def test_authz_request():
example = "https://server.example.com/authorize?response_type=token%20id_token&client_id=0acf77d4-b486-4c99-bd76-074ed6a64ddf&redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb&scope=openid%20profile&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj"
req = AuthorizationRequest().deserialize(example.split("?")[1],
"urlencoded")
print req.keys()
assert _eq(req.keys(), ['nonce', 'state', 'redirect_uri', 'response_type',
'client_id', 'scope'])
assert req["response_type"] == ["token", "id_token"]
assert req["scope"] == ["openid", "profile"]
def test_authz_request():
example = "https://server.example.com/authorize?response_type=token%20id_token&client_id=0acf77d4-b486-4c99-bd76-074ed6a64ddf&redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb&scope=openid%20profile&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj"
req = AuthorizationRequest().deserialize(example.split("?")[1],
"urlencoded")
print req.keys()
assert _eq(req.keys(), ['nonce', 'state', 'redirect_uri', 'response_type',
'client_id', 'scope'])
assert req["response_type"] == ["token", "id_token"]
assert req["scope"] == ["openid", "profile"]
def test_request_info_simple(self):
self.client.authorization_endpoint = "https://example.com/authz"
uri, body, h_args, cis = self.client.request_info(AuthorizationRequest)
# default == "POST"
assert uri == "https://example.com/authz"
areq = AuthorizationRequest().from_urlencoded(body)
assert _eq(areq.keys(), ["nonce", "redirect_uri", "response_type", "client_id"])
assert h_args == {"headers": {"content-type": "application/x-www-form-urlencoded"}}
assert cis.type() == "AuthorizationRequest"
def test_request_info_simple_get(self):
uri, body, h_args, cis = self.client.request_info(AuthorizationRequest, method="GET")
(url, query) = uri.split("?")
areq = AuthorizationRequest().from_urlencoded(query)
assert _eq(areq.keys(), ["nonce", "redirect_uri", "response_type", "client_id"])
assert areq["redirect_uri"] == "http://client.example.com/authz"
assert body is None
assert h_args == {}
assert cis.type() == "AuthorizationRequest"
def test_request_info_with_req_and_extra_args(self):
# self.client.authorization_endpoint = "https://example.com/authz"
uri, body, h_args, cis = self.client.request_info(
AuthorizationRequest, method="GET", request_args={"state": "init"}, extra_args={"rock": "little"}
)
print uri
(url, query) = uri.split("?")
areq = AuthorizationRequest().from_urlencoded(query)
assert _eq(areq.keys(), ["nonce", "redirect_uri", "response_type", "client_id", "state", "rock"])
assert body is None
assert h_args == {}
assert cis.type() == "AuthorizationRequest"
def test_request_info_simple(self):
self.client.authorization_endpoint = "https://example.com/authz"
uri, body, h_args, cis = self.client.request_info(AuthorizationRequest,
request_args={"scope":["openid"],
"response_type":"token"})
# default == "POST"
assert uri == 'https://example.com/authz'
areq = AuthorizationRequest().from_urlencoded(body)
assert _eq(areq.keys(), ["nonce","redirect_uri","response_type",
"client_id", "scope"])
assert h_args == {'headers': {'content-type': 'application/x-www-form-urlencoded'}}
assert cis.type() == "AuthorizationRequest"
def test_deserialize(self):
query = "response_type=token%20id_token&client_id=0acf77d4-b486-4c99" \
"-bd76-074ed6a64ddf&redirect_uri=https%3A%2F%2Fclient.example" \
".com%2Fcb&scope=openid%20profile&state=af0ifjsldkj&nonce=n" \
"-0S6_WzA2Mj"
req = AuthorizationRequest().deserialize(query, "urlencoded")
assert _eq(req.keys(),
['nonce', 'state', 'redirect_uri', 'response_type',
'client_id', 'scope'])
assert req["response_type"] == ["token", "id_token"]
assert req["scope"] == ["openid", "profile"]
def test_deserialize(self):
query = "response_type=token%20id_token&client_id=0acf77d4-b486-4c99" \
"-bd76-074ed6a64ddf&redirect_uri=https%3A%2F%2Fclient.example" \
".com%2Fcb&scope=openid%20profile&state=af0ifjsldkj&nonce=n" \
"-0S6_WzA2Mj"
req = AuthorizationRequest().deserialize(query, "urlencoded")
assert _eq(req.keys(),
['nonce', 'state', 'redirect_uri', 'response_type',
'client_id', 'scope'])
assert req["response_type"] == ["token", "id_token"]
assert req["scope"] == ["openid", "profile"]
def test_request_info_simple_get(self):
uri, body, h_args, cis = self.client.request_info(
AuthorizationRequest, method="GET",
request_args={"scope": ["openid"], "response_type": "token"})
(url, query) = uri.split("?")
areq = AuthorizationRequest().from_urlencoded(query)
assert _eq(areq.keys(), ["nonce", "redirect_uri", "response_type",
"client_id", "scope", "state"])
assert areq["redirect_uri"] == "http://client.example.com/authz"
assert body is None
assert h_args == {}
assert cis.type() == "AuthorizationRequest"
def test_request_info_simple(self):
self.client.authorization_endpoint = "https://example.com/authz"
uri, body, h_args, cis = self.client.request_info(
AuthorizationRequest, request_args={"scope": ["openid"],
"response_type": "token"})
# default == "POST"
assert uri == 'https://example.com/authz'
areq = AuthorizationRequest().from_urlencoded(body)
assert _eq(areq.keys(), ["nonce", "state", "redirect_uri",
"response_type", "client_id", "scope"])
assert h_args == {'headers': {
'Content-type': 'application/x-www-form-urlencoded'}}
assert cis.type() == "AuthorizationRequest"
def test_request_info_simple_get_with_extra_args(self):
#self.client.authorization_endpoint = "https://example.com/authz"
uri, body, h_args, cis = self.client.request_info(
AuthorizationRequest, method="GET",
request_args={"scope": ["openid"], "response_type": "code"},
extra_args={"rock": "little"})
print uri
(url, query) = uri.split("?")
areq = AuthorizationRequest().from_urlencoded(query)
assert _eq(areq.keys(), ["redirect_uri", "response_type",
"client_id", "rock", "scope", "state"])
assert body is None
assert h_args == {}
assert cis.type() == "AuthorizationRequest"
# demand re-authentication
return self.authn(**authn_args)
else:
# I get back a dictionary
user = identity["uid"]
if req_user and req_user != user:
logger.debug("Wanted to be someone else!")
if "prompt" in areq and "none" in areq["prompt"]:
# Need to authenticate but not allowed
return self._redirect_authz_error("login_required",
redirect_uri)
else:
return self.authn(**authn_args)
logger.debug("- authenticated -")
logger.debug("AREQ keys: %s" % areq.keys())
try:
oidc_req = areq["request"]
except KeyError:
oidc_req = None
sid = self.sdb.create_authz_session(user, areq, oidreq=oidc_req)
return self.authz_part2(user, areq, sid)
def userinfo_in_id_token_claims(self, session):
"""
Put userinfo claims in the id token
:param session:
:return:
"""
