def test_pkce_verify_512():
_cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}})
args, cv = _cli.add_code_challenge()
authn_broker = AuthnBroker()
authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
_prov = Provider("as", sdb.SessionDB(SERVER_INFO["issuer"]), CDB,
authn_broker, Implicit(), verify_client)
assert _prov.verify_code_challenge(cv, args['code_challenge'],
'S512') is True
def test_pkce_verify_512(session_db_factory):
_cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}})
args, cv = _cli.add_code_challenge()
authn_broker = AuthnBroker()
authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
_prov = Provider("as", session_db_factory(SERVER_INFO["issuer"]), CDB,
authn_broker, Implicit(), verify_client)
assert _prov.verify_code_challenge(cv, args['code_challenge'],
'S512') is True
resp = _prov.verify_code_challenge('XXX', args['code_challenge'])
assert isinstance(resp, Response)
assert resp.info()['status_code'] == 401
def test_authenticated_token(self):
client = Client(**CLIENT_CONFIG)
client.authorization_endpoint = 'https://example.com/as'
sid = rndstr(8)
args = {'redirect_uri': "http://localhost:8087/authz", "state": sid,
"response_type": 'token'}
url, body, ht_args, csi = client.request_info(AuthorizationRequest,
'GET', request_args=args)
QUERY_STRING = url.split("?")[1]
resp = self.provider.authorization_endpoint(QUERY_STRING)
auth_resp = parse_qs(urlparse(resp.message).fragment)
assert "access_token" in auth_resp
assert auth_resp["token_type"][0] == "Bearer"
def test_pkce_verify_512(session_db_factory):
_cli = Client(config={"code_challenge": {"method": "S512", "length": 96}})
args, cv = _cli.add_code_challenge()
authn_broker = AuthnBroker()
authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
_prov = Provider(
"as",
session_db_factory(SERVER_INFO["issuer"]),
CDB,
authn_broker,
Implicit(),
verify_client,
)
assert _prov.verify_code_challenge(cv, args["code_challenge"],
"S512") is True
resp = _prov.verify_code_challenge("XXX", args["code_challenge"])
assert isinstance(resp, Response)
assert resp.info()["status_code"] == 401
def test_authenticated(self):
client = Client(**CLIENT_CONFIG)
client.authorization_endpoint = 'https://example.com/as'
sid = rndstr(8)
args = {
'redirect_uri': "http://localhost:8087/authz",
"state": sid, "response_type": 'code'}
url, body, ht_args, csi = client.request_info(
AuthorizationRequest, 'GET', request_args=args)
resp = self.provider.authorization_endpoint(urlparse(url).query)
assert resp.status == "303 See Other"
resp = urlparse(resp.message).query
aresp = client.parse_authz_response(resp)
assert isinstance(aresp, AuthorizationResponse)
assert _eq(aresp.keys(), ['state', 'code', 'client_id', 'iss'])
assert _eq(client.grant[sid].keys(), ['tokens', 'code', 'exp_in',
'seed', 'id_token',
'grant_expiration_time'])
def test_pkce_create():
_cli = Client(config={'code_challenge': {'method': 'S256', 'length': 64}})
args, cv = _cli.add_code_challenge()
assert args['code_challenge_method'] == 'S256'
assert _eq(list(args.keys()), ['code_challenge_method', 'code_challenge'])
def test_pkce_create():
_cli = Client(config={"code_challenge": {"method": "S256", "length": 64}})
args, cv = _cli.add_code_challenge()
assert args["code_challenge_method"] == "S256"
assert _eq(list(args.keys()), ["code_challenge_method", "code_challenge"])
