def test_request_attr_mis_match(): redirect_uri = "http://example.com/redirect" client = Client(CLIENT_ID, client_authn_method=CLIENT_AUTHN_METHOD) client.redirect_uris = [redirect_uri] client.authorization_endpoint = "http://example.com/authorization" client.client_secret = "abcdefghijklmnop" client.keyjar[""] = KC_RSA client.behaviour = { "request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"] } srv = Server() srv.keyjar = KEYJ areq = client.construct_AuthorizationRequest( request_args={ "scope": "openid", "response_type": ["code"], "max_age": 86400, "state": "foobar", }, request_param="request", ) for attr in ["state", "max_age", "client_id"]: del areq[attr] areq.lax = True req = srv.parse_authorization_request(query=areq.to_urlencoded()) assert req.verify()
def test_request_attr_mis_match(): redirect_uri = "http://example.com/redirect" client = Client(CLIENT_ID, client_authn_method=CLIENT_AUTHN_METHOD) client.redirect_uris = [redirect_uri] client.authorization_endpoint = "http://example.com/authorization" client.client_secret = "abcdefghijklmnop" client.keyjar[""] = KC_RSA client.behaviour = { "request_object_signing_alg": DEF_SIGN_ALG["openid_request_object"]} srv = Server() srv.keyjar = KEYJ areq = client.construct_AuthorizationRequest( request_args={ "scope": "openid", "response_type": ["code"], "max_age": 86400, 'state': 'foobar' }, request_param="request") for attr in ['state', 'max_age', 'client_id']: del areq[attr] areq.lax = True req = srv.parse_authorization_request(query=areq.to_urlencoded()) assert req.verify()
def test_client_endpoint(): cli = Client() cli.authorization_endpoint = "https://example.org/oauth2/as" cli.token_endpoint = "https://example.org/oauth2/token" cli.token_revocation_endpoint = "https://example.org/oauth2/token_rev" ae = cli._endpoint("authorization_endpoint") assert ae == "https://example.org/oauth2/as" te = cli._endpoint("token_endpoint") assert te == "https://example.org/oauth2/token" tre = cli._endpoint("token_revocation_endpoint") assert tre == "https://example.org/oauth2/token_rev" ae = cli._endpoint("authorization_endpoint", **{"authorization_endpoint": "https://example.com/as"}) assert ae == "https://example.com/as" cli.token_endpoint = "" raises(Exception, 'cli._endpoint("token_endpoint")') raises(Exception, 'cli._endpoint("foo_endpoint")')
keys=False, ) except: pass # This fakes the response we would get from registering the client through the API client_reg = RegistrationResponse( client_id=app.config['GITLAB_CLIENT_ID'], client_secret=app.config['GITLAB_CLIENT_SECRET'], ) gitlab_client.store_registration_info(client_reg) # gitlab /.well-known/openid-configuration doesn't take into account the protocol for generating its URLs # so we have to manualy fix them here gitlab_client.authorization_endpoint = "{}/oauth/authorize".format( app.config['GITLAB_URL']) gitlab_client.token_endpoint = "{}/oauth/token".format( app.config['GITLAB_URL']) gitlab_client.userinfo_endpoint = "{}/oauth/userinfo".format( app.config['GITLAB_URL']) gitlab_client.jwks_uri = "{}/oauth/discovery/keys".format( app.config['GITLAB_URL']) gitlab_client.keyjar = KeyJar() gitlab_client.keyjar.load_keys( {'jwks_uri': "{}/oauth/discovery/keys".format(app.config['GITLAB_URL'])}, app.config['GITLAB_URL']) @app.route(urljoin(app.config['SERVICE_PREFIX'], 'auth/gitlab/login')) def gitlab_login():