def test_token_endpoint_no_cache(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client1") _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.token_factory['code'](sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": authreq.to_json(), "client_id": "client1", "code": access_grant, "code_used": False, "redirect_uri": "http://example.com/authz", 'response_type': ['code'] } # Construct Access token request areq = AccessTokenRequest(code=access_grant, redirect_uri="http://example.com/authz", client_id="client1", client_secret="hemlighet", grant_type='authorization_code') resp = self.provider.token_endpoint(request=areq.to_urlencoded()) assert resp.headers == [('Pragma', 'no-cache'), ('Cache-Control', 'no-store'), ('Content-type', 'application/json')]
def test_token_endpoint(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client1") _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.token_factory['code'](sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": authreq.to_json(), "client_id": "client1", "code": access_grant, "code_used": False, "redirect_uri": "http://example.com/authz", 'response_type': ['code'] } # Construct Access token request areq = AccessTokenRequest(code=access_grant, redirect_uri="http://example.com/authz", client_id="client1", client_secret="hemlighet", grant_type='authorization_code') resp = self.provider.token_endpoint(request=areq.to_urlencoded()) atr = AccessTokenResponse().deserialize(resp.message, "json") assert _eq(atr.keys(), ['access_token', 'token_type'])
def test_token_endpoint(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client1") _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.access_token(sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": "", "client_id": "client1", "code": access_grant, "code_used": False, "redirect_uri": "http://example.com/authz" } # Construct Access token request areq = AccessTokenRequest(code=access_grant, redirect_uri="http://example.com/authz", client_id="client1", client_secret="hemlighet", grant_type='authorization_code') with LogCapture(level=logging.DEBUG) as logcap: resp = self.provider.token_endpoint(request=areq.to_urlencoded()) atr = AccessTokenResponse().deserialize(resp.message, "json") assert _eq(atr.keys(), ['access_token', 'token_type', 'refresh_token']) expected = ( 'body: code=<REDACTED>&client_secret=<REDACTED>&grant_type' '=authorization_code' ' &client_id=client1&redirect_uri=http%3A%2F%2Fexample.com%2Fauthz') assert _eq(parse_qs(logcap.records[1].msg[6:]), parse_qs(expected[6:])) expected = {u'code': '<REDACTED>', u'client_secret': '<REDACTED>', u'redirect_uri': u'http://example.com/authz', u'client_id': 'client1', u'grant_type': 'authorization_code'} # Don't try this at home, kids! # We have to eval() to a dict here because otherwise the arbitrary # ordering of the string causes the test to fail intermittently. assert _eq(eval(logcap.records[2].msg[4:]), expected) assert _eq(logcap.records[3].msg, 'Verified Client ID: client1') expected = {'redirect_uri': u'http://example.com/authz', 'client_secret': '<REDACTED>', 'code': u'<REDACTED>', 'client_id': 'client1', 'grant_type': 'authorization_code'} assert eval(logcap.records[4].msg[20:]) == expected expected = {'code': '<REDACTED>', 'authzreq': '', 'sub': 'sub', 'access_token': '<REDACTED>', 'token_type': 'Bearer', 'redirect_uri': 'http://example.com/authz', 'code_used': True, 'client_id': 'client1', 'oauth_state': 'token', 'refresh_token': '<REDACTED>', 'access_token_scope': '?'} assert _eq(eval(logcap.records[5].msg[7:]), expected) expected = {'access_token': u'<REDACTED>', 'token_type': 'Bearer', 'refresh_token': '<REDACTED>'} assert _eq(eval(logcap.records[6].msg[21:]), expected)
def test_token_endpoint_unauth(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client1") _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.access_token(sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": "", "client_id": "client1", "code": access_grant, "code_used": False, "redirect_uri": "http://example.com/authz", } # Construct Access token request areq = AccessTokenRequest( code=access_grant, redirect_uri="http://example.com/authz", client_id="<REDACTED>", client_secret="hemlighet", grant_type="authorization_code", ) resp = self.provider.token_endpoint(request=areq.to_urlencoded()) atr = TokenErrorResponse().deserialize(resp.message, "json") assert _eq(atr.keys(), ["error_description", "error"])
def test_token_endpoint_unauth(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client, symkey=rndstr(16)) authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client1") _sdb = provider.sdb sid = _sdb.token.key(user="******", areq=authreq) access_grant = _sdb.token(sid=sid) _sdb[sid] = { "oauth_state": "authz", "user_id": "user_id", "authzreq": "", "client_id": "client1", "code": access_grant, "code_used": False, "redirect_uri": "http://example.com/authz" } # Construct Access token request areq = AccessTokenRequest(code=access_grant, redirect_uri="http://example.com/authz", client_id="client2", client_secret="hemlighet",) print areq.to_dict() resp = provider.token_endpoint(request=areq.to_urlencoded()) print resp.message atr = TokenErrorResponse().deserialize(resp.message, "json") print atr.keys() assert _eq(atr.keys(), ['error_description', 'error'])
def test_token_introspection(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client1") _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.token_factory["code"](sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": authreq.to_json(), "client_id": "client1", "code": access_grant, "code_used": False, "redirect_uri": "http://example.com/authz", "response_type": ["code"], } # Construct Access token request areq = AccessTokenRequest( code=access_grant, redirect_uri="http://example.com/authz", client_id="client1", client_secret="hemlighet", grant_type="authorization_code", ) resp = self.provider.token_endpoint(request=areq.to_urlencoded()) atr = AccessTokenResponse().deserialize(resp.message, "json") req = TokenIntrospectionRequest( token=atr["access_token"], client_id="client1", client_secret="hemlighet", token_type_hint="access_token" ) resp = self.provider.introspection_endpoint(request=req.to_urlencoded()) assert resp ti_resp = TokenIntrospectionResponse().deserialize(resp.message, "json") assert ti_resp["active"] is True
def test_token_endpoint_unauth(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client1") _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.access_token(sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": "", "client_id": "client1", "code": access_grant, "code_used": False, "redirect_uri": "http://example.com/authz" } # Construct Access token request areq = AccessTokenRequest(code=access_grant, redirect_uri="http://example.com/authz", client_id="client2", client_secret="hemlighet", grant_type='authorization_code') resp = self.provider.token_endpoint(request=areq.to_urlencoded()) atr = TokenErrorResponse().deserialize(resp.message, "json") assert _eq(atr.keys(), ['error_description', 'error'])
def test_code_grant_type_used(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id='client1', response_type="code", scope=["openid"]) _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.access_token(sid=sid) _sdb[sid] = { "oauth_state": "authz", "authn_event": '', "authzreq": '', "client_id": 'client1', "code": access_grant, "code_used": True, "scope": ["openid"], "redirect_uri": "http://example.com/authz", } # Construct Access token request areq = AccessTokenRequest(code=access_grant, client_id='client1', redirect_uri="http://example.com/authz", client_secret='hemlighet', grant_type='authorization_code') txt = areq.to_urlencoded() resp = self.provider.token_endpoint(request=txt) atr = TokenErrorResponse().deserialize(resp.message, "json") assert atr['error'] == "invalid_grant"
def test_token_endpoint_no_cache(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client1") _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.token_factory['code'](sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": authreq.to_json(), "client_id": "client1", "code": access_grant, "code_used": False, "redirect_uri": "http://example.com/authz", 'response_type': ['code'] } # Construct Access token request areq = AccessTokenRequest(code=access_grant, redirect_uri="http://example.com/authz", client_id="client1", client_secret="hemlighet", grant_type='authorization_code') resp = self.provider.token_endpoint(request=areq.to_urlencoded()) assert resp.headers == [('Pragma', 'no-cache'), ('Cache-Control', 'no-store'), ('Content-type', 'application/json')]
def test_token_endpoint(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client1") _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.access_token(sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": "", "client_id": "client1", "code": access_grant, "code_used": False, "redirect_uri": "http://example.com/authz" } # Construct Access token request areq = AccessTokenRequest(code=access_grant, redirect_uri="http://example.com/authz", client_id="client1", client_secret="hemlighet", grant_type='authorization_code') with LogCapture(level=logging.DEBUG) as logcap: resp = self.provider.token_endpoint(request=areq.to_urlencoded()) atr = AccessTokenResponse().deserialize(resp.message, "json") assert _eq(atr.keys(), ['access_token', 'token_type', 'refresh_token']) expected = ( 'token_request: code=<REDACTED>&client_secret=<REDACTED>&grant_type=authorization_code' '&client_id=client1&redirect_uri=http%3A%2F%2Fexample.com%2Fauthz') assert _eq(parse_qs(logcap.records[1].msg[15:]), parse_qs(expected[15:])) expected = {u'code': '<REDACTED>', u'client_secret': '<REDACTED>', u'redirect_uri': u'http://example.com/authz', u'client_id': 'client1', u'grant_type': 'authorization_code'} # Don't try this at home, kids! # We have to eval() to a dict here because otherwise the arbitrary # ordering of the string causes the test to fail intermittently. assert _eq(eval(logcap.records[2].msg[4:]), expected) assert _eq(logcap.records[3].msg, 'Verified Client ID: client1') expected = {'redirect_uri': u'http://example.com/authz', 'client_secret': '<REDACTED>', 'code': u'<REDACTED>', 'client_id': 'client1', 'grant_type': 'authorization_code'} assert eval(logcap.records[4].msg[20:]) == expected expected = {'code': '<REDACTED>', 'authzreq': '', 'sub': 'sub', 'access_token': '<REDACTED>', 'token_type': 'Bearer', 'redirect_uri': 'http://example.com/authz', 'code_used': True, 'client_id': 'client1', 'oauth_state': 'token', 'refresh_token': '<REDACTED>', 'access_token_scope': '?'} assert _eq(eval(logcap.records[5].msg[7:]), expected) expected = {'access_token': u'<REDACTED>', 'token_type': 'Bearer', 'refresh_token': '<REDACTED>'} assert _eq(eval(logcap.records[6].msg[21:]), expected)
def test_extra(self): atr = AccessTokenRequest(grant_type="authorization_code", code="SplxlOBeZQQYbYS6WxSbIA", redirect_uri="https://client.example.com/cb", extra="foo") query = atr.to_urlencoded() assert query_string_compare(query, "code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb&grant_type=authorization_code&extra=foo") atr2 = AccessTokenRequest().deserialize(query, "urlencoded") assert atr == atr2
def test_extra(self): atr = AccessTokenRequest(grant_type="authorization_code", code="SplxlOBeZQQYbYS6WxSbIA", redirect_uri="https://client.example.com/cb", extra="foo") query = atr.to_urlencoded() assert query_string_compare(query, "code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb&grant_type=authorization_code&extra=foo") atr2 = AccessTokenRequest().deserialize(query, "urlencoded") assert atr == atr2
def test_token_revocation_and_introspection(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client1") _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.token_factory["code"](sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": authreq.to_json(), "client_id": "client1", "code": access_grant, "code_used": False, "redirect_uri": "http://example.com/authz", "response_type": ["code"], } # Construct Access token request areq = AccessTokenRequest( code=access_grant, redirect_uri="http://example.com/authz", client_id="client1", client_secret="hemlighet", grant_type="authorization_code", ) resp = self.provider.token_endpoint(request=areq.to_urlencoded()) atr = AccessTokenResponse().deserialize(resp.message, "json") req = TokenRevocationRequest( token=atr["access_token"], client_id="client1", client_secret="hemlighet", token_type_hint="access_token", ) resp = self.provider.revocation_endpoint(request=req.to_urlencoded()) assert resp.status_code == 200 req2 = TokenIntrospectionRequest( token=atr["access_token"], client_id="client1", client_secret="hemlighet", token_type_hint="access_token", ) resp = self.provider.introspection_endpoint( request=req2.to_urlencoded()) assert resp ti_resp = TokenIntrospectionResponse().deserialize( resp.message, "json") assert ti_resp["active"] is False
def test_token_introspection_missing(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client2") _sdb = self.provider.sdb self.provider.cdb["client2"] = { "client_secret": "hemlighet", "redirect_uris": [("http://localhost:8087/authz", None)], "token_endpoint_auth_method": "client_secret_post", "response_types": ["code", "token"], } sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.token_factory["code"](sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": authreq.to_json(), "client_id": "client2", "code": access_grant, "code_used": False, "redirect_uri": "http://example.com/authz", "response_type": ["code"], } # Construct Access token request areq = AccessTokenRequest( code=access_grant, redirect_uri="http://example.com/authz", client_id="client2", client_secret="hemlighet", grant_type="authorization_code", ) resp = self.provider.token_endpoint(request=areq.to_urlencoded()) atr = AccessTokenResponse().deserialize(resp.message, "json") # Delete the client del self.provider.cdb["client2"] req = TokenIntrospectionRequest( token=atr["access_token"], client_id="client2", client_secret="hemlighet", token_type_hint="access_token", ) resp = self.provider.introspection_endpoint( request=req.to_urlencoded()) assert resp ti_resp = TokenIntrospectionResponse().deserialize( resp.message, "json") assert ti_resp["error"] == "unauthorized_client"
def test_token_introspection_missing(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client2") _sdb = self.provider.sdb self.provider.cdb["client2"] = { "client_secret": "hemlighet", "redirect_uris": [("http://localhost:8087/authz", None)], "token_endpoint_auth_method": "client_secret_post", "response_types": ["code", "token"] } sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.token_factory["code"](sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": authreq.to_json(), "client_id": "client2", "code": access_grant, "code_used": False, "redirect_uri": "http://example.com/authz", "response_type": ["code"] } # Construct Access token request areq = AccessTokenRequest(code=access_grant, redirect_uri="http://example.com/authz", client_id="client2", client_secret="hemlighet", grant_type="authorization_code") resp = self.provider.token_endpoint(request=areq.to_urlencoded()) atr = AccessTokenResponse().deserialize(resp.message, "json") # Delete the client del self.provider.cdb["client2"] req = TokenIntrospectionRequest(token=atr["access_token"], client_id="client2", client_secret="hemlighet", token_type_hint="access_token") resp = self.provider.introspection_endpoint(request=req.to_urlencoded()) assert resp ti_resp = TokenIntrospectionResponse().deserialize(resp.message, "json") assert ti_resp["error"] == "unauthorized_client"
def test_token_endpoint(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, AUTHN_BROKER, AUTHZ, verify_client, symkey=rndstr(16)) authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client1") _sdb = provider.sdb sid = _sdb.token.key(user="******", areq=authreq) access_grant = _sdb.token(sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": "", "client_id": "client1", "code": access_grant, "code_used": False, "redirect_uri": "http://example.com/authz" } # Construct Access token request areq = AccessTokenRequest( code=access_grant, redirect_uri="http://example.com/authz", client_id="client1", client_secret="hemlighet", ) print areq.to_dict() resp = provider.token_endpoint(request=areq.to_urlencoded()) print resp.message atr = AccessTokenResponse().deserialize(resp.message, "json") print atr.keys() assert _eq(atr.keys(), ['access_token', 'expires_in', 'token_type', 'refresh_token'])
def test_server_parse_token_request(self): atr = AccessTokenRequest( grant_type="authorization_code", code="SplxlOBeZQQYbYS6WxSbIA", redirect_uri="https://client.example.com/cb", extra="foo") uenc = atr.to_urlencoded() tr = self.srv.parse_token_request(body=uenc) assert isinstance(tr, AccessTokenRequest) assert _eq(tr.keys(), ['code', 'redirect_uri', 'grant_type', 'extra']) assert tr["grant_type"] == "authorization_code" assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA" tr = self.srv.parse_token_request(body=uenc) assert isinstance(tr, AccessTokenRequest) assert _eq(tr.keys(), ['code', 'grant_type', 'redirect_uri', 'extra']) assert tr["extra"] == "foo"
def test_token_endpoint_ok_state(self): authreq = AuthorizationRequest( state="state", redirect_uri="http://example.com/authz", client_id="client1", response_type="code", scope=["openid"], ) _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.access_token(sid=sid) ae = AuthnEvent("user", "salt") _sdb[sid] = { "oauth_state": "authz", "authn_event": ae.to_json(), "authzreq": "", "client_id": "client1", "code": access_grant, "state": "state", "code_used": False, "scope": ["openid"], "redirect_uri": "http://example.com/authz", } _sdb.do_sub(sid, "client_salt") # Construct Access token request areq = AccessTokenRequest( code=access_grant, client_id="client1", redirect_uri="http://example.com/authz", client_secret="hemlighet", grant_type="authorization_code", state="state", ) txt = areq.to_urlencoded() resp = self.provider.token_endpoint(request=txt) atr = AccessTokenResponse().deserialize(resp.message, "json") assert atr["token_type"] == "Bearer"
def test_server_parse_token_request(self): atr = AccessTokenRequest(grant_type="authorization_code", code="SplxlOBeZQQYbYS6WxSbIA", redirect_uri="https://client.example.com/cb", extra="foo") uenc = atr.to_urlencoded() tr = self.srv.parse_token_request(body=uenc) assert isinstance(tr, AccessTokenRequest) assert _eq(tr.keys(), ['code', 'redirect_uri', 'grant_type', 'extra']) assert tr["grant_type"] == "authorization_code" assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA" tr = self.srv.parse_token_request(body=uenc) assert isinstance(tr, AccessTokenRequest) assert _eq(tr.keys(), ['code', 'grant_type', 'redirect_uri', 'extra']) assert tr["extra"] == "foo"
def test_token_endpoint(): provider = Provider("pyoicserv", sdb.SessionDB(), CDB, FUNCTIONS) authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client1") _sdb = provider.sdb sid = _sdb.token.key(user="******", areq=authreq) access_grant = _sdb.token(sid=sid) _sdb[sid] = { "oauth_state": "authz", "user_id": "user_id", "authzreq": "", "client_id": "client1", "code": access_grant, "code_used": False, "redirect_uri":"http://example.com/authz" } # Construct Access token request areq = AccessTokenRequest(code=access_grant, redirect_uri="http://example.com/authz") str = areq.to_urlencoded() fil = StringIO.StringIO(buf=str) environ = BASE_ENVIRON.copy() environ["CONTENT_LENGTH"] = len(str) environ["wsgi.input"] = fil environ["REMOTE_USER"] = "******" resp = provider.token_endpoint(environ, start_response) print resp atr = AccessTokenResponse().deserialize(resp[0], "json") print atr.keys() assert _eq(atr.keys(), ['access_token', 'expires_in', 'token_type', 'refresh_token'])
def test_token_endpoint_bad_redirect_uri(self): authreq = AuthorizationRequest( state="state", redirect_uri="http://example.com/authz", client_id="client1", response_type="code", scope=["openid"], ) _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.access_token(sid=sid) _sdb[sid] = { "oauth_state": "authz", "authzreq": "", "client_id": "client1", "code": access_grant, "code_used": False, "scope": ["openid"], "redirect_uri": "http://example.com/authz", } # Construct Access token request areq = AccessTokenRequest( code=access_grant, client_id="client1", redirect_uri="http://example.com/authz2", client_secret="hemlighet", grant_type="authorization_code", ) txt = areq.to_urlencoded() resp = self.provider.token_endpoint(request=txt) atr = TokenErrorResponse().deserialize(resp.message, "json") assert atr["error"] == "unauthorized_client"
def test_token_endpoint(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client1") _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.access_token(sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": "", "client_id": "client1", "code": access_grant, "code_used": False, "redirect_uri": "http://example.com/authz", } # Construct Access token request areq = AccessTokenRequest( code=access_grant, redirect_uri="http://example.com/authz", client_id="client1", client_secret="hemlighet", grant_type="authorization_code", ) with LogCapture(level=logging.DEBUG) as logcap: resp = self.provider.token_endpoint(request=areq.to_urlencoded()) atr = AccessTokenResponse().deserialize(resp.message, "json") assert _eq(atr.keys(), ["access_token", "token_type", "refresh_token"]) expected = ( "token_request: code=<REDACTED>&client_secret=<REDACTED>&grant_type=authorization_code" "&client_id=client1&redirect_uri=http%3A%2F%2Fexample.com%2Fauthz") assert _eq(parse_qs(logcap.records[1].msg[15:]), parse_qs(expected[15:])) expected2 = { "code": "<REDACTED>", "client_secret": "<REDACTED>", "redirect_uri": "http://example.com/authz", "client_id": "client1", "grant_type": "authorization_code", } # Don't try this at home, kids! # We have to eval() to a dict here because otherwise the arbitrary # ordering of the string causes the test to fail intermittently. assert _eq(eval(logcap.records[2].msg[4:]), expected2) assert _eq(logcap.records[3].msg, "Verified Client ID: client1") expected3 = { "redirect_uri": "http://example.com/authz", "client_secret": "<REDACTED>", "code": "<REDACTED>", "client_id": "client1", "grant_type": "authorization_code", } assert eval(logcap.records[4].msg[20:]) == expected3 expected4 = { "code": "<REDACTED>", "authzreq": "", "sub": "sub", "access_token": "<REDACTED>", "token_type": "Bearer", "redirect_uri": "http://example.com/authz", "code_used": True, "client_id": "client1", "oauth_state": "token", "refresh_token": "<REDACTED>", "access_token_scope": "?", } assert _eq(eval(logcap.records[5].msg[7:]), expected4) expected5 = { "access_token": "<REDACTED>", "token_type": "Bearer", "refresh_token": "<REDACTED>", } assert _eq(eval(logcap.records[6].msg[21:]), expected5)