": "application/x-www-form-urlencoded"},
params={"token": access_token},
)
async def test_openid_config(make_mock_async_client):
openid_bearer = OIDCUser("openid_url", "id", "secret")
mock_async_client = make_mock_async_client(discovery)
await openid_bearer.check_openid_config(mock_async_client)
assert openid_bearer.openid_config == OIDCConfig.parse_obj(discovery)
mock_async_client.get.assert_called_once_with(
"openid_url/.well-known/openid-configuration")
from authlib.integrations.starlette_client import OAuth
from nwastdlib.url import URL
from oauth2_lib.fastapi import OIDCUser, opa_decision
from orchestrator.settings import oauth2_settings
oauth_client_credentials = OAuth()
well_known_endpoint = URL(oauth2_settings.OIDC_CONF_WELL_KNOWN_URL)
oauth_client_credentials.register(
"connext",
server_metadata_url=well_known_endpoint / ".well-known" /
"openid-configuration",
client_id=oauth2_settings.OAUTH2_RESOURCE_SERVER_ID,
client_secret=oauth2_settings.OAUTH2_RESOURCE_SERVER_SECRET,
request_token_params={"grant_type": "client_credentials"},
)
oidc_user = OIDCUser(
oauth2_settings.OIDC_CONF_WELL_KNOWN_URL,
oauth2_settings.OAUTH2_RESOURCE_SERVER_ID,
oauth2_settings.OAUTH2_RESOURCE_SERVER_SECRET,
enabled=oauth2_settings.OAUTH2_ACTIVE,
)
opa_security_default = opa_decision(oauth2_settings.OPA_URL,
oidc_user,
enabled=oauth2_settings.OAUTH2_ACTIVE)
