def test_okta_client_credentials_flow_token_is_expired_after_30_seconds_by_default( token_cache, httpx_mock: HTTPXMock): auth = httpx_auth.OktaClientCredentials("test_okta", client_id="test_user", client_secret="test_pwd") # Add a token that expires in 29 seconds, so should be considered as expired when issuing the request token_cache._add_token( key= "f0d25aa4e496c6615328e776bb981dabe53fa77768a0a58eaf6d54215c598d80e57ffc7926fd96ec6a6a872942cb684a473e36233b593fb760d3eb6dc22ae550", token="2YotnFZFEjr1zCsicMWpAA", expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29), ) # Meaning a new one will be requested httpx_mock.add_response( method="POST", url="https://test_okta/oauth2/default/v1/token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, ) assert (get_header( httpx_mock, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_oauth2_password_credentials_flow_token_is_expired_after_30_seconds_by_default( token_cache, httpx_mock: HTTPXMock): auth = httpx_auth.OAuth2ResourceOwnerPasswordCredentials( "http://provide_access_token", username="******", password="******") # Add a token that expires in 29 seconds, so should be considered as expired when issuing the request token_cache._add_token( key= "db2be9203dd2718c7285319dde1270056808482fbf7fffa6a9362d092d1cf799b393dd15140ea13e4d76d1603e56390a6222ff7063736a1b686d317706b2c001", token="2YotnFZFEjr1zCsicMWpAA", expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29), ) # Meaning a new one will be requested httpx_mock.add_response( method="POST", url="http://provide_access_token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, match_content= b"grant_type=password&username=test_user&password=test_pwd", ) assert (get_header( httpx_mock, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_oauth2_client_credentials_flow_token_is_expired_after_30_seconds_by_default( token_cache, httpx_mock: HTTPXMock): auth = httpx_auth.OAuth2ClientCredentials("http://provide_access_token", client_id="test_user", client_secret="test_pwd") # Add a token that expires in 29 seconds, so should be considered as expired when issuing the request token_cache._add_token( key= "a8a1c17ded24b3710524306819084310b08f97e151c79f4f1979202c541f3e8506c93176f7ee816bfcd2b2f6de9c5c3e16aaff220f1ad8f08d31ee086e8618da", token="2YotnFZFEjr1zCsicMWpAA", expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29), ) # Meaning a new one will be requested httpx_mock.add_response( method="POST", url="http://provide_access_token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, ) assert (get_header( httpx_mock, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_oauth2_implicit_flow_post_token_is_expired_after_30_seconds_by_default( token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock): auth = httpx_auth.OAuth2Implicit("http://provide_token") # Add a token that expires in 29 seconds, so should be considered as expired when issuing the request expiry_in_29_seconds = datetime.datetime.utcnow() + datetime.timedelta( seconds=29) token_cache._add_token( key= "42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521", token=create_token(expiry_in_29_seconds), expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29), ) # Meaning a new one will be requested expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1) token = create_token(expiry_in_1_hour) tab = browser_mock.add_response( opened_url= "http://provide_token?response_type=token&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F", reply_url="http://localhost:5000", data= f"access_token={token}&state=42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521", ) assert get_header(httpx_mock, auth).get("Authorization") == f"Bearer {token}" tab.assert_success( "You are now authenticated on 42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521. You may close this tab." )
def test_oauth2_implicit_flow_post_token_custom_expiry( token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock): auth = httpx_auth.OAuth2Implicit("http://provide_token", early_expiry=28) # Add a token that expires in 29 seconds, so should be considered as not expired when issuing the request expiry_in_29_seconds = datetime.datetime.utcnow() + datetime.timedelta( seconds=29) token = create_token(expiry_in_29_seconds) token_cache._add_token( key= "42a85b271b7a652ca3cc4c398cfd3f01b9ad36bf9c945ba823b023e8f8b95c4638576a0e3dcc96838b838bec33ec6c0ee2609d62ed82480b3b8114ca494c0521", token=create_token(expiry_in_29_seconds), expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29), ) assert get_header(httpx_mock, auth).get("Authorization") == f"Bearer {token}"
def test_oauth2_authorization_code_flow_get_code_custom_expiry( token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock): auth = httpx_auth.OAuth2AuthorizationCode("http://provide_code", "http://provide_access_token", early_expiry=28) # Add a token that expires in 29 seconds, so should be considered as not expired when issuing the request token_cache._add_token( key= "163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de", token="2YotnFZFEjr1zCsicMWpAA", expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29), ) httpx_mock.add_response( match_headers={"Authorization": "Bearer 2YotnFZFEjr1zCsicMWpAA"}) # Send a request to this dummy URL with authentication httpx.get("http://authorized_only", auth=auth)
def test_okta_client_credentials_flow_token_custom_expiry( token_cache, httpx_mock: HTTPXMock): auth = httpx_auth.OktaClientCredentials("test_okta", client_id="test_user", client_secret="test_pwd", early_expiry=28) # Add a token that expires in 29 seconds, so should be considered as not expired when issuing the request token_cache._add_token( key= "f0d25aa4e496c6615328e776bb981dabe53fa77768a0a58eaf6d54215c598d80e57ffc7926fd96ec6a6a872942cb684a473e36233b593fb760d3eb6dc22ae550", token="2YotnFZFEjr1zCsicMWpAA", expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29), ) assert (get_header( httpx_mock, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_oauth2_authorization_code_flow_get_code_custom_expiry( token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock): auth = httpx_auth.OktaAuthorizationCode( "testserver.okta-emea.com", "54239d18-c68c-4c47-8bdd-ce71ea1d50cd", early_expiry=28, ) # Add a token that expires in 29 seconds, so should be considered as not expired when issuing the request token_cache._add_token( key= "5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b", token="2YotnFZFEjr1zCsicMWpAA", expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29), ) assert (get_header( httpx_mock, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_oauth2_password_credentials_flow_token_custom_expiry( token_cache, httpx_mock: HTTPXMock): auth = httpx_auth.OAuth2ResourceOwnerPasswordCredentials( "http://provide_access_token", username="******", password="******", early_expiry=28, ) # Add a token that expires in 29 seconds, so should be considered as not expired when issuing the request token_cache._add_token( key= "db2be9203dd2718c7285319dde1270056808482fbf7fffa6a9362d092d1cf799b393dd15140ea13e4d76d1603e56390a6222ff7063736a1b686d317706b2c001", token="2YotnFZFEjr1zCsicMWpAA", expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29), ) assert (get_header( httpx_mock, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_oauth2_client_credentials_flow_token_custom_expiry( token_cache, httpx_mock: HTTPXMock): auth = httpx_auth.OAuth2ClientCredentials( "http://provide_access_token", client_id="test_user", client_secret="test_pwd", early_expiry=28, ) # Add a token that expires in 29 seconds, so should be considered as not expired when issuing the request token_cache._add_token( key= "a8a1c17ded24b3710524306819084310b08f97e151c79f4f1979202c541f3e8506c93176f7ee816bfcd2b2f6de9c5c3e16aaff220f1ad8f08d31ee086e8618da", token="2YotnFZFEjr1zCsicMWpAA", expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29), ) assert (get_header( httpx_mock, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_oauth2_pkce_flow_get_code_custom_expiry(token_cache, httpx_mock: HTTPXMock, monkeypatch, browser_mock: BrowserMock): monkeypatch.setattr(httpx_auth.authentication.os, "urandom", lambda x: b"1" * 63) auth = httpx_auth.OAuth2AuthorizationCodePKCE( "http://provide_code", "http://provide_access_token", early_expiry=28) # Add a token that expires in 29 seconds, so should be considered as not expired when issuing the request token_cache._add_token( key= "163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de", token="2YotnFZFEjr1zCsicMWpAA", expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29), ) assert (get_header( httpx_mock, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA")
def test_oauth2_pkce_flow_get_code_is_expired_after_30_seconds_by_default( token_cache, httpx_mock: HTTPXMock, monkeypatch, browser_mock: BrowserMock): monkeypatch.setattr(httpx_auth.authentication.os, "urandom", lambda x: b"1" * 63) auth = httpx_auth.OktaAuthorizationCodePKCE( "testserver.okta-emea.com", "54239d18-c68c-4c47-8bdd-ce71ea1d50cd") # Add a token that expires in 29 seconds, so should be considered as expired when issuing the request token_cache._add_token( key= "5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b", token="2YotnFZFEjr1zCsicMWpAA", expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29), ) # Meaning a new one will be requested tab = browser_mock.add_response( opened_url= "https://testserver.okta-emea.com/oauth2/default/v1/authorize?client_id=54239d18-c68c-4c47-8bdd-ce71ea1d50cd&scope=openid&response_type=code&state=5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&code_challenge=5C_ph_KZ3DstYUc965SiqmKAA-ShvKF4Ut7daKd3fjc&code_challenge_method=S256", reply_url= "http://localhost:5000#code=SplxlOBeZQQYbYS6WxSbIA&state=5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b", ) httpx_mock.add_response( method="POST", url="https://testserver.okta-emea.com/oauth2/default/v1/token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, match_content= b"code_verifier=MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&client_id=54239d18-c68c-4c47-8bdd-ce71ea1d50cd&scope=openid&response_type=code&code=SplxlOBeZQQYbYS6WxSbIA", ) assert (get_header( httpx_mock, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA") tab.assert_success( "You are now authenticated on 5264d11c8b268ccf911ce564ca42fd75cea68c4a3c1ec3ac1ab20243891ab7cd5250ad4c2d002017c6e8ac2ba34954293baa5e0e4fd00bb9ffd4a39c45f1960b. You may close this tab." )
def test_oauth2_pkce_flow_get_code_is_expired_after_30_seconds_by_default( token_cache, httpx_mock: HTTPXMock, monkeypatch, browser_mock: BrowserMock): monkeypatch.setattr(httpx_auth.authentication.os, "urandom", lambda x: b"1" * 63) auth = httpx_auth.OAuth2AuthorizationCodePKCE( "http://provide_code", "http://provide_access_token") # Add a token that expires in 29 seconds, so should be considered as expired when issuing the request token_cache._add_token( key= "163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de", token="2YotnFZFEjr1zCsicMWpAA", expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29), ) # Meaning a new one will be requested tab = browser_mock.add_response( opened_url= "http://provide_code?response_type=code&state=163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&code_challenge=5C_ph_KZ3DstYUc965SiqmKAA-ShvKF4Ut7daKd3fjc&code_challenge_method=S256", reply_url= "http://localhost:5000#code=SplxlOBeZQQYbYS6WxSbIA&state=163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de", ) httpx_mock.add_response( method="POST", url="http://provide_access_token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, match_content= b"code_verifier=MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&response_type=code&code=SplxlOBeZQQYbYS6WxSbIA", ) assert (get_header( httpx_mock, auth).get("Authorization") == "Bearer 2YotnFZFEjr1zCsicMWpAA") tab.assert_success( "You are now authenticated on 163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de. You may close this tab." )
def test_oauth2_authorization_code_flow_get_code_is_expired_after_30_seconds_by_default( token_cache, httpx_mock: HTTPXMock, browser_mock: BrowserMock): auth = httpx_auth.OAuth2AuthorizationCode("http://provide_code", "http://provide_access_token") # Add a token that expires in 29 seconds, so should be considered as expired when issuing the request token_cache._add_token( key= "163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de", token="2YotnFZFEjr1zCsicMWpAA", expiry=httpx_auth.oauth2_tokens._to_expiry(expires_in=29), ) # Meaning a new one will be requested tab = browser_mock.add_response( opened_url= "http://provide_code?response_type=code&state=163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F", reply_url= "http://localhost:5000#code=SplxlOBeZQQYbYS6WxSbIA&state=163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de", ) httpx_mock.add_response( method="POST", url="http://provide_access_token", json={ "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value", }, match_content= b"grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2F&response_type=code&code=SplxlOBeZQQYbYS6WxSbIA", ) httpx_mock.add_response( match_headers={"Authorization": "Bearer 2YotnFZFEjr1zCsicMWpAA"}) # Send a request to this dummy URL with authentication httpx.get("http://authorized_only", auth=auth) tab.assert_success( "You are now authenticated on 163f0455b3e9cad3ca04254e5a0169553100d3aa0756c7964d897da316a695ffed5b4f46ef305094fd0a88cfe4b55ff257652015e4aa8f87b97513dba440f8de. You may close this tab." )