def test_reauthenticate_end_user(client, oauth_client):
data = {'max_age': 0}
# TODO
response = oauth2.post_authorize(client,
oauth_client,
data=data,
confirm=True)
def test_ui_locale_no_errors(client, oauth_client):
"""
Test the very basic requirement that including the ``ui_locales`` parameter
does not cause any errors.
"""
data = {'ui_locales': 'fr-CA fr en'}
auth_response = oauth2.post_authorize(client,
oauth_client,
data=data,
confirm=True)
assert auth_response.status_code == 302
assert 'Location' in auth_response.headers
assert oauth2.code_from_authorize_response(auth_response)
def test_id_token_hint_empty(client, oauth_client):
"""
Test ``id_token_hint`` parameter when it's empty.
"If the End-User identified by the ID Token is logged in or is logged in
by the request, then the Authorization Server returns a positive response;
otherwise, it SHOULD return an error"
No end user in hint, so return an error
"""
data = {"id_token_hint": ""}
auth_response = oauth2.post_authorize(client, oauth_client, data=data, confirm=True)
assert auth_response.status_code == 302
assert "Location" in auth_response.headers
query_params = parse_qs(urlparse(auth_response.headers["Location"]).query)
assert "error" in query_params
assert query_params["error"][0] == "access_denied"
def test_id_token_hint_not_logged_in(app, client, oauth_client, monkeypatch):
"""
Test ``id_token_hint`` parameter when hinted user is not logged in.
TODO: This should attempt to log the user in
"""
# test user is logged in right now
token_response = oauth2.get_token_response(client, oauth_client).json
id_token = validate_jwt(token_response["id_token"], {"openid"})
# don't mock auth so there isn't a logged in user any more
monkeypatch.setitem(config, "MOCK_AUTH", False)
# Now use that id_token as a hint to the authorize endpoint
data = {"id_token_hint": str(id_token)}
auth_response = oauth2.post_authorize(client, oauth_client, data=data, confirm=True)
assert auth_response.status_code == 302
assert "Location" in auth_response.headers
query_params = parse_qs(urlparse(auth_response.headers["Location"]).query)
assert "error" in query_params
assert query_params["error"][0] == "access_denied"
