def test_pkce_token():
kb = KeyBundle(JWKS["keys"])
kj = KeyJar()
kj.issuer_keys[''] = [kb]
constructor = JWTToken('A', keyjar=kj, lt_pattern={'': 900},
iss='https://example.com/as', sign_alg='RS256',
encrypt=True)
sid = rndstr(32)
session_info = {
'sub': 'subject_id',
'client_id': 'https://example.com/rp',
'response_type': ['code'],
'authzreq': '{}'
}
_cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}})
args, cv = _cli.add_code_challenge()
access_grant = constructor(
sid, sinfo=session_info, kid='sign1',
code_challenge=args['code_challenge'],
code_challenge_method=args['code_challenge_method'])
_info = constructor.get_info(access_grant)
assert _info['code_challenge_method'] == args['code_challenge_method']
assert _info['code_challenge'] == args['code_challenge']
def test_pkce_token():
kb = KeyBundle(JWKS["keys"])
kj = KeyJar()
kj.issuer_keys[''] = [kb]
constructor = JWTToken('A',
keyjar=kj,
lt_pattern={'': 900},
iss='https://example.com/as',
sign_alg='RS256',
encrypt=True)
sid = rndstr(32)
session_info = {
'sub': 'subject_id',
'client_id': 'https://example.com/rp',
'response_type': ['code'],
'authzreq': '{}'
}
_cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}})
args, cv = _cli.add_code_challenge()
access_grant = constructor(
sid,
sinfo=session_info,
kid='sign1',
code_challenge=args['code_challenge'],
code_challenge_method=args['code_challenge_method'])
_info = constructor.get_info(access_grant)
assert _info['code_challenge_method'] == args['code_challenge_method']
assert _info['code_challenge'] == args['code_challenge']
def test_pkce_token():
kb = KeyBundle(JWKS["keys"])
kj = KeyJar()
kj.issuer_keys[""] = [kb]
constructor = JWTToken(
"A",
keyjar=kj,
lt_pattern={"": 900},
iss="https://example.com/as",
sign_alg="RS256",
encrypt=True,
)
sid = rndstr(32)
session_info = {
"sub": "subject_id",
"client_id": "https://example.com/rp",
"response_type": ["code"],
"authzreq": "{}",
}
_cli = Client(config={"code_challenge": {"method": "S512", "length": 96}})
args, cv = _cli.add_code_challenge()
access_grant = constructor(
sid,
sinfo=session_info,
kid="sign1",
code_challenge=args["code_challenge"],
code_challenge_method=args["code_challenge_method"],
)
_info = constructor.get_info(access_grant)
assert _info["code_challenge_method"] == args["code_challenge_method"]
assert _info["code_challenge"] == args["code_challenge"]
def test_pkce_verify_512():
_cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}})
args, cv = _cli.add_code_challenge()
authn_broker = AuthnBroker()
authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
_prov = Provider("as", sdb.SessionDB(SERVER_INFO["issuer"]), CDB,
authn_broker, Implicit(), verify_client)
assert _prov.verify_code_challenge(cv, args['code_challenge'],
'S512') is True
def test_pkce_verify_512():
_cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}})
args, cv = _cli.add_code_challenge()
authn_broker = AuthnBroker()
authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
_prov = Provider("as",
sdb.SessionDB(SERVER_INFO["issuer"]), CDB,
authn_broker, Implicit(), verify_client)
assert _prov.verify_code_challenge(cv, args['code_challenge'],'S512') is True
def test_pkce_verify_512(session_db_factory):
_cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}})
args, cv = _cli.add_code_challenge()
authn_broker = AuthnBroker()
authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
_prov = Provider("as",
session_db_factory(SERVER_INFO["issuer"]), CDB,
authn_broker, Implicit(), verify_client)
assert _prov.verify_code_challenge(cv, args['code_challenge'], 'S512') is True
resp = _prov.verify_code_challenge('XXX', args['code_challenge'])
assert isinstance(resp, Response)
assert resp.info()['status_code'] == 401
def test_pkce_verify_512(session_db_factory):
_cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}})
args, cv = _cli.add_code_challenge()
authn_broker = AuthnBroker()
authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
_prov = Provider("as", session_db_factory(SERVER_INFO["issuer"]), CDB,
authn_broker, Implicit(), verify_client)
assert _prov.verify_code_challenge(cv, args['code_challenge'],
'S512') is True
resp = _prov.verify_code_challenge('XXX', args['code_challenge'])
assert isinstance(resp, Response)
assert resp.info()['status_code'] == 401
def test_pkce_verify_512(session_db_factory):
_cli = Client(config={"code_challenge": {"method": "S512", "length": 96}})
args, cv = _cli.add_code_challenge()
authn_broker = AuthnBroker()
authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
_prov = Provider(
"as",
session_db_factory(SERVER_INFO["issuer"]),
CDB,
authn_broker,
Implicit(),
verify_client,
)
assert _prov.verify_code_challenge(cv, args["code_challenge"],
"S512") is True
resp = _prov.verify_code_challenge("XXX", args["code_challenge"])
assert isinstance(resp, Response)
assert resp.info()["status_code"] == 401
def test_pkce_create():
_cli = Client(config={'code_challenge': {'method': 'S256', 'length': 64}})
args, cv = _cli.add_code_challenge()
assert args['code_challenge_method'] == 'S256'
assert _eq(list(args.keys()), ['code_challenge_method', 'code_challenge'])
def test_pkce_create():
_cli = Client(config={'code_challenge': {'method': 'S256', 'length': 64}})
args, cv = _cli.add_code_challenge()
assert args['code_challenge_method'] == 'S256'
assert _eq(list(args.keys()), ['code_challenge_method', 'code_challenge'])
def test_pkce_create():
_cli = Client(config={"code_challenge": {"method": "S256", "length": 64}})
args, cv = _cli.add_code_challenge()
assert args["code_challenge_method"] == "S256"
assert _eq(list(args.keys()), ["code_challenge_method", "code_challenge"])