class JWTTest(TestCase): def setUp(self): self.inst = JWT() self.key = jwk_from_dict(json.loads(load_testdata('oct.json', 'r'))) self.message = { 'iss': 'joe', 'exp': 1300819380, 'http://example.com/is_root': True, } self.compact_jws = ( 'eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9' '.' 'eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt' 'cGxlLmNvbS9pc19yb290Ijp0cnVlfQ' '.' 'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk') @freeze_time("2011-03-22 18:00:00", tz_offset=0) def test_decode(self): message = self.inst.decode(self.compact_jws, self.key) self.assertEqual(message, self.message) def test_decode_with_do_time_check_disabled(self): message = self.inst.decode(self.compact_jws, self.key, do_time_check=False) self.assertEqual(message, self.message) def test_expiration(self): self.assertRaisesRegex(JWTDecodeError, 'JWT Expired', self.inst.decode, self.compact_jws, self.key) def test_no_before_used_before(self): compact_jws = self.inst.encode( { 'nbf': get_int_from_datetime( datetime.now(timezone.utc) + timedelta(hours=1)) }, self.key) self.assertRaisesRegex(JWTDecodeError, 'JWT Not valid yet', self.inst.decode, compact_jws, self.key) def test_no_before_used_after(self): message = { 'nbf': get_int_from_datetime( datetime.now(timezone.utc) - timedelta(hours=1)) } compact_jws = self.inst.encode(message, self.key) self.assertEqual(self.inst.decode(compact_jws, self.key), message)
class JWTTest(TestCase): def setUp(self): self.inst = JWT() self.key = jwk_from_dict( json.loads(load_testdata('oct.json', 'r'))) self.message = { 'iss': 'joe', 'exp': 1300819380, 'http://example.com/is_root': True, } self.compact_jws = ( 'eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9' '.' 'eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt' 'cGxlLmNvbS9pc19yb290Ijp0cnVlfQ' '.' 'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk' ) def test_decode(self): message = self.inst.decode(self.compact_jws, self.key) self.assertEqual(message, self.message)
def test_answer_with_token(self): inst = self.target() inst.update({ 'client_id': self.client.id, 'redirect_uri': self.client.get_redirect_uri(), 'response_type': 'id_token token', 'scope': 'openid profile', 'nonce': 'noncestring', 'state': 'statestring', }) inst.validate() resp = inst.answer(self.provider, self.owner) resp.validate() token = self.store.get_access_token(resp.access_token) self.assertEqual(resp.token_type, token.get_type()) self.assertEqual(resp.scope, ' '.join(token.get_scope())) self.assertEqual(resp.expires_in, token.get_expires_in()) self.assertEqual(resp.state, 'statestring') jwt = JWT(self.jwkset.copy()) self.assertTrue(jwt.verify(resp.id_token)) id_token = json.loads(jwt.decode(resp.id_token).decode('utf8')) self.assertEqual(id_token['nonce'], 'noncestring') self.assertEqual(id_token['at_hash'], self.provider.left_hash(self.client.get_jws_alg(), resp.access_token))
class JWTTest(TestCase): def setUp(self): self.inst = JWT() self.key = jwk_from_dict(json.loads(load_testdata('oct.json', 'r'))) self.message = { 'iss': 'joe', 'exp': 1300819380, 'http://example.com/is_root': True, } self.compact_jws = ( 'eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9' '.' 'eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt' 'cGxlLmNvbS9pc19yb290Ijp0cnVlfQ' '.' 'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk') def test_decode(self): message = self.inst.decode(self.compact_jws, self.key) self.assertEqual(message, self.message)
def test_answer(self): inst = self.target() inst.update({ 'client_id': self.client.id, 'redirect_uri': self.client.get_redirect_uri(), 'response_type': 'id_token', 'scope': 'openid profile', 'nonce': 'noncestring', 'state': 'statestring', }) inst.validate() resp = inst.answer(self.provider, self.owner) resp.validate() self.assertEqual(resp.state, 'statestring') jwt = JWT(self.jwkset.copy()) self.assertTrue(jwt.verify(resp.id_token)) id_token = json.loads(jwt.decode(resp.id_token).decode('utf8')) self.assertEqual(id_token['nonce'], 'noncestring')
def test_answer(self): inst = self.target() inst.update({ 'client_id': self.client.id, 'grant_type': 'authorization_code', 'code': self.code.get_code(), }) inst.validate() with mock.patch.object(self.provider, 'authorize_client', return_value=True): resp = inst.answer(self.provider, self.owner) jwt = JWT(self.jwkset.copy()) self.assertTrue(jwt.verify(resp.id_token)) id_token = json.loads(jwt.decode(resp.id_token).decode('utf8')) self.assertEqual( id_token['at_hash'], self.provider.left_hash(self.client.get_jws_alg(), resp.access_token))
def jwt_decode_handler(keys, jwt): _jwt = JWT(keys) return _jwt.decode(jwt)