def test_token_endpoint_malformed(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id=CLIENT_ID, response_type="code", scope=["openid"]) _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.access_token(sid=sid) ae = AuthnEvent("user", "salt") _sdb[sid] = { "oauth_state": "authz", "authn_event": ae, "authzreq": authreq.to_json(), "client_id": CLIENT_ID, "code": access_grant, "code_used": False, "scope": ["openid"], "redirect_uri": "http://example.com/authz", } _sdb.do_sub(sid, "client_salt") # Construct Access token request areq = AccessTokenRequest(code=access_grant[0:len(access_grant) - 1], client_id=CLIENT_ID, redirect_uri="http://example.com/authz", client_secret=CLIENT_SECRET, grant_type='authorization_code') txt = areq.to_urlencoded() resp = self.provider.token_endpoint(request=txt) atr = TokenErrorResponse().deserialize(resp.message, "json") assert atr['error'] == "access_denied"
def test_token_endpoint_malformed(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id=CLIENT_ID, response_type="code", scope=["openid"]) _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.access_token(sid=sid) ae = AuthnEvent("user", "salt") _sdb[sid] = { "oauth_state": "authz", "authn_event": ae, "authzreq": authreq.to_json(), "client_id": CLIENT_ID, "code": access_grant, "code_used": False, "scope": ["openid"], "redirect_uri": "http://example.com/authz", } _sdb.do_sub(sid, "client_salt") # Construct Access token request areq = AccessTokenRequest(code=access_grant[0:len(access_grant) - 1], client_id=CLIENT_ID, redirect_uri="http://example.com/authz", client_secret=CLIENT_SECRET, grant_type='authorization_code') txt = areq.to_urlencoded() resp = self.provider.token_endpoint(request=txt) atr = TokenErrorResponse().deserialize(resp.message, "json") assert atr['error'] == "invalid_request"
def test_server_parse_token_request(): atr = AccessTokenRequest(grant_type="authorization_code", code="SplxlOBeZQQYbYS6WxSbIA", redirect_uri="https://client.example.com/cb", client_id=CLIENT_ID, extra="foo") uenc = atr.to_urlencoded() srv = Server() srv.keyjar = KEYJ tr = srv.parse_token_request(body=uenc) print tr.keys() assert tr.type() == "AccessTokenRequest" assert _eq(tr.keys(), ['code', 'redirect_uri', 'grant_type', 'client_id', 'extra']) assert tr["grant_type"] == "authorization_code" assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA" tr = srv.parse_token_request(body=uenc) print tr.keys() assert tr.type() == "AccessTokenRequest" assert _eq(tr.keys(), ['code', 'grant_type', 'client_id', 'redirect_uri', 'extra']) assert tr["extra"] == "foo"
def test_token_endpoint(): server = provider_init authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id=CLIENT_ID) _sdb = server.sdb sid = _sdb.token.key(user="******", areq=authreq) access_grant = _sdb.token(sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "user_id", "authzreq": "", "client_id": CLIENT_ID, "code": access_grant, "code_used": False, "scope": ["openid"], "redirect_uri": "http://example.com/authz" } # Construct Access token request areq = AccessTokenRequest(code=access_grant, client_id=CLIENT_ID, redirect_uri="http://example.com/authz", client_secret=CLIENT_SECRET) txt = areq.to_urlencoded() resp = server.token_endpoint(request=txt) print resp atr = AccessTokenResponse().deserialize(resp.message, "json") print atr.keys() assert _eq(atr.keys(), ['token_type', 'id_token', 'access_token', 'scope', 'expires_in', 'refresh_token'])
def setup_token_endpoint(self): authreq = AuthorizationRequest(state="state", redirect_uri=self.redirect_urls[0], client_id=CLIENT_ID, response_type="code", scope=["openid"]) _sdb = self.provider.sdb sid = _sdb.token.key(user="******", areq=authreq) access_grant = _sdb.token(sid=sid) ae = AuthnEvent("user", "salt") _sdb[sid] = { "oauth_state": "authz", "authn_event": ae, "authzreq": authreq.to_json(), "client_id": CLIENT_ID, "code": access_grant, "code_used": False, "scope": ["openid"], "redirect_uri": self.redirect_urls[0], } _sdb.do_sub(sid, "client_salt") # Construct Access token request areq = AccessTokenRequest(code=access_grant, client_id=CLIENT_ID, redirect_uri=self.redirect_urls[0], client_secret="client_secret_1") txt = areq.to_urlencoded() resp = self.provider.token_endpoint(request=txt) responses.add(responses.POST, self.op_base + "token", body=resp.message, status=200, content_type='application/json')
def test_server_parse_token_request(): atr = AccessTokenRequest( grant_type="authorization_code", code="SplxlOBeZQQYbYS6WxSbIA", redirect_uri="https://client.example.com/cb", client_id="client_id", extra="foo", ) uenc = atr.to_urlencoded() srv = Server() tr = srv.parse_token_request(body=uenc) print tr.keys() assert tr.type() == "AccessTokenRequest" assert _eq(tr.keys(), ["code", "redirect_uri", "grant_type", "client_id", "extra"]) assert tr["grant_type"] == "authorization_code" assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA" tr = srv.parse_token_request(body=uenc) print tr.keys() assert tr.type() == "AccessTokenRequest" assert _eq(tr.keys(), ["code", "grant_type", "client_id", "redirect_uri", "extra"]) assert tr["extra"] == "foo"
def test_server_parse_token_request(): atr = AccessTokenRequest(grant_type="authorization_code", code="SplxlOBeZQQYbYS6WxSbIA", redirect_uri="https://client.example.com/cb", client_id=CLIENT_ID, extra="foo") uenc = atr.to_urlencoded() srv = Server() srv.keyjar = KEYJ tr = srv.parse_token_request(body=uenc) print tr.keys() assert tr.type() == "AccessTokenRequest" assert _eq(tr.keys(), ['code', 'redirect_uri', 'grant_type', 'client_id', 'extra']) assert tr["grant_type"] == "authorization_code" assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA" tr = srv.parse_token_request(body=uenc) print tr.keys() assert tr.type() == "AccessTokenRequest" assert _eq(tr.keys(), ['code', 'grant_type', 'client_id', 'redirect_uri', 'extra']) assert tr["extra"] == "foo"
def test_token_endpoint_unauth(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client_1") _sdb = self.provider.sdb sid = _sdb.token.key(user="******", areq=authreq) access_grant = _sdb.token(sid=sid) ae = AuthnEvent("user", "salt") _sdb[sid] = { "authn_event": ae, "oauth_state": "authz", "authzreq": "", "client_id": "client_1", "code": access_grant, "code_used": False, "scope": ["openid"], "redirect_uri": "http://example.com/authz" } _sdb.do_sub(sid, "client_salt") # Construct Access token request areq = AccessTokenRequest(code=access_grant, redirect_uri="http://example.com/authz", client_id="client_1", client_secret="secret", ) txt = areq.to_urlencoded() resp = self.provider.token_endpoint(request=txt, remote_user="******", request_method="POST") atr = TokenErrorResponse().deserialize(resp.message, "json") assert atr["error"] == "unauthorized_client"
def test_token_endpoint_unauth(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client_1") _sdb = self.server.sdb sid = _sdb.token.key(user="******", areq=authreq) access_grant = _sdb.token(sid=sid) ae = AuthnEvent("user") _sdb[sid] = { "authn_event": ae, "oauth_state": "authz", "authzreq": "", "client_id": "client_1", "code": access_grant, "code_used": False, "scope": ["openid"], "redirect_uri": "http://example.com/authz" } _sdb.do_sub(sid) # Construct Access token request areq = AccessTokenRequest(code=access_grant, redirect_uri="http://example.com/authz", client_id="client_1", client_secret="secret", ) print areq.to_dict() txt = areq.to_urlencoded() resp = self.server.token_endpoint(request=txt, remote_user="******", request_method="POST") print resp atr = TokenErrorResponse().deserialize(resp.message, "json") print atr.keys() assert _eq(atr.keys(), ['error'])
def setup_token_endpoint(self): authreq = AuthorizationRequest(state="state", redirect_uri=self.redirect_urls[0], client_id=CLIENT_ID, response_type="code", scope=["openid"]) _sdb = self.provider.sdb sid = _sdb.token.key(user="******", areq=authreq) access_grant = _sdb.token(sid=sid) ae = AuthnEvent("user", "salt") _sdb[sid] = { "oauth_state": "authz", "authn_event": ae, "authzreq": authreq.to_json(), "client_id": CLIENT_ID, "code": access_grant, "code_used": False, "scope": ["openid"], "redirect_uri": self.redirect_urls[0], } _sdb.do_sub(sid, "client_salt") # Construct Access token request areq = AccessTokenRequest(code=access_grant, client_id=CLIENT_ID, redirect_uri=self.redirect_urls[0], client_secret="client_secret_1") txt = areq.to_urlencoded() resp = self.provider.token_endpoint(request=txt) responses.add( responses.POST, self.op_base + "token", body=resp.message, status=200, content_type='application/json')
def test_token_endpoint(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id=CLIENT_ID, response_type="code", scope=["openid"]) _sdb = self.provider.sdb sid = _sdb.token.key(user="******", areq=authreq) access_grant = _sdb.token(sid=sid) ae = AuthnEvent("user", "salt") _sdb[sid] = { "oauth_state": "authz", "authn_event": ae, "authzreq": authreq.to_json(), "client_id": CLIENT_ID, "code": access_grant, "code_used": False, "scope": ["openid"], "redirect_uri": "http://example.com/authz", } _sdb.do_sub(sid, "client_salt") # Construct Access token request areq = AccessTokenRequest(code=access_grant, client_id=CLIENT_ID, redirect_uri="http://example.com/authz", client_secret=CLIENT_SECRET) txt = areq.to_urlencoded() resp = self.provider.token_endpoint(request=txt) atr = AccessTokenResponse().deserialize(resp.message, "json") assert _eq(atr.keys(), ['token_type', 'id_token', 'access_token', 'scope', 'expires_in', 'refresh_token'])
def test_parse_token_request(self): treq = AccessTokenRequest(code="code", redirect_uri="http://example.com/authz", client_id=CLIENT_ID) qdict = self.srv.parse_token_request(body=treq.to_urlencoded()) assert isinstance(qdict, AccessTokenRequest) assert _eq(qdict.keys(), ['code', 'redirect_uri', 'client_id', 'grant_type']) assert qdict["client_id"] == CLIENT_ID assert qdict["code"] == "code"
def test_parse_token_request(self): treq = AccessTokenRequest(code="code", redirect_uri="http://example.com/authz", client_id=CLIENT_ID) qdict = self.srv.parse_token_request(body=treq.to_urlencoded()) assert isinstance(qdict, AccessTokenRequest) assert _eq(qdict.keys(), ['code', 'redirect_uri', 'client_id', 'grant_type']) assert qdict["client_id"] == CLIENT_ID assert qdict["code"] == "code"
def _pop_token_req(self, authz_resp): pop_key = base64.urlsafe_b64encode( json.dumps(self._get_rsa_jwk()).encode("utf-8")).decode("utf-8") areq = AccessTokenRequest(code=authz_resp["code"], redirect_uri="http://localhost:8087/authz", client_id="client1", client_secret="drickyoghurt", token_type="pop", key=pop_key) resp = self.provider.token_endpoint(request=areq.to_urlencoded(), request_method="POST") return AccessTokenResponse().deserialize(resp.message, "json")
def test_refresh_access_token_request(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id=CLIENT_ID, response_type="code", scope=["openid", 'offline_access'], prompt='consent') _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.access_token(sid=sid) ae = AuthnEvent("user", "salt") _sdb[sid] = { "oauth_state": "authz", "authn_event": ae.to_json(), "authzreq": authreq.to_json(), "client_id": CLIENT_ID, "code": access_grant, "code_used": False, "scope": ["openid", 'offline_access'], "redirect_uri": "http://example.com/authz", } _sdb.do_sub(sid, "client_salt") # Construct Access token request areq = AccessTokenRequest(code=access_grant, client_id=CLIENT_ID, redirect_uri="http://example.com/authz", client_secret=CLIENT_SECRET, grant_type='authorization_code') txt = areq.to_urlencoded() resp = self.provider.token_endpoint(request=txt) atr = AccessTokenResponse().deserialize(resp.message, "json") rareq = RefreshAccessTokenRequest(grant_type="refresh_token", refresh_token=atr['refresh_token'], client_id=CLIENT_ID, client_secret=CLIENT_SECRET, scope=['openid']) resp = self.provider.token_endpoint(request=rareq.to_urlencoded()) atr2 = AccessTokenResponse().deserialize(resp.message, "json") assert atr2['access_token'] != atr['access_token'] assert atr2['refresh_token'] == atr['refresh_token'] assert atr2['token_type'] == 'Bearer'
def test_server_parse_token_request(self): atr = AccessTokenRequest(grant_type="authorization_code", code="SplxlOBeZQQYbYS6WxSbIA", redirect_uri="https://client.example.com/cb", client_id=CLIENT_ID, extra="foo") uenc = atr.to_urlencoded() tr = self.srv.parse_token_request(body=uenc) assert isinstance(tr, AccessTokenRequest) assert _eq(tr.keys(), ['code', 'redirect_uri', 'grant_type', 'client_id', 'extra']) assert tr["grant_type"] == "authorization_code" assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA" assert tr["extra"] == "foo"
def test_server_parse_token_request(self): atr = AccessTokenRequest(grant_type="authorization_code", code="SplxlOBeZQQYbYS6WxSbIA", redirect_uri="https://client.example.com/cb", client_id=CLIENT_ID, extra="foo") uenc = atr.to_urlencoded() tr = self.srv.parse_token_request(body=uenc) assert isinstance(tr, AccessTokenRequest) assert _eq(tr.keys(), ['code', 'redirect_uri', 'grant_type', 'client_id', 'extra']) assert tr["grant_type"] == "authorization_code" assert tr["code"] == "SplxlOBeZQQYbYS6WxSbIA" assert tr["extra"] == "foo"
def test_token_endpoint(): server = provider_init authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id=CLIENT_ID) _sdb = server.sdb sid = _sdb.token.key(user="******", areq=authreq) access_grant = _sdb.token(sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "user_id", "authzreq": "", "client_id": CLIENT_ID, "code": access_grant, "code_used": False, "scope": ["openid"], "redirect_uri":"http://example.com/authz" } # Construct Access token request areq = AccessTokenRequest(code=access_grant, client_id=CLIENT_ID, redirect_uri="http://example.com/authz", client_secret=CLIENT_SECRET) str = areq.to_urlencoded() fil = StringIO.StringIO(buf=str) environ = BASE_ENVIRON.copy() environ["REQUEST_METHOD"] = "POST" environ["CONTENT_LENGTH"] = len(str) environ["wsgi.input"] = fil environ["REMOTE_USER"] = CLIENT_ID resp = server.token_endpoint(environ, start_response) print resp atr = AccessTokenResponse().deserialize(resp[0], "json") print atr.keys() assert _eq(atr.keys(), ['token_type', 'id_token', 'access_token', 'scope', 'expires_in', 'refresh_token'])
def test_token_endpoint_unauth(): server = provider_init authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client_1") _sdb = server.sdb sid = _sdb.token.key(user="******", areq=authreq) access_grant = _sdb.token(sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": "", "client_id": "client_1", "code": access_grant, "code_used": False, "scope": ["openid"], "redirect_uri": "http://example.com/authz" } # Construct Access token request areq = AccessTokenRequest( code=access_grant, redirect_uri="http://example.com/authz", client_id="client_1", client_secret="secret", ) print areq.to_dict() txt = areq.to_urlencoded() resp = server.token_endpoint(request=txt, remote_user="******", request_method="POST") print resp atr = TokenErrorResponse().deserialize(resp.message, "json") print atr.keys() assert _eq(atr.keys(), ['error'])
def test_token_endpoint(): server = provider_init authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id=CLIENT_ID) _sdb = server.sdb sid = _sdb.token.key(user="******", areq=authreq) access_grant = _sdb.token(sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": "", "client_id": CLIENT_ID, "code": access_grant, "code_used": False, "scope": ["openid"], "redirect_uri": "http://example.com/authz" } # Construct Access token request areq = AccessTokenRequest(code=access_grant, client_id=CLIENT_ID, redirect_uri="http://example.com/authz", client_secret=CLIENT_SECRET) txt = areq.to_urlencoded() resp = server.token_endpoint(request=txt) print resp atr = AccessTokenResponse().deserialize(resp.message, "json") print atr.keys() assert _eq(atr.keys(), [ 'token_type', 'id_token', 'access_token', 'scope', 'expires_in', 'refresh_token' ])
def test_token_endpoint_unauth(self): state = 'state' authreq = AuthorizationRequest(state=state, redirect_uri="http://example.com/authz", client_id="client_1") _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.access_token(sid=sid) ae = AuthnEvent("user", "salt") _sdb[sid] = { "authn_event": ae, "oauth_state": "authz", "authzreq": "", "client_id": "client_1", "code": access_grant, "code_used": False, "scope": ["openid"], "redirect_uri": "http://example.com/authz", 'state': state } _sdb.do_sub(sid, "client_salt") # Construct Access token request areq = AccessTokenRequest(code=access_grant, redirect_uri="http://example.com/authz", client_id="client_1", client_secret="secret", state=state, grant_type='authorization_code') txt = areq.to_urlencoded() resp = self.provider.token_endpoint(request=txt, remote_user="******", request_method="POST") atr = TokenErrorResponse().deserialize(resp.message, "json") assert atr["error"] == "unauthorized_client"