def test_authz_request(): example = "https://server.example.com/authorize?response_type=token%20id_token&client_id=0acf77d4-b486-4c99-bd76-074ed6a64ddf&redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb&scope=openid%20profile&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj" req = AuthorizationRequest().deserialize(example.split("?")[1], "urlencoded") print req.keys() assert _eq(req.keys(), ['nonce', 'state', 'redirect_uri', 'response_type', 'client_id', 'scope']) assert req["response_type"] == ["token", "id_token"] assert req["scope"] == ["openid", "profile"]
def test_request_info_simple(self): self.client.authorization_endpoint = "https://example.com/authz" uri, body, h_args, cis = self.client.request_info(AuthorizationRequest) # default == "POST" assert uri == "https://example.com/authz" areq = AuthorizationRequest().from_urlencoded(body) assert _eq(areq.keys(), ["nonce", "redirect_uri", "response_type", "client_id"]) assert h_args == {"headers": {"content-type": "application/x-www-form-urlencoded"}} assert cis.type() == "AuthorizationRequest"
def test_request_info_simple_get(self): uri, body, h_args, cis = self.client.request_info(AuthorizationRequest, method="GET") (url, query) = uri.split("?") areq = AuthorizationRequest().from_urlencoded(query) assert _eq(areq.keys(), ["nonce", "redirect_uri", "response_type", "client_id"]) assert areq["redirect_uri"] == "http://client.example.com/authz" assert body is None assert h_args == {} assert cis.type() == "AuthorizationRequest"
def test_request_info_with_req_and_extra_args(self): # self.client.authorization_endpoint = "https://example.com/authz" uri, body, h_args, cis = self.client.request_info( AuthorizationRequest, method="GET", request_args={"state": "init"}, extra_args={"rock": "little"} ) print uri (url, query) = uri.split("?") areq = AuthorizationRequest().from_urlencoded(query) assert _eq(areq.keys(), ["nonce", "redirect_uri", "response_type", "client_id", "state", "rock"]) assert body is None assert h_args == {} assert cis.type() == "AuthorizationRequest"
def test_request_info_simple(self): self.client.authorization_endpoint = "https://example.com/authz" uri, body, h_args, cis = self.client.request_info(AuthorizationRequest, request_args={"scope":["openid"], "response_type":"token"}) # default == "POST" assert uri == 'https://example.com/authz' areq = AuthorizationRequest().from_urlencoded(body) assert _eq(areq.keys(), ["nonce","redirect_uri","response_type", "client_id", "scope"]) assert h_args == {'headers': {'content-type': 'application/x-www-form-urlencoded'}} assert cis.type() == "AuthorizationRequest"
def test_deserialize(self): query = "response_type=token%20id_token&client_id=0acf77d4-b486-4c99" \ "-bd76-074ed6a64ddf&redirect_uri=https%3A%2F%2Fclient.example" \ ".com%2Fcb&scope=openid%20profile&state=af0ifjsldkj&nonce=n" \ "-0S6_WzA2Mj" req = AuthorizationRequest().deserialize(query, "urlencoded") assert _eq(req.keys(), ['nonce', 'state', 'redirect_uri', 'response_type', 'client_id', 'scope']) assert req["response_type"] == ["token", "id_token"] assert req["scope"] == ["openid", "profile"]
def test_request_info_simple_get(self): uri, body, h_args, cis = self.client.request_info( AuthorizationRequest, method="GET", request_args={"scope": ["openid"], "response_type": "token"}) (url, query) = uri.split("?") areq = AuthorizationRequest().from_urlencoded(query) assert _eq(areq.keys(), ["nonce", "redirect_uri", "response_type", "client_id", "scope", "state"]) assert areq["redirect_uri"] == "http://client.example.com/authz" assert body is None assert h_args == {} assert cis.type() == "AuthorizationRequest"
def test_request_info_simple(self): self.client.authorization_endpoint = "https://example.com/authz" uri, body, h_args, cis = self.client.request_info( AuthorizationRequest, request_args={"scope": ["openid"], "response_type": "token"}) # default == "POST" assert uri == 'https://example.com/authz' areq = AuthorizationRequest().from_urlencoded(body) assert _eq(areq.keys(), ["nonce", "state", "redirect_uri", "response_type", "client_id", "scope"]) assert h_args == {'headers': { 'Content-type': 'application/x-www-form-urlencoded'}} assert cis.type() == "AuthorizationRequest"
def test_request_info_simple_get_with_extra_args(self): #self.client.authorization_endpoint = "https://example.com/authz" uri, body, h_args, cis = self.client.request_info( AuthorizationRequest, method="GET", request_args={"scope": ["openid"], "response_type": "code"}, extra_args={"rock": "little"}) print uri (url, query) = uri.split("?") areq = AuthorizationRequest().from_urlencoded(query) assert _eq(areq.keys(), ["redirect_uri", "response_type", "client_id", "rock", "scope", "state"]) assert body is None assert h_args == {} assert cis.type() == "AuthorizationRequest"
# demand re-authentication return self.authn(**authn_args) else: # I get back a dictionary user = identity["uid"] if req_user and req_user != user: logger.debug("Wanted to be someone else!") if "prompt" in areq and "none" in areq["prompt"]: # Need to authenticate but not allowed return self._redirect_authz_error("login_required", redirect_uri) else: return self.authn(**authn_args) logger.debug("- authenticated -") logger.debug("AREQ keys: %s" % areq.keys()) try: oidc_req = areq["request"] except KeyError: oidc_req = None sid = self.sdb.create_authz_session(user, areq, oidreq=oidc_req) return self.authz_part2(user, areq, sid) def userinfo_in_id_token_claims(self, session): """ Put userinfo claims in the id token :param session: :return: """