def test_access_and_id_token_by_reference(self, httpserver):
        res = self.rph.begin(issuer_id='github')
        _session = self.rph.get_session_information(res['state'])
        client = self.rph.issuer2rp[_session['iss']]
        _nonce = _session['auth_request']['nonce']
        _iss = _session['iss']
        _aud = client.client_id
        idval = {'nonce': _nonce, 'sub': 'EndUserSubject', 'iss': _iss,
                 'aud': _aud}

        idts = IdToken(**idval)
        _signed_jwt = idts.to_jwt(
            key=client.service_context.keyjar.get_signing_key('oct'),
            algorithm="HS256", lifetime=300)

        _info = {"access_token": "accessTok", "id_token": _signed_jwt,
                 "token_type": "Bearer", "expires_in": 3600}

        at = AccessTokenResponse(**_info)
        httpserver.serve_content(at.to_json())
        client.service['accesstoken'].endpoint = httpserver.url

        _response = AuthorizationResponse(code='access_code',
                                          state=res['state'])
        auth_response = self.rph.finalize_auth(client, _session['iss'],
                                               _response.to_dict())
        resp = self.rph.get_access_and_id_token(state=res['state'])
        assert resp['access_token'] == 'accessTok'
        assert isinstance(resp['id_token'], IdToken)
Пример #2
0
    def test_get_access_token(self):
        res = self.rph.begin(issuer_id='github')
        _session = self.rph.get_session_information(res['state'])
        client = self.rph.issuer2rp[_session['iss']]

        _github_id = iss_id('github')
        client.service_context.keyjar.import_jwks(
            GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)

        _nonce = _session['auth_request']['nonce']
        _iss = _session['iss']
        _aud = client.client_id
        idval = {
            'nonce': _nonce,
            'sub': 'EndUserSubject',
            'iss': _iss,
            'aud': _aud
        }

        idts = IdToken(**idval)
        _signed_jwt = idts.to_jwt(
            key=GITHUB_KEY.get_signing_key(issuer_id=_github_id),
            algorithm="RS256",
            lifetime=300)

        _info = {
            "access_token": "accessTok",
            "id_token": _signed_jwt,
            "token_type": "Bearer",
            "expires_in": 3600
        }

        at = AccessTokenResponse(**_info)
        _url = "https://github.com/token"
        with responses.RequestsMock() as rsps:
            rsps.add("POST",
                     _url,
                     body=at.to_json(),
                     adding_headers={"Content-Type": "application/json"},
                     status=200)
            client.service['accesstoken'].endpoint = _url

            auth_response = AuthorizationResponse(code='access_code',
                                                  state=res['state'])
            resp = self.rph.finalize_auth(client, _session['iss'],
                                          auth_response.to_dict())

            resp = self.rph.get_access_token(res['state'], client)
            assert set(resp.keys()) == {
                'access_token', 'expires_in', 'id_token', 'token_type',
                '__verified_id_token', '__expires_at'
            }

            atresp = client.service['accesstoken'].get_item(
                AccessTokenResponse, 'token_response', res['state'])
            assert set(atresp.keys()) == {
                'access_token', 'expires_in', 'id_token', 'token_type',
                '__verified_id_token', '__expires_at'
            }
    def rphandler_setup(self, httpserver):
        self.rph = RPHandler(base_url=BASE_URL,
                             client_configs=CLIENT_CONFIG,
                             keyjar=CLI_KEY)
        res = self.rph.begin(issuer_id='github')
        _session = self.rph.get_session_information(res['state'])
        client = self.rph.issuer2rp[_session['iss']]
        _nonce = _session['auth_request']['nonce']
        _iss = _session['iss']
        _aud = client.client_id
        idval = {
            'nonce': _nonce,
            'sub': 'EndUserSubject',
            'iss': _iss,
            'aud': _aud
        }

        _github_id = iss_id('github')
        client.service_context.keyjar.import_jwks(
            GITHUB_KEY.export_jwks(issuer=_github_id), _github_id)

        idts = IdToken(**idval)
        _signed_jwt = idts.to_jwt(key=GITHUB_KEY.get_signing_key(
            'rsa', owner=_github_id),
                                  algorithm="RS256",
                                  lifetime=300)

        _info = {
            "access_token": "accessTok",
            "id_token": _signed_jwt,
            "token_type": "Bearer",
            "expires_in": 3600,
            'refresh_token': 'refreshing'
        }

        at = AccessTokenResponse(**_info)
        httpserver.serve_content(at.to_json(),
                                 headers={'Content-Type': 'application/json'})
        client.service['accesstoken'].endpoint = httpserver.url

        _response = AuthorizationResponse(code='access_code',
                                          state=res['state'])
        auth_response = self.rph.finalize_auth(client, _session['iss'],
                                               _response.to_dict())

        token_resp = self.rph.get_access_and_id_token(auth_response,
                                                      client=client)

        httpserver.serve_content('{"sub":"EndUserSubject"}',
                                 headers={'Content-Type': 'application/json'})
        client.service['userinfo'].endpoint = httpserver.url

        self.rph.get_user_info(res['state'], client,
                               token_resp['access_token'])
        self.state = res['state']
    def test_access_and_id_token_by_reference(self):
        rph_1 = RPHandler(BASE_URL,
                          client_configs=CLIENT_CONFIG,
                          keyjar=CLI_KEY,
                          module_dirs=['oidc'])

        res = rph_1.begin(issuer_id='github')
        _session = rph_1.get_session_information(res['state'])
        client = rph_1.issuer2rp[_session['iss']]
        _context = client.client_get("service_context")
        _nonce = _session['auth_request']['nonce']
        _iss = _session['iss']
        _aud = _context.client_id
        idval = {
            'nonce': _nonce,
            'sub': 'EndUserSubject',
            'iss': _iss,
            'aud': _aud
        }

        _github_id = iss_id('github')
        _context.keyjar.import_jwks(
            GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)

        idts = IdToken(**idval)
        _signed_jwt = idts.to_jwt(key=GITHUB_KEY.get_signing_key(
            'rsa', issuer_id=_github_id),
                                  algorithm="RS256",
                                  lifetime=300)

        _info = {
            "access_token": "accessTok",
            "id_token": _signed_jwt,
            "token_type": "Bearer",
            "expires_in": 3600
        }

        at = AccessTokenResponse(**_info)
        _url = "https://github.com/token"
        with responses.RequestsMock() as rsps:
            rsps.add("POST",
                     _url,
                     body=at.to_json(),
                     adding_headers={"Content-Type": "application/json"},
                     status=200)
            client.client_get("service", 'accesstoken').endpoint = _url

            _response = AuthorizationResponse(code='access_code',
                                              state=res['state'])
            _ = rph_1.finalize_auth(client, _session['iss'],
                                    _response.to_dict())
            resp = rph_1.get_access_and_id_token(state=res['state'])
            assert resp['access_token'] == 'accessTok'
            assert isinstance(resp['id_token'], IdToken)
    def test_refresh_access_token(self, httpserver):
        _session = self.rph.get_session_information(self.state)
        client = self.rph.issuer2rp[_session['iss']]

        _info = {"access_token": "2nd_accessTok",
                 "token_type": "Bearer", "expires_in": 3600}
        at = AccessTokenResponse(**_info)
        httpserver.serve_content(at.to_json())
        client.service['refresh_token'].endpoint = httpserver.url

        res = self.rph.refresh_access_token(self.state, client,
                                            'openid email')
        assert res['access_token'] == '2nd_accessTok'
    def test_get_access_token(self, httpserver):
        res = self.rph.begin(issuer_id='github')
        _session = self.rph.get_session_information(res['state'])
        client = self.rph.issuer2rp[_session['iss']]
        _nonce = _session['auth_request']['nonce']
        _iss = _session['iss']
        _aud = client.client_id
        idval = {
            'nonce': _nonce,
            'sub': 'EndUserSubject',
            'iss': _iss,
            'aud': _aud
        }

        idts = IdToken(**idval)
        _signed_jwt = idts.to_jwt(
            key=client.service_context.keyjar.get_signing_key('oct'),
            algorithm="HS256",
            lifetime=300)

        _info = {
            "access_token": "accessTok",
            "id_token": _signed_jwt,
            "token_type": "Bearer",
            "expires_in": 3600
        }

        at = AccessTokenResponse(**_info)
        httpserver.serve_content(at.to_json(),
                                 headers={'Content-Type': 'application/json'})
        client.service['accesstoken'].endpoint = httpserver.url

        auth_response = AuthorizationResponse(code='access_code',
                                              state=res['state'])
        resp = self.rph.finalize_auth(client, _session['iss'],
                                      auth_response.to_dict())

        resp = self.rph.get_access_token(res['state'], client)
        assert set(resp.keys()) == {
            'access_token', 'expires_in', 'id_token', 'token_type',
            '__verified_id_token', '__expires_at'
        }

        atresp = client.service['accesstoken'].get_item(
            AccessTokenResponse, 'token_response', res['state'])
        assert set(atresp.keys()) == {
            'access_token', 'expires_in', 'id_token', 'token_type',
            '__verified_id_token', '__expires_at'
        }
    def construct_access_token_response(self, client_id):
        _nonce = self.nonce
        _iss = self.issuer
        _aud = client_id

        idval = {
            'nonce': _nonce,
            'sub': 'EndUserSubject',
            'iss': _iss,
            'aud': _aud
        }

        idts = IdToken(**idval)
        _signed_jwt = idts.to_jwt(key=self.keyjar.get_signing_key('oct'),
                                  algorithm="HS256",
                                  lifetime=300)

        _info = {
            "access_token": "accessTok",
            "id_token": _signed_jwt,
            "token_type": "Bearer",
            "expires_in": 3600
        }

        return AccessTokenResponse(**_info)
Пример #8
0
    def test_refresh_access_token(self):
        _session = self.rph.get_session_information(self.state)
        client = self.rph.issuer2rp[_session['iss']]

        _info = {
            "access_token": "2nd_accessTok",
            "token_type": "Bearer",
            "expires_in": 3600
        }
        at = AccessTokenResponse(**_info)
        _url = "https://github.com/token"
        with responses.RequestsMock() as rsps:
            rsps.add("POST",
                     _url,
                     body=at.to_json(),
                     adding_headers={"Content-Type": "application/json"},
                     status=200)

            client.service['refresh_token'].endpoint = _url
            res = self.rph.refresh_access_token(self.state, client,
                                                'openid email')
            assert res['access_token'] == '2nd_accessTok'
    def _create_at(self, uid, lifetime=0, with_jti=False):
        _context = self.introspection_endpoint.endpoint_context

        session_id = setup_session(
            _context,
            AUTH_REQ,
            uid=uid,
            acr=INTERNETPROTOCOLPASSWORD,
        )
        _token_request = TOKEN_REQ_DICT.copy()
        _token_request["code"] = _context.sdb[session_id]["code"]
        _context.sdb.update(session_id, user=uid)

        _req = self.token_endpoint.parse_request(_token_request)
        _resp = self.token_endpoint.process_request(request=_req)
        _resp = AccessTokenResponse(**_resp["response_args"])
        return _resp["access_token"]
def construct_access_token_response(nonce, issuer, client_id, key_jar):
    _aud = client_id

    idval = {
        'nonce': nonce,
        'sub': 'EndUserSubject',
        'iss': issuer,
        'aud': _aud
    }

    idts = IdToken(**idval)
    _signed_jwt = idts.to_jwt(key=key_jar.get_signing_key('rsa', owner=issuer),
                              algorithm="RS256",
                              lifetime=300)

    _info = {
        "access_token": "accessTok",
        "id_token": _signed_jwt,
        "token_type": "Bearer",
        "expires_in": 3600
    }

    return AccessTokenResponse(**_info)