def test_verified_initializes_verified_token(self, patch): verified_token = patch("h.oauth.jwt_grant_token.VerifiedJWTGrantToken") jwttok = jwt_token({"iss": "test-issuer"}) grant_token = JWTGrantToken(jwttok) grant_token.verified("top-secret", "test-audience") verified_token.assert_called_once_with(jwttok, "top-secret", "test-audience")
def test_verified_initializes_verified_token(self, patch): verified_token = patch('h.oauth.jwt_grant_token.VerifiedJWTGrantToken') jwttok = jwt_token({'iss': 'test-issuer'}) grant_token = JWTGrantToken(jwttok) grant_token.verified('top-secret', 'test-audience') verified_token.assert_called_once_with(jwttok, 'top-secret', 'test-audience')
def test_verified_returns_verified_token(self, patch): verified_token = patch('h.oauth.jwt_grant_token.VerifiedJWTGrantToken') jwttok = jwt_token({'iss': 'test-issuer'}) grant_token = JWTGrantToken(jwttok) actual = grant_token.verified('top-secret', 'test-audience') assert actual == verified_token.return_value
def test_verified_returns_verified_token(self, patch): verified_token = patch("h.oauth.jwt_grant_token.VerifiedJWTGrantToken") jwttok = jwt_token({"iss": "test-issuer"}) grant_token = JWTGrantToken(jwttok) actual = grant_token.verified("top-secret", "test-audience") assert actual == verified_token.return_value
def validate_token_request(self, request): """ Validates a token request. Sets the ``client_id`` property on the passed-in request to the JWT issuer, and finds the user based on the JWT subject and sets it as the ``user`` property. Raises subclasses of ``oauthlib.oauth2.rfc6749.OAuth2Error`` when validation fails. :param request: the oauthlib request :type request: oauthlib.common.Request """ try: assertion = request.assertion except AttributeError: raise errors.InvalidRequestFatalError("Missing assertion.") token = JWTGrantToken(assertion) # Update client_id in oauthlib request request.client_id = token.issuer if not self.request_validator.authenticate_client_id( request.client_id, request ): raise errors.InvalidClientError(request=request) # Ensure client is authorized use of this grant type self.validate_grant_type(request) authclient = request.client.authclient verified_token = token.verified(key=authclient.secret, audience=self.domain) user = self.user_svc.fetch(verified_token.subject) if user is None: raise errors.InvalidGrantError( "Grant token subject (sub) could not be found." ) if user.authority != authclient.authority: raise errors.InvalidGrantError( "Grant token subject (sub) does not match issuer (iss)." ) request.user = user