def setUp(self):
self.mock_validator = mock.MagicMock()
self.addCleanup(setattr, self, 'mock_validator', mock.MagicMock())
auth_code = AuthorizationCodeGrant(
request_validator=self.mock_validator)
auth_code.save_authorization_code = mock.MagicMock()
implicit = ImplicitGrant(request_validator=self.mock_validator)
implicit.save_token = mock.MagicMock()
openid_connect_auth = OpenIDConnectAuthCode(self.mock_validator)
openid_connect_implicit = OpenIDConnectImplicit(self.mock_validator)
response_types = {
'code': auth_code,
'token': implicit,
'id_token': openid_connect_implicit,
'id_token token': openid_connect_implicit,
'code token': openid_connect_auth,
'code id_token': openid_connect_auth,
'code token id_token': openid_connect_auth,
'none': auth_code
}
self.expires_in = 1800
token = tokens.BearerToken(self.mock_validator,
expires_in=self.expires_in)
self.endpoint = AuthorizationEndpoint(default_response_type='code',
default_token_type=token,
response_types=response_types)
def __init__(self, request_validator, token_expires_in=None,
token_generator=None, refresh_token_generator=None,
*args, **kwargs):
auth_grant = OrgAuthorizationCodeGrant(request_validator)
implicit_grant = OrgImplicitGrant(request_validator)
password_grant = OrgResourceOwnerPasswordCredentialsGrant(
request_validator)
credentials_grant = ClientCredentialsGrant(request_validator)
refresh_grant = RefreshTokenGrant(request_validator)
bearer = BearerToken(request_validator, token_generator,
token_expires_in, refresh_token_generator)
AuthorizationEndpoint.__init__(self, default_response_type='code',
response_types={
'code': auth_grant,
'token': implicit_grant,
},
default_token_type=bearer)
TokenEndpoint.__init__(self, default_grant_type='authorization_code',
grant_types={
'authorization_code': auth_grant,
'password': password_grant,
'client_credentials': credentials_grant,
'refresh_token': refresh_grant,
},
default_token_type=bearer)
ResourceEndpoint.__init__(self, default_token='Bearer',
token_types={'Bearer': bearer})
RevocationEndpoint.__init__(self, request_validator)
def setUp(self):
self.mock_validator = mock.MagicMock()
self.mock_validator.get_code_challenge.return_value = None
self.addCleanup(setattr, self, 'mock_validator', mock.MagicMock())
auth_code = AuthorizationCodeGrant(
request_validator=self.mock_validator)
auth_code.save_authorization_code = mock.MagicMock()
implicit = ImplicitGrant(
request_validator=self.mock_validator)
implicit.save_token = mock.MagicMock()
response_types = {
'code': auth_code,
'token': implicit,
'none': auth_code
}
self.expires_in = 1800
token = tokens.BearerToken(
self.mock_validator,
expires_in=self.expires_in
)
self.endpoint = AuthorizationEndpoint(
default_response_type='code',
default_token_type=token,
response_types=response_types
)
def __init__(self,
request_validator,
token_expires_in=None,
token_generator=None,
refresh_token_generator=None,
*args,
**kwargs):
auth_grant = OrgAuthorizationCodeGrant(request_validator)
implicit_grant = OrgImplicitGrant(request_validator)
password_grant = OrgResourceOwnerPasswordCredentialsGrant(
request_validator)
credentials_grant = ClientCredentialsGrant(request_validator)
refresh_grant = RefreshTokenGrant(request_validator)
bearer = BearerToken(request_validator, token_generator,
token_expires_in, refresh_token_generator)
AuthorizationEndpoint.__init__(self,
default_response_type='code',
response_types={
'code': auth_grant,
'token': implicit_grant,
},
default_token_type=bearer)
TokenEndpoint.__init__(self,
default_grant_type='authorization_code',
grant_types={
'authorization_code': auth_grant,
'password': password_grant,
'client_credentials': credentials_grant,
'refresh_token': refresh_grant,
},
default_token_type=bearer)
ResourceEndpoint.__init__(self,
default_token='Bearer',
token_types={'Bearer': bearer})
RevocationEndpoint.__init__(self, request_validator)
class AuthorizationEndpointTest(TestCase):
def setUp(self):
self.mock_validator = mock.MagicMock()
self.addCleanup(setattr, self, 'mock_validator', mock.MagicMock())
auth_code = AuthorizationCodeGrant(
request_validator=self.mock_validator)
auth_code.save_authorization_code = mock.MagicMock()
implicit = ImplicitGrant(
request_validator=self.mock_validator)
implicit.save_token = mock.MagicMock()
response_types = {
'code': auth_code,
'token': implicit,
}
self.expires_in = 1800
token = tokens.BearerToken(self.mock_validator,
expires_in=self.expires_in)
self.endpoint = AuthorizationEndpoint(
default_response_type='code',
default_token_type=token,
response_types=response_types)
@mock.patch('oauthlib.common.generate_token', new=lambda: 'abc')
def test_authorization_grant(self):
uri = 'http://i.b/l?response_type=code&client_id=me&scope=all+of+them&state=xyz'
uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme'
headers, body, status_code = self.endpoint.create_authorization_response(
uri, scopes=['all', 'of', 'them'])
self.assertIn('Location', headers)
self.assertURLEqual(headers['Location'], 'http://back.to/me?code=abc&state=xyz')
@mock.patch('oauthlib.common.generate_token', new=lambda: 'abc')
def test_implicit_grant(self):
uri = 'http://i.b/l?response_type=token&client_id=me&scope=all+of+them&state=xyz'
uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme'
headers, body, status_code = self.endpoint.create_authorization_response(
uri, scopes=['all', 'of', 'them'])
self.assertIn('Location', headers)
self.assertURLEqual(headers['Location'], 'http://back.to/me#access_token=abc&expires_in=' + str(self.expires_in) + '&token_type=Bearer&state=xyz&scope=all+of+them', parse_fragment=True)
def test_missing_type(self):
uri = 'http://i.b/l?client_id=me&scope=all+of+them'
uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme'
self.mock_validator.validate_request = mock.MagicMock(
side_effect=errors.InvalidRequestError())
headers, body, status_code = self.endpoint.create_authorization_response(
uri, scopes=['all', 'of', 'them'])
self.assertIn('Location', headers)
self.assertURLEqual(headers['Location'], 'http://back.to/me?error=invalid_request&error_description=Missing+response_type+parameter.')
def test_invalid_type(self):
uri = 'http://i.b/l?response_type=invalid&client_id=me&scope=all+of+them'
uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme'
self.mock_validator.validate_request = mock.MagicMock(
side_effect=errors.UnsupportedResponseTypeError())
headers, body, status_code = self.endpoint.create_authorization_response(
uri, scopes=['all', 'of', 'them'])
self.assertIn('Location', headers)
self.assertURLEqual(headers['Location'], 'http://back.to/me?error=unsupported_response_type')
def __init__(self, request_validator, token_generator=None,
token_expires_in=None, refresh_token_generator=None, **kwargs):
"""Construct a new web application server.
:param request_validator: An implementation of
oauthlib.oauth2.RequestValidator.
:param token_expires_in: An int or a function to generate a token
expiration offset (in seconds) given a
oauthlib.common.Request object.
:param token_generator: A function to generate a token from a request.
:param refresh_token_generator: A function to generate a token from a
request for the refresh token.
:param kwargs: Extra parameters to pass to authorization-,
token-, resource-, and revocation-endpoint constructors.
"""
auth_grant = AuthorizationCodeGrant(request_validator)
refresh_grant = RefreshTokenGrant(request_validator)
bearer = BearerToken(request_validator, token_generator,
token_expires_in, refresh_token_generator)
AuthorizationEndpoint.__init__(self, default_response_type='code',
response_types={'code': auth_grant},
default_token_type=bearer)
TokenEndpoint.__init__(self, default_grant_type='authorization_code',
grant_types={
'authorization_code': auth_grant,
'refresh_token': refresh_grant,
},
default_token_type=bearer)
ResourceEndpoint.__init__(self, default_token='Bearer',
token_types={'Bearer': bearer})
RevocationEndpoint.__init__(self, request_validator)
def __init__(self, request_validator, token_generator=None,
token_expires_in=None, refresh_token_generator=None, **kwargs):
"""Construct a new web application server.
:param request_validator: An implementation of
oauthlib.oauth2.RequestValidator.
:param token_expires_in: An int or a function to generate a token
expiration offset (in seconds) given a
oauthlib.common.Request object.
:param token_generator: A function to generate a token from a request.
:param refresh_token_generator: A function to generate a token from a
request for the refresh token.
:param kwargs: Extra parameters to pass to authorization-,
token-, resource-, and revocation-endpoint constructors.
"""
auth_grant = AuthorizationCodeGrant(request_validator)
refresh_grant = RefreshTokenGrant(request_validator)
bearer = BearerToken(request_validator, token_generator,
token_expires_in, refresh_token_generator)
AuthorizationEndpoint.__init__(self, default_response_type='code',
response_types={'code': auth_grant},
default_token_type=bearer)
TokenEndpoint.__init__(self, default_grant_type='authorization_code',
grant_types={
'authorization_code': auth_grant,
'refresh_token': refresh_grant,
},
default_token_type=bearer)
ResourceEndpoint.__init__(self, default_token='Bearer',
token_types={'Bearer': bearer})
RevocationEndpoint.__init__(self, request_validator)
class AuthorizationEndpointTest(TestCase):
def setUp(self):
self.mock_validator = mock.MagicMock()
self.addCleanup(setattr, self, "mock_validator", mock.MagicMock())
auth_code = AuthorizationCodeGrant(request_validator=self.mock_validator)
auth_code.save_authorization_code = mock.MagicMock()
implicit = ImplicitGrant(request_validator=self.mock_validator)
implicit.save_token = mock.MagicMock()
response_types = {"code": auth_code, "token": implicit}
self.expires_in = 1800
token = tokens.BearerToken(self.mock_validator, expires_in=self.expires_in)
self.endpoint = AuthorizationEndpoint(
default_response_type="code", default_token_type=token, response_types=response_types
)
@mock.patch("oauthlib.common.generate_token", new=lambda: "abc")
def test_authorization_grant(self):
uri = "http://i.b/l?response_type=code&client_id=me&scope=all+of+them&state=xyz"
uri += "&redirect_uri=http%3A%2F%2Fback.to%2Fme"
headers, body, status_code = self.endpoint.create_authorization_response(uri, scopes=["all", "of", "them"])
self.assertIn("Location", headers)
self.assertURLEqual(headers["Location"], "http://back.to/me?code=abc&state=xyz")
@mock.patch("oauthlib.common.generate_token", new=lambda: "abc")
def test_implicit_grant(self):
uri = "http://i.b/l?response_type=token&client_id=me&scope=all+of+them&state=xyz"
uri += "&redirect_uri=http%3A%2F%2Fback.to%2Fme"
headers, body, status_code = self.endpoint.create_authorization_response(uri, scopes=["all", "of", "them"])
self.assertIn("Location", headers)
self.assertURLEqual(
headers["Location"],
"http://back.to/me#access_token=abc&expires_in="
+ str(self.expires_in)
+ "&token_type=Bearer&state=xyz&scope=all+of+them",
parse_fragment=True,
)
def test_missing_type(self):
uri = "http://i.b/l?client_id=me&scope=all+of+them"
uri += "&redirect_uri=http%3A%2F%2Fback.to%2Fme"
self.mock_validator.validate_request = mock.MagicMock(side_effect=errors.InvalidRequestError())
headers, body, status_code = self.endpoint.create_authorization_response(uri, scopes=["all", "of", "them"])
self.assertIn("Location", headers)
self.assertURLEqual(
headers["Location"],
"http://back.to/me?error=invalid_request&error_description=Missing+response_type+parameter.",
)
def test_invalid_type(self):
uri = "http://i.b/l?response_type=invalid&client_id=me&scope=all+of+them"
uri += "&redirect_uri=http%3A%2F%2Fback.to%2Fme"
self.mock_validator.validate_request = mock.MagicMock(side_effect=errors.UnsupportedResponseTypeError())
headers, body, status_code = self.endpoint.create_authorization_response(uri, scopes=["all", "of", "them"])
self.assertIn("Location", headers)
self.assertURLEqual(headers["Location"], "http://back.to/me?error=unsupported_response_type")
class OpenIDConnectEndpointTest(TestCase):
def setUp(self):
self.mock_validator = mock.MagicMock()
self.mock_validator.authenticate_client.side_effect = self.set_client
grant = OpenIDConnectAuthCode(request_validator=self.mock_validator)
bearer = BearerToken(self.mock_validator)
self.endpoint = AuthorizationEndpoint(grant,
bearer,
response_types={'code': grant})
params = {
'prompt': 'consent',
'state': 'abc',
'redirect_uri': 'https://a.b/cb',
'response_type': 'code',
'client_id': 'abcdef',
'scope': 'hello openid'
}
self.url = 'http://a.b/path?' + urlencode(params)
def set_client(self, request):
request.client = mock.MagicMock()
request.client.client_id = 'mocked'
return True
@mock.patch('oauthlib.common.generate_token')
def test_authorization_endpoint_handles_prompt(self, generate_token):
generate_token.return_value = "MOCK_CODE"
# In the GET view:
scopes, creds = self.endpoint.validate_authorization_request(self.url)
# In the POST view:
creds['scopes'] = scopes
h, b, s = self.endpoint.create_authorization_response(
self.url, credentials=creds)
expected = 'https://a.b/cb?state=abc&code=MOCK_CODE'
self.assertURLEqual(h['Location'], expected)
self.assertEqual(b, None)
self.assertEqual(s, 302)
def test_prompt_none_exclusiveness(self):
"""
Test that prompt=none can't be used with another prompt value.
"""
params = {
'prompt': 'none consent',
'state': 'abc',
'redirect_uri': 'https://a.b/cb',
'response_type': 'code',
'client_id': 'abcdef',
'scope': 'hello openid'
}
url = 'http://a.b/path?' + urlencode(params)
with self.assertRaises(InvalidRequestError):
self.endpoint.validate_authorization_request(url)
def setUp(self):
self.mock_validator = mock.MagicMock()
self.addCleanup(setattr, self, 'mock_validator', mock.MagicMock())
auth_code = AuthorizationCodeGrant(
request_validator=self.mock_validator)
auth_code.save_authorization_code = mock.MagicMock()
implicit = ImplicitGrant(
request_validator=self.mock_validator)
implicit.save_token = mock.MagicMock()
openid_connect_auth = OpenIDConnectAuthCode(self.mock_validator)
openid_connect_implicit = OpenIDConnectImplicit(self.mock_validator)
response_types = {
'code': auth_code,
'token': implicit,
'id_token': openid_connect_implicit,
'id_token token': openid_connect_implicit,
'code token': openid_connect_auth,
'code id_token': openid_connect_auth,
'code token id_token': openid_connect_auth,
'none': auth_code
}
self.expires_in = 1800
token = tokens.BearerToken(self.mock_validator,
expires_in=self.expires_in)
self.endpoint = AuthorizationEndpoint(
default_response_type='code',
default_token_type=token,
response_types=response_types)
def setUp(self):
self.mock_validator = mock.MagicMock()
self.mock_validator.authenticate_client.side_effect = self.set_client
grant = OpenIDConnectAuthCode(request_validator=self.mock_validator)
bearer = BearerToken(self.mock_validator)
self.endpoint = AuthorizationEndpoint(grant,
bearer,
response_types={'code': grant})
params = {
'prompt': 'consent',
'state': 'abc',
'redirect_uri': 'https://a.b/cb',
'response_type': 'code',
'client_id': 'abcdef',
'scope': 'hello openid'
}
self.url = 'http://a.b/path?' + urlencode(params)
def setUp(self):
self.mock_validator = mock.MagicMock()
self.addCleanup(setattr, self, "mock_validator", mock.MagicMock())
auth_code = AuthorizationCodeGrant(request_validator=self.mock_validator)
auth_code.save_authorization_code = mock.MagicMock()
implicit = ImplicitGrant(request_validator=self.mock_validator)
implicit.save_token = mock.MagicMock()
response_types = {"code": auth_code, "token": implicit}
self.expires_in = 1800
token = tokens.BearerToken(self.mock_validator, expires_in=self.expires_in)
self.endpoint = AuthorizationEndpoint(
default_response_type="code", default_token_type=token, response_types=response_types
)
def setUp(self):
self.mock_validator = mock.MagicMock()
self.mock_validator.authenticate_client.side_effect = self.set_client
grant = AuthorizationCodeGrant(request_validator=self.mock_validator)
bearer = BearerToken(self.mock_validator)
self.endpoint = AuthorizationEndpoint(grant, bearer,
response_types={'code': grant})
params = {
'prompt': 'consent',
'display': 'touch',
'nonce': 'abcd',
'state': 'abc',
'redirect_uri': 'https://a.b/cb',
'response_type': 'code',
'client_id': 'abcdef',
'scope': 'hello openid'
}
self.url = 'http://a.b/path?' + urlencode(params)
class AuthorizationEndpointTest(TestCase):
def setUp(self):
self.mock_validator = mock.MagicMock()
self.addCleanup(setattr, self, 'mock_validator', mock.MagicMock())
auth_code = AuthorizationCodeGrant(
request_validator=self.mock_validator)
auth_code.save_authorization_code = mock.MagicMock()
implicit = ImplicitGrant(request_validator=self.mock_validator)
implicit.save_token = mock.MagicMock()
openid_connect_auth = OpenIDConnectAuthCode(self.mock_validator)
openid_connect_implicit = OpenIDConnectImplicit(self.mock_validator)
response_types = {
'code': auth_code,
'token': implicit,
'id_token': openid_connect_implicit,
'id_token token': openid_connect_implicit,
'code token': openid_connect_auth,
'code id_token': openid_connect_auth,
'code token id_token': openid_connect_auth,
'none': auth_code
}
self.expires_in = 1800
token = tokens.BearerToken(self.mock_validator,
expires_in=self.expires_in)
self.endpoint = AuthorizationEndpoint(default_response_type='code',
default_token_type=token,
response_types=response_types)
@mock.patch('oauthlib.common.generate_token', new=lambda: 'abc')
def test_authorization_grant(self):
uri = 'http://i.b/l?response_type=code&client_id=me&scope=all+of+them&state=xyz'
uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme'
headers, body, status_code = self.endpoint.create_authorization_response(
uri, scopes=['all', 'of', 'them'])
self.assertIn('Location', headers)
self.assertURLEqual(headers['Location'],
'http://back.to/me?code=abc&state=xyz')
@mock.patch('oauthlib.common.generate_token', new=lambda: 'abc')
def test_implicit_grant(self):
uri = 'http://i.b/l?response_type=token&client_id=me&scope=all+of+them&state=xyz'
uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme'
headers, body, status_code = self.endpoint.create_authorization_response(
uri, scopes=['all', 'of', 'them'])
self.assertIn('Location', headers)
self.assertURLEqual(headers['Location'],
'http://back.to/me#access_token=abc&expires_in=' +
str(self.expires_in) +
'&token_type=Bearer&state=xyz&scope=all+of+them',
parse_fragment=True)
def test_none_grant(self):
uri = 'http://i.b/l?response_type=none&client_id=me&scope=all+of+them&state=xyz'
uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme'
headers, body, status_code = self.endpoint.create_authorization_response(
uri, scopes=['all', 'of', 'them'])
self.assertIn('Location', headers)
self.assertURLEqual(headers['Location'],
'http://back.to/me?state=xyz',
parse_fragment=True)
self.assertEqual(body, None)
self.assertEqual(status_code, 302)
# and without the state parameter
uri = 'http://i.b/l?response_type=none&client_id=me&scope=all+of+them'
uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme'
headers, body, status_code = self.endpoint.create_authorization_response(
uri, scopes=['all', 'of', 'them'])
self.assertIn('Location', headers)
self.assertURLEqual(headers['Location'],
'http://back.to/me',
parse_fragment=True)
self.assertEqual(body, None)
self.assertEqual(status_code, 302)
def test_missing_type(self):
uri = 'http://i.b/l?client_id=me&scope=all+of+them'
uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme'
self.mock_validator.validate_request = mock.MagicMock(
side_effect=errors.InvalidRequestError())
headers, body, status_code = self.endpoint.create_authorization_response(
uri, scopes=['all', 'of', 'them'])
self.assertIn('Location', headers)
self.assertURLEqual(
headers['Location'],
'http://back.to/me?error=invalid_request&error_description=Missing+response_type+parameter.'
)
def test_invalid_type(self):
uri = 'http://i.b/l?response_type=invalid&client_id=me&scope=all+of+them'
uri += '&redirect_uri=http%3A%2F%2Fback.to%2Fme'
self.mock_validator.validate_request = mock.MagicMock(
side_effect=errors.UnsupportedResponseTypeError())
headers, body, status_code = self.endpoint.create_authorization_response(
uri, scopes=['all', 'of', 'them'])
self.assertIn('Location', headers)
self.assertURLEqual(
headers['Location'],
'http://back.to/me?error=unsupported_response_type')
class OpenIDConnectEndpointTest(TestCase):
def setUp(self):
self.mock_validator = mock.MagicMock()
self.mock_validator.authenticate_client.side_effect = self.set_client
grant = AuthorizationCodeGrant(request_validator=self.mock_validator)
bearer = BearerToken(self.mock_validator)
self.endpoint = AuthorizationEndpoint(grant, bearer,
response_types={'code': grant})
params = {
'prompt': 'consent',
'display': 'touch',
'nonce': 'abcd',
'state': 'abc',
'redirect_uri': 'https://a.b/cb',
'response_type': 'code',
'client_id': 'abcdef',
'scope': 'hello openid'
}
self.url = 'http://a.b/path?' + urlencode(params)
def set_client(self, request):
request.client = mock.MagicMock()
request.client.client_id = 'mocked'
return True
@mock.patch('oauthlib.common.generate_token')
def test_authorization_endpoint_handles_prompt(self, generate_token):
generate_token.return_value = "MOCK_CODE"
# In the GET view:
scopes, creds = self.endpoint.validate_authorization_request(self.url)
# In the POST view:
creds['scopes'] = scopes
h, b, s = self.endpoint.create_authorization_response(self.url,
credentials=creds)
expected = 'https://a.b/cb?state=abc&code=MOCK_CODE'
self.assertURLEqual(h['Location'], expected)
self.assertEqual(b, None)
self.assertEqual(s, 302)
def test_prompt_none_exclusiveness(self):
"""
Test that prompt=none can't be used with another prompt value.
"""
params = {
'prompt': 'none consent',
'state': 'abc',
'redirect_uri': 'https://a.b/cb',
'response_type': 'code',
'client_id': 'abcdef',
'scope': 'hello openid'
}
url = 'http://a.b/path?' + urlencode(params)
with self.assertRaises(InvalidRequestError):
self.endpoint.validate_authorization_request(url)
def test_oidc_params_preservation(self):
"""
Test that the nonce parameter is passed through.
"""
scopes, creds = self.endpoint.validate_authorization_request(self.url)
self.assertEqual(creds['prompt'], {'consent'})
self.assertEqual(creds['nonce'], 'abcd')
self.assertEqual(creds['display'], 'touch')
