def test_back_channel_logout_request():
    val = {
        "iss": ISS,
        "aud": [CLIENT_ID],
        "iat": NOW,
        "jti": "bWJq",
        "sid": "08a5019c-17e1-4977-8f42-65a12843ea02",
        "events": {
            BACK_CHANNEL_LOGOUT_EVENT: {}
        }
    }
    lt = LogoutToken(**val)
    signer = JWS(lt.to_json(), alg='ES256')
    _jws = signer.sign_compact(keys=ISS_KEY.get_signing_key(issuer_id=ISS))

    bclr = BackChannelLogoutRequest(logout_token=_jws)

    # This is how it is posted
    _req = bclr.to_urlencoded()

    _request = BackChannelLogoutRequest().from_urlencoded(_req)

    assert 'logout_token' in _request

    _verified = _request.verify(keyjar=CLI_KEY,
                                iss=ISS,
                                aud=CLIENT_ID,
                                skew=30)

    assert _verified
    assert set(_request.keys()) == {'logout_token', '__verified_logout_token'}
def test_logout_token_7():
    val = {
        "iss": ISS,
        "aud": [CLIENT_ID],
        "iat": NOW,
        "jti": "bWJq",
        "events": {BACK_CHANNEL_LOGOUT_EVENT: {}, "http://schemas.openid.net/event/foo": {}},
    }
    lt = LogoutToken(**val)
    with pytest.raises(ValueError):
        lt.verify()
def test_logout_token_5():
    val = {
        "iss": ISS,
        "aud": [CLIENT_ID],
        "iat": NOW,
        "jti": "bWJq",
        "events": {BACK_CHANNEL_LOGOUT_EVENT: {"foo": "bar"}},
    }
    lt = LogoutToken(**val)
    with pytest.raises(ValueError):
        lt.verify()
def test_logout_token_3():
    val = {
        "iss": ISS,
        "aud": [CLIENT_ID],
        "iat": NOW,
        "jti": "bWJq",
        "sid": "08a5019c-17e1-4977-8f42-65a12843ea02",
        "events": {BACK_CHANNEL_LOGOUT_EVENT: {}},
    }
    lt = LogoutToken(**val)
    assert lt.verify()
def test_logout_token_2():
    val = {
        "iss": ISS,
        "sub": "248289761001",
        "aud": [CLIENT_ID],
        "iat": NOW,
        "jti": "bWJq",
        "events": {BACK_CHANNEL_LOGOUT_EVENT: {}},
    }
    lt = LogoutToken(**val)
    assert lt.verify()
def test_logout_token_with_nonce():
    val = {
        "iss": ISS,
        "aud": [CLIENT_ID],
        "iat": NOW,
        "jti": "bWJq",
        "sid": "08a5019c-17e1-4977-8f42-65a12843ea02",
        "events": {BACK_CHANNEL_LOGOUT_EVENT: {}},
        "nonce": "1234567890",
    }
    lt = LogoutToken(**val)
    with pytest.raises(MessageException):
        lt.verify()
def test_logout_token_wrong_iss():
    val = {
        "iss": ISS,
        "aud": [CLIENT_ID],
        "iat": NOW,
        "jti": "bWJq",
        "sid": "08a5019c-17e1-4977-8f42-65a12843ea02",
        "events": {BACK_CHANNEL_LOGOUT_EVENT: {}},
    }
    lt = LogoutToken(**val)
    with pytest.raises(NotForMe):
        lt.verify(iss="deep_purple")

    lt.verify(iss=ISS)
def test_logout_token_wrong_iat():
    val = {
        "iss": ISS,
        "aud": [CLIENT_ID],
        "iat": NOW + 10,
        "jti": "bWJq",
        "sid": "08a5019c-17e1-4977-8f42-65a12843ea02",
        "events": {BACK_CHANNEL_LOGOUT_EVENT: {}},
    }
    lt = LogoutToken(**val)
    with pytest.raises(ValueError):
        lt.verify()

    # Within allowed clock skew
    lt.verify(skew=60)