def test_construct_EndSessionRequest_reqargs_state(self):
self.client.grant["foo"] = Grant()
self.client.grant["foo"].grant_expiration_time = int(time.time()) + 60
self.client.grant["foo"].code = "access_code"
# Need a proper ID Token
self.client.keyjar.add_kb(IDTOKEN["iss"], KC_SYM_S)
_sig_key = self.client.keyjar.get_signing_key("oct", IDTOKEN["iss"])
_signed_jwt = IDTOKEN.to_jwt(_sig_key, algorithm="HS256")
resp = AccessTokenResponse(
id_token=_signed_jwt,
access_token="access",
scope=["openid"],
token_type="bearer",
)
# Need to do this to get things in place
assert resp.verify(keyjar=self.client.keyjar)
self.client.grant["foo"].tokens.append(Token(resp))
# state only in request_args
args = {"redirect_url": "http://example.com/end", "state": "foo"}
esr = self.client.construct_EndSessionRequest(request_args=args)
assert _eq(esr.keys(), ["id_token", "state", "redirect_url"])
def refresh_token(self, refresh_token: str):
"""Requests new tokens using a refresh token.
Parameters
----------
refresh_token: str
refresh token issued to client after user authorization.
Returns
-------
Union[AccessTokenResponse, TokenErrorResponse, None]
The parsed token response, or None if no token request was performed.
"""
request_args = {
'grant_type': 'refresh_token',
'refresh_token': refresh_token,
'redirect_uri': self._redirect_uri
}
client_auth_method = self._client.registration_response.get(
'token_endpoint_auth_method', 'client_secret_basic')
return self._client.do_access_token_refresh(
request_args=request_args,
authn_method=client_auth_method,
token=Token(resp={'refresh_token': refresh_token}),
endpoint=self._client.token_endpoint)
def test_do_user_info_request(self):
resp = AuthorizationResponse(code="code", state="state")
grant = Grant(10) # expired grant
grant.add_code(resp)
resp2 = AccessTokenResponse(
refresh_token="refresh_with_me", access_token="access", token_type="Bearer"
)
token = Token(resp2)
grant.tokens.append(token)
self.client.grant["state0"] = grant
with responses.RequestsMock() as rsps:
rsps.add(
responses.POST,
"https://example.com/userinfo",
content_type="application/json",
json={
"name": "Melody Gardot",
"email": "*****@*****.**",
"verified": False,
"nickname": "Melody",
"sub": "some sub",
},
)
resp3 = self.client.do_user_info_request(state="state0")
assert isinstance(resp3, OpenIDSchema)
assert _eq(resp3.keys(), ["name", "email", "verified", "nickname", "sub"])
assert resp3["name"] == "Melody Gardot"
def test_clean_tokens_fresh(self):
self.client.grant["foo"] = Grant()
self.client.grant["foo"].grant_expiration_time = time.time() + 60
self.client.grant["foo"].code = "access_code"
resp = AccessTokenResponse(refresh_token="refresh_with_me",
access_token="access",
id_token="IDTOKEN",
scope=["openid"])
self.client.grant["foo"].tokens.append(Token(resp))
self.client.clean_tokens()
assert len(self.client.grant["foo"].tokens) == 1
def test_construct_CheckSessionRequest_2(self):
self.client.grant["foo"] = Grant()
self.client.grant["foo"].grant_expiration_time = time.time() + 60
self.client.grant["foo"].code = "access_code"
resp = AccessTokenResponse(
id_token="id_id_id_id", access_token="access", scope=["openid"]
)
self.client.grant["foo"].tokens.append(Token(resp))
csr = self.client.construct_CheckSessionRequest(state="foo", scope=["openid"])
assert csr["id_token"] == "id_id_id_id"
def test_construct_UserInfoRequest_2_with_token(self):
self.client.grant["foo"] = Grant()
self.client.grant["foo"].grant_expiration_time = time.time() + 60
self.client.grant["foo"].code = "access_code"
resp = AccessTokenResponse(refresh_token="refresh_with_me",
access_token="access", id_token="IDTOKEN",
scope=["openid"])
self.client.grant["foo"].tokens.append(Token(resp))
uir = self.client.construct_UserInfoRequest(state="foo",
scope=["openid"])
assert uir["access_token"] == "access"
def test_construct_EndSessionRequest(self):
self.client.grant["foo"] = Grant()
self.client.grant["foo"].grant_expiration_time = time.time() + 60
self.client.grant["foo"].code = "access_code"
resp = AccessTokenResponse(
id_token="id_id_id_id", access_token="access", scope=["openid"]
)
self.client.grant["foo"].tokens.append(Token(resp))
args = {"redirect_url": "http://example.com/end"}
esr = self.client.construct_EndSessionRequest(state="foo", request_args=args)
assert _eq(esr.keys(), ["id_token", "state", "redirect_url"])
def test_do_user_info_request(self):
resp = AuthorizationResponse(code="code", state="state")
grant = Grant(10) # expired grant
grant.add_code(resp)
resp2 = AccessTokenResponse(
refresh_token="refresh_with_me", access_token="access", token_type="Bearer"
)
token = Token(resp2)
grant.tokens.append(token)
self.client.grant["state0"] = grant
resp3 = self.client.do_user_info_request(state="state0")
assert isinstance(resp3, OpenIDSchema)
assert _eq(resp3.keys(), ["name", "email", "verified", "nickname", "sub"])
assert resp3["name"] == "Melody Gardot"
def test_construct_CheckSessionRequest_2():
cli = Client()
cli.userinfo_endpoint = "https://example.org/oauth2/userinfo"
cli.grant["foo"] = Grant()
cli.grant["foo"].grant_expiration_time = time.time() + 60
cli.grant["foo"].code = "access_code"
resp = AccessTokenResponse(id_token="id_id_id_id",
access_token="access", scope=["openid"])
cli.grant["foo"].tokens.append(Token(resp))
uir = cli.construct_CheckSessionRequest(state="foo", scope=["openid"])
print uir
assert ("%s" % uir) == "{'id_token': 'id_id_id_id'}"
def test_construct_EndSessionRequest():
cli = Client()
cli.redirect_uris = ["http://example.com/authz"]
cli.grant["foo"] = Grant()
cli.grant["foo"].grant_expiration_time = time.time() + 60
cli.grant["foo"].code = "access_code"
resp = AccessTokenResponse(id_token="id_id_id_id",
access_token="access", scope=["openid"])
cli.grant["foo"].tokens.append(Token(resp))
args = {"redirect_url": "http://example.com/end"}
esr = cli.construct_EndSessionRequest(state="foo", request_args=args)
print esr.keys()
assert _eq(esr.keys(), ['id_token', 'state', "redirect_url"])
def test_construct_UserInfoRequest_2():
cli = Client()
cli.userinfo_endpoint = "https://example.org/oauth2/userinfo"
cli.grant["foo"] = Grant()
cli.grant["foo"].grant_expiration_time = time.time() + 60
cli.grant["foo"].code = "access_code"
resp = AccessTokenResponse(refresh_token="refresh_with_me",
access_token="access", id_token="IDTOKEN",
scope=["openid"])
cli.grant["foo"].tokens.append(Token(resp))
uir = cli.construct_UserInfoRequest(state="foo", scope=["openid"])
print uir
assert uir.keys() == ["access_token"]
def test_get_access_token_refresh_2(self):
self.client.grant["foo"] = Grant()
self.client.grant["foo"].grant_expiration_time = \
utc_time_sans_frac() + 60
self.client.grant["foo"].code = "access_code"
print self.client.grant["foo"]
resp = AccessTokenResponse()
resp["refresh_token"] = "refresh_with_me"
resp["access_token"] = "access"
self.client.grant["foo"].tokens.append(Token(resp))
# Uses refresh_token from previous response
atr = self.client.construct_RefreshAccessTokenRequest(state="foo")
assert atr.type() == "RefreshAccessTokenRequest"
assert atr["grant_type"] == "refresh_token"
assert atr["refresh_token"] == "refresh_with_me"
def test_do_userinfo_request_with_state():
client = Client(CLIENT_ID, client_authn_method=CLIENT_AUTHN_METHOD)
client.grant["foxhound"] = Grant()
resp = AccessTokenResponse(access_token="access", token_type="Bearer")
_token = Token(resp)
client.grant["foxhound"].tokens = [_token]
method = "GET"
state = "foxhound"
scope = "openid"
request = "openid"
kwargs = {"request": request, "userinfo_endpoint": "http://example.com/userinfo"}
path, body, method, h_args = client.user_info_request(
method, state, scope, **kwargs
)
assert path == "http://example.com/userinfo"
assert h_args == {"headers": {"Authorization": "Bearer access"}}
assert method == "GET"
assert body is None
def test_do_user_info_request_http_errors(self):
resp = AuthorizationResponse(code="code", state="state")
grant = Grant(10) # expired grant
grant.add_code(resp)
resp2 = AccessTokenResponse(
refresh_token="refresh_with_me", access_token="access", token_type="Bearer"
)
token = Token(resp2)
grant.tokens.append(token)
self.client.grant["state0"] = grant
with responses.RequestsMock() as rsps:
rsps.add(
responses.POST,
"https://example.com/userinfo",
status=405,
headers={"Allow": "GET"},
)
with pytest.raises(CommunicationError) as excp:
self.client.do_user_info_request(state="state0")
assert excp.value.args[0] == "Server responded with HTTP Error Code 405"
assert excp.value.args[1] == ["GET"]
def test_construct_CheckSessionRequest_2(self):
self.client.grant["foo"] = Grant()
self.client.grant["foo"].grant_expiration_time = int(time.time() + 60)
self.client.grant["foo"].code = "access_code"
# Need a proper ID Token
self.client.keyjar.add_kb(IDTOKEN["iss"], KC_SYM_S)
_sig_key = self.client.keyjar.get_signing_key("oct", IDTOKEN["iss"])
_signed_jwt = IDTOKEN.to_jwt(_sig_key, algorithm="HS256")
resp = AccessTokenResponse(
id_token=_signed_jwt,
access_token="access",
scope=["openid"],
token_type="bearer",
)
assert resp.verify(keyjar=self.client.keyjar)
self.client.grant["foo"].tokens.append(Token(resp))
csr = self.client.construct_CheckSessionRequest(state="foo", scope=["openid"])
assert csr["id_token"] == _signed_jwt
def test_do_userinfo_request_with_state():
""" Mirrors the first lines in do_userinfo_request"""
client = Client(CLIENT_ID, client_authn_method=CLIENT_AUTHN_METHOD)
client.grant['foxhound'] = Grant()
resp = AccessTokenResponse(access_token="access", token_type="Bearer")
_token = Token(resp)
client.grant["foxhound"].tokens = [_token]
method = "GET"
state = "foxhound"
scope = "openid"
request = "openid"
kwargs = {
"request": request,
"userinfo_endpoint": 'http://example.com/userinfo'
}
path, body, method, h_args = client.user_info_request(
method, state, scope, **kwargs)
assert path == 'http://example.com/userinfo'
assert h_args == {'headers': {'Authorization': 'Bearer access'}}
assert method == 'GET'
assert body is None