def init_app(self,
provider_metadata_extras=None,
client_metadata_extras=None,
**kwargs):
required_provider_metadata = {
'issuer': self.PROVIDER_BASEURL,
'authorization_endpoint': self.PROVIDER_BASEURL + '/auth',
'jwks_uri': self.PROVIDER_BASEURL + '/jwks'
}
if provider_metadata_extras:
required_provider_metadata.update(provider_metadata_extras)
provider_metadata = ProviderMetadata(**required_provider_metadata)
required_client_metadata = {
'client_id': self.CLIENT_ID,
'client_secret': 'secret1'
}
if client_metadata_extras:
required_client_metadata.update(client_metadata_extras)
client_metadata = ClientMetadata(**required_client_metadata)
provider_configurations = {
self.PROVIDER_NAME:
ProviderConfiguration(provider_metadata=provider_metadata,
client_metadata=client_metadata,
**kwargs)
}
authn = OIDCAuthentication(provider_configurations)
authn.init_app(self.app)
return authn
def init_app(self,
provider_metadata_extras=None,
client_metadata_extras=None,
**kwargs):
required_provider_metadata = {
"issuer": self.PROVIDER_BASEURL,
"authorization_endpoint": self.PROVIDER_BASEURL + "/auth",
"jwks_uri": self.PROVIDER_BASEURL + "/jwks",
}
if provider_metadata_extras:
required_provider_metadata.update(provider_metadata_extras)
provider_metadata = ProviderMetadata(**required_provider_metadata)
required_client_metadata = {
"client_id": self.CLIENT_ID,
"client_secret": "secret1"
}
if client_metadata_extras:
required_client_metadata.update(client_metadata_extras)
client_metadata = ClientMetadata(**required_client_metadata)
provider_configurations = {
self.PROVIDER_NAME:
ProviderConfiguration(provider_metadata=provider_metadata,
client_metadata=client_metadata,
**kwargs)
}
authn = OIDCAuthentication(provider_configurations)
authn.init_app(self.app)
return authn
def test_explicit_redirect_uri_config_should_be_preserved_after_init_app(
self):
redirect_uri_config = RedirectUriConfig(
'https://example.com/abc/redirect_uri', 'redirect_uri')
authn = OIDCAuthentication({}, None, redirect_uri_config)
assert authn._redirect_uri_config == redirect_uri_config
authn.init_app(self.app)
assert authn._redirect_uri_config == redirect_uri_config
def test_should_register_client_if_not_registered_before(
self, post_logout_redirect_uris):
registration_endpoint = self.PROVIDER_BASEURL + '/register'
provider_metadata = ProviderMetadata(
self.PROVIDER_BASEURL,
self.PROVIDER_BASEURL + '/auth',
self.PROVIDER_BASEURL + '/jwks',
registration_endpoint=registration_endpoint)
client_metadata = {}
if post_logout_redirect_uris:
client_metadata[
'post_logout_redirect_uris'] = post_logout_redirect_uris
provider_configurations = {
self.PROVIDER_NAME:
ProviderConfiguration(
provider_metadata=provider_metadata,
client_registration_info=ClientRegistrationInfo(
**client_metadata))
}
authn = OIDCAuthentication(provider_configurations)
authn.init_app(self.app)
# register logout view to force 'post_logout_redirect_uris' to be included in registration request
logout_view_mock = self.get_view_mock()
self.app.add_url_rule('/logout', view_func=logout_view_mock)
authn.oidc_logout(logout_view_mock)
responses.add(responses.POST,
registration_endpoint,
json={
'client_id': 'client1',
'client_secret': 'secret1'
})
view_mock = self.get_view_mock()
with self.app.test_request_context('/'):
auth_redirect = authn.oidc_auth(self.PROVIDER_NAME)(view_mock)()
self.assert_auth_redirect(auth_redirect)
registration_request = json.loads(
responses.calls[0].request.body.decode('utf-8'))
with self.app.app_context():
full_redirect_uri = flask.url_for(
registration_request['redirect_uris'][0])
registration_request['redirect_uris'] = full_redirect_uri
expected_post_logout_redirect_uris = post_logout_redirect_uris if post_logout_redirect_uris else [
'http://{}/logout'.format(self.CLIENT_DOMAIN)
]
expected_registration_request = {
'redirect_uris':
'http://{}/redirect_uri'.format(self.CLIENT_DOMAIN),
'post_logout_redirect_uris': expected_post_logout_redirect_uris
}
assert registration_request == expected_registration_request
id_token=user_session.id_token,
userinfo=user_session.userinfo)
@app.route('/login2')
@auth.oidc_auth(PROVIDER_NAME2)
def login2():
user_session = UserSession(flask.session)
return jsonify(access_token=user_session.access_token,
id_token=user_session.id_token,
userinfo=user_session.userinfo)
@app.route('/logout')
@auth.oidc_logout
def logout():
return "You've been successfully logged out!"
@auth.error_view
def error(error=None, error_description=None):
return jsonify({'error': error, 'message': error_description})
if __name__ == '__main__':
logging.basicConfig(
level=logging.DEBUG,
format='%(asctime)s - %(name)s - %(levelname)s - %(message)s')
auth.init_app(app)
app.run()
def test_unauth_error(self):
with pytest.raises(NoAuthenticationError) as excinfo:
authn = OIDCAuthentication()
authn.init_app(self.app)