def test_refresh_token(token_cache, responses: RequestsMock):
auth = requests_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://provide_access_token",
username="******",
password="******")
# response for password grant
responses.add(
responses.POST,
"http://provide_access_token",
json={
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in":
"0", # let the token expire immediately after the first request
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
match=[
urlencoded_params_matcher({
"grant_type": "password",
"username": "******",
"password": "******",
})
],
)
assert (get_header(
responses,
auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
assert (get_request(responses, "http://provide_access_token/").body ==
"grant_type=password&username=test_user&password=test_pwd")
# response for refresh token grant
responses.add(
responses.POST,
"http://provide_access_token",
json={
"access_token": "rVR7Syg5bjZtZYjbZIW",
"token_type": "example",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
match=[
urlencoded_params_matcher({
"grant_type":
"refresh_token",
"refresh_token":
"tGzv3JOkF0XG5Qx2TlKWIA",
})
],
)
response = requests.get("http://authorized_only", auth=auth)
assert response.request.headers.get(
"Authorization") == "Bearer rVR7Syg5bjZtZYjbZIW"
assert (get_request(responses, "http://provide_access_token/").body ==
"grant_type=refresh_token&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA")
def test_scope_is_sent_as_str_when_provided_as_list(token_cache,
responses: RequestsMock):
auth = requests_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://provide_access_token",
username="******",
password="******",
scope=["my_scope", "my_other_scope"],
)
responses.add(
responses.POST,
"http://provide_access_token",
json={
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
)
assert (get_header(
responses,
auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
assert (
get_request(responses, "http://provide_access_token/").body ==
"grant_type=password&username=test_user&password=test_pwd&scope=my_scope+my_other_scope"
)
def test_oauth2_pkce_flow_get_code_is_sent_in_authorization_header_by_default(
token_cache, responses: RequestsMock, monkeypatch, browser_mock: BrowserMock
):
monkeypatch.setattr(requests_auth.authentication.os, "urandom", lambda x: b"1" * 63)
auth = requests_auth.OktaAuthorizationCodePKCE(
"testserver.okta-emea.com", "54239d18-c68c-4c47-8bdd-ce71ea1d50cd"
)
tab = browser_mock.add_response(
opened_url="https://testserver.okta-emea.com/oauth2/default/v1/authorize?client_id=54239d18-c68c-4c47-8bdd-ce71ea1d50cd&scope=openid&response_type=code&state=5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&code_challenge=5C_ph_KZ3DstYUc965SiqmKAA-ShvKF4Ut7daKd3fjc&code_challenge_method=S256",
reply_url="http://localhost:5000#code=SplxlOBeZQQYbYS6WxSbIA&state=5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b",
)
responses.add(
responses.POST,
"https://testserver.okta-emea.com/oauth2/default/v1/token",
json={
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
)
assert (
get_header(responses, auth).get("Authorization")
== "Bearer 2YotnFZFEjr1zCsicMWpAA"
)
assert (
get_request(
responses, "https://testserver.okta-emea.com/oauth2/default/v1/token"
).body
== "code_verifier=MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&client_id=54239d18-c68c-4c47-8bdd-ce71ea1d50cd&scope=openid&response_type=code&code=SplxlOBeZQQYbYS6WxSbIA"
)
tab.assert_success(
"You are now authenticated on 5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b. You may close this tab."
)
def test_oauth2_password_credentials_flow_uses_provided_session(
token_cache, responses: RequestsMock):
session = requests.Session()
session.headers.update({"x-test": "Test value"})
auth = requests_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://provide_access_token",
username="******",
password="******",
session=session,
)
responses.add(
responses.POST,
"http://provide_access_token",
json={
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
)
assert (get_header(
responses,
auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
request = get_request(responses, "http://provide_access_token/")
assert request.body == "grant_type=password&username=test_user&password=test_pwd"
assert request.headers["x-test"] == "Test value"
def test_oauth2_authorization_code_flow_get_code_is_sent_in_authorization_header_by_default(
token_cache, responses: RequestsMock, browser_mock: BrowserMock):
auth = requests_auth.OAuth2AuthorizationCode(
"http://provide_code", "http://provide_access_token")
tab = browser_mock.add_response(
opened_url=
"http://provide_code?response_type=code&state=163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url=
"http://localhost:5000#code=SplxlOBeZQQYbYS6WxSbIA&state=163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de",
)
responses.add(
responses.POST,
"http://provide_access_token",
json={
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
)
assert (get_header(
responses,
auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
assert (
get_request(responses, "http://provide_access_token/").body ==
"grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&response_type=code&code=SplxlOBeZQQYbYS6WxSbIA"
)
tab.assert_success(
"You are now authenticated on 163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de. You may close this tab."
)
def test_response_type_can_be_provided_in_url(token_cache,
responses: RequestsMock,
browser_mock: BrowserMock):
auth = requests_auth.OAuth2AuthorizationCode(
"http://provide_code?response_type=my_code",
"http://provide_access_token",
response_type="not_used",
)
tab = browser_mock.add_response(
opened_url=
"http://provide_code?response_type=my_code&state=49b67a19e70f692c3fc09dd124e5782b41a86f4f4931e1cc938ccbb466eecf1b730edb9eb01e42005de77ce3dd5a016418f8e780f30c4477d71102fe03e39e62&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url=
"http://localhost:5000#code=SplxlOBeZQQYbYS6WxSbIA&state=49b67a19e70f692c3fc09dd124e5782b41a86f4f4931e1cc938ccbb466eecf1b730edb9eb01e42005de77ce3dd5a016418f8e780f30c4477d71102fe03e39e62",
)
responses.add(
responses.POST,
"http://provide_access_token",
json={
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
)
assert (get_header(
responses,
auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
assert (
get_request(responses, "http://provide_access_token/").body ==
"grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&code=SplxlOBeZQQYbYS6WxSbIA"
)
tab.assert_success(
"You are now authenticated on 49b67a19e70f692c3fc09dd124e5782b41a86f4f4931e1cc938ccbb466eecf1b730edb9eb01e42005de77ce3dd5a016418f8e780f30c4477d71102fe03e39e62. You may close this tab."
)
def test_okta_client_credentials_flow_uses_provided_session(
token_cache, responses: RequestsMock):
session = requests.Session()
session.headers.update({"x-test": "Test value"})
auth = requests_auth.OktaClientCredentials("test_okta",
client_id="test_user",
client_secret="test_pwd",
session=session)
responses.add(
responses.POST,
"https://test_okta/oauth2/default/v1/token",
json={
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
)
assert (get_header(
responses,
auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
request = get_request(responses,
"https://test_okta/oauth2/default/v1/token")
assert request.headers["x-test"] == "Test value"
def test_nonce_is_sent_if_provided_in_authorization_url(
token_cache, responses: RequestsMock, monkeypatch, browser_mock: BrowserMock
):
monkeypatch.setattr(requests_auth.authentication.os, "urandom", lambda x: b"1" * 63)
auth = requests_auth.OAuth2AuthorizationCodePKCE(
"http://provide_code?nonce=123456", "http://provide_access_token"
)
tab = browser_mock.add_response(
opened_url="http://provide_code?response_type=code&state=163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&nonce=%5B%27123456%27%5D&code_challenge=5C_ph_KZ3DstYUc965SiqmKAA-ShvKF4Ut7daKd3fjc&code_challenge_method=S256",
reply_url="http://localhost:5000#code=SplxlOBeZQQYbYS6WxSbIA&state=163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de",
)
responses.add(
responses.POST,
"http://provide_access_token",
json={
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
)
assert (
get_header(responses, auth).get("Authorization")
== "Bearer 2YotnFZFEjr1zCsicMWpAA"
)
assert (
get_request(responses, "http://provide_access_token/").body
== "code_verifier=MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&response_type=code&code=SplxlOBeZQQYbYS6WxSbIA"
)
tab.assert_success(
"You are now authenticated on 163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de. You may close this tab."
)
def test_response_type_can_be_provided_in_url(
token_cache, responses: RequestsMock, monkeypatch, browser_mock: BrowserMock
):
monkeypatch.setattr(requests_auth.authentication.os, "urandom", lambda x: b"1" * 63)
auth = requests_auth.OAuth2AuthorizationCodePKCE(
"http://provide_code?response_type=my_code",
"http://provide_access_token",
response_type="not_used",
)
tab = browser_mock.add_response(
opened_url="http://provide_code?response_type=%5B%27my_code%27%5D&state=b32e05720bd3722e0ac87bf72897a78b669a0810adf8da46b675793dcfe0f41a40f7d7fdda952bd73ea533a2462907d805adf8c1a162d51b99b2ddec0d411feb&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&code_challenge=5C_ph_KZ3DstYUc965SiqmKAA-ShvKF4Ut7daKd3fjc&code_challenge_method=S256",
reply_url="http://localhost:5000#code=SplxlOBeZQQYbYS6WxSbIA&state=b32e05720bd3722e0ac87bf72897a78b669a0810adf8da46b675793dcfe0f41a40f7d7fdda952bd73ea533a2462907d805adf8c1a162d51b99b2ddec0d411feb",
)
responses.add(
responses.POST,
"http://provide_access_token",
json={
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
)
assert (
get_header(responses, auth).get("Authorization")
== "Bearer 2YotnFZFEjr1zCsicMWpAA"
)
assert (
get_request(responses, "http://provide_access_token/").body
== "code_verifier=MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&response_type=my_code&code=SplxlOBeZQQYbYS6WxSbIA"
)
tab.assert_success(
"You are now authenticated on b32e05720bd3722e0ac87bf72897a78b669a0810adf8da46b675793dcfe0f41a40f7d7fdda952bd73ea533a2462907d805adf8c1a162d51b99b2ddec0d411feb. You may close this tab."
)
def test_oauth2_password_credentials_flow_token_is_expired_after_30_seconds_by_default(
token_cache, responses: RequestsMock):
auth = requests_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://provide_access_token",
username="******",
password="******")
# Add a token that expires in 29 seconds, so should be considered as expired when issuing the request
token_cache._add_token(
key=
"db2be9203dd2718c7285319dde1270056808482fbf7fffa6a9362d092d1cf799b393dd15140ea13e4d76d1603e56390a6222ff7063736a1b686d317706b2c001",
token="2YotnFZFEjr1zCsicMWpAA",
expiry=requests_auth.oauth2_tokens._to_expiry(expires_in=29),
)
# Meaning a new one will be requested
responses.add(
responses.POST,
"http://provide_access_token",
json={
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
)
assert (get_header(
responses,
auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
assert (get_request(responses, "http://provide_access_token/").body ==
"grant_type=password&username=test_user&password=test_pwd")
def test_okta_authorization_code_flow_token_is_expired_after_30_seconds_by_default(
token_cache, responses: RequestsMock, browser_mock: BrowserMock):
auth = requests_auth.OktaAuthorizationCode(
"testserver.okta-emea.com", "54239d18-c68c-4c47-8bdd-ce71ea1d50cd")
tab = browser_mock.add_response(
opened_url=
"https://testserver.okta-emea.com/oauth2/default/v1/authorize?client_id=54239d18-c68c-4c47-8bdd-ce71ea1d50cd&scope=openid&response_type=code&state=5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url=
"http://localhost:5000#code=SplxlOBeZQQYbYS6WxSbIA&state=5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b",
)
# Add a token that expires in 29 seconds, so should be considered as expired when issuing the request
token_cache._add_token(
key=
"5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b",
token="2YotnFZFEjr1zCsicMWpAA",
expiry=requests_auth.oauth2_tokens._to_expiry(expires_in=29),
)
# Meaning a new one will be requested
responses.add(
responses.POST,
"https://testserver.okta-emea.com/oauth2/default/v1/token",
json={
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
)
assert (get_header(
responses,
auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
assert (
get_request(
responses,
"https://testserver.okta-emea.com/oauth2/default/v1/token").body ==
"grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&client_id=54239d18-c68c-4c47-8bdd-ce71ea1d50cd&scope=openid&response_type=code&code=SplxlOBeZQQYbYS6WxSbIA"
)
tab.assert_success(
"You are now authenticated on 5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b. You may close this tab."
)
def test_oauth2_authorization_code_flow_uses_provided_session(
token_cache, responses: RequestsMock, browser_mock: BrowserMock
):
session = requests.Session()
session.headers.update({"x-test": "Test value"})
auth = requests_auth.OktaAuthorizationCode(
"testserver.okta-emea.com",
"54239d18-c68c-4c47-8bdd-ce71ea1d50cd",
session=session,
)
tab = browser_mock.add_response(
opened_url="https://testserver.okta-emea.com/oauth2/default/v1/authorize?client_id=54239d18-c68c-4c47-8bdd-ce71ea1d50cd&scope=openid&response_type=code&state=5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url="http://localhost:5000#code=SplxlOBeZQQYbYS6WxSbIA&state=5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b",
)
responses.add(
responses.POST,
"https://testserver.okta-emea.com/oauth2/default/v1/token",
json={
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": 3600,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
)
assert (
get_header(responses, auth).get("Authorization")
== "Bearer 2YotnFZFEjr1zCsicMWpAA"
)
request = get_request(
responses, "https://testserver.okta-emea.com/oauth2/default/v1/token"
)
assert (
request.body
== "grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&client_id=54239d18-c68c-4c47-8bdd-ce71ea1d50cd&scope=openid&response_type=code&code=SplxlOBeZQQYbYS6WxSbIA"
)
assert request.headers["x-test"] == "Test value"
tab.assert_success(
"You are now authenticated on 5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b. You may close this tab."
)
def test_refresh_token_access_token_not_expired(token_cache,
responses: RequestsMock):
auth = requests_auth.OAuth2ResourceOwnerPasswordCredentials(
"http://provide_access_token",
username="******",
password="******")
# response for password grant
responses.add(
responses.POST,
"http://provide_access_token",
json={
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": 36000,
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
match=[
urlencoded_params_matcher({
"grant_type": "password",
"username": "******",
"password": "******",
})
],
)
assert (get_header(
responses,
auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
assert (get_request(responses, "http://provide_access_token/").body ==
"grant_type=password&username=test_user&password=test_pwd")
# expect Bearer token to remain the same
response = requests.get("http://authorized_only", auth=auth)
assert (response.request.headers.get("Authorization") ==
"Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_refresh_token_invalid(
token_cache, responses: RequestsMock, browser_mock: BrowserMock
):
auth = requests_auth.OAuth2AuthorizationCode(
"http://provide_code", "http://provide_access_token"
)
tab = browser_mock.add_response(
opened_url="http://provide_code?response_type=code&state=163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url="http://localhost:5000#code=SplxlOBeZQQYbYS6WxSbIA&state=163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de",
)
responses.add(
responses.POST,
"http://provide_access_token",
json={
"access_token": "2YotnFZFEjr1zCsicMWpAA",
"token_type": "example",
"expires_in": "0",
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter": "example_value",
},
match=[
urlencoded_params_matcher(
{
"grant_type": "authorization_code",
"redirect_uri": "http://localhost:5000/",
"response_type": "code",
"code": "SplxlOBeZQQYbYS6WxSbIA",
}
)
],
)
assert (
get_header(responses, auth).get("Authorization")
== "Bearer 2YotnFZFEjr1zCsicMWpAA"
)
assert (
get_request(responses, "http://provide_access_token/").body
== "grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&response_type=code&code=SplxlOBeZQQYbYS6WxSbIA"
)
tab.assert_success(
"You are now authenticated on 163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de. You may close this tab."
)
# response for refresh token grant
responses.add(
responses.POST,
"http://provide_access_token",
json={"error": "invalid_request"},
status=400,
match=[
urlencoded_params_matcher(
{
"grant_type": "refresh_token",
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
"response_type": "code",
}
)
],
)
# initialize tab again because a thread can only be started once
tab = browser_mock.add_response(
opened_url="http://provide_code?response_type=code&state=163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F",
reply_url="http://localhost:5000#code=SplxlOBeZQQYbYS6WxSbIA&state=163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de",
)
# if refreshing the token fails, fallback to requesting a new token
response = requests.get("http://authorized_only", auth=auth)
assert (
response.request.headers.get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA"
)
tab.assert_success(
"You are now authenticated on 163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de. You may close this tab."
)
