def test_register_client(self): federation = Federation(TestOP.federation_key) rp_root_key = rsa_key() rp_intermediate_key = rsa_key() rp_signed_intermediate_key = JWS( json.dumps(rp_intermediate_key.serialize(private=False)), alg=rp_root_key.alg ).sign_compact(keys=[rp_root_key]) rp_software_statement = federation.create_software_statement( dict(root_key=rp_root_key.serialize(private=False), response_types=["code"]) ) client_metadata = { "signing_key": rp_signed_intermediate_key, "signed_jwks_uri": "https://rp.example.com/signed_jwks", "software_statements": [rp_software_statement], "redirect_uris": ["https://rp.example.com"], "response_types": ["id_token"], } req = FederationRegistrationRequest(**client_metadata) signature = SignedHttpRequest(rp_intermediate_key).sign(rp_intermediate_key.alg, body=req.to_json()) response = self.op.register_client("pop {}".format(signature), req.to_json()) client_metadata = json.loads(response.message) registration_response = FederationRegistrationResponse().from_dict(client_metadata) assert registration_response.verify() assert "client_id" in registration_response assert registration_response["provider_software_statement"] == self.op.software_statements_jws[0] assert registration_response["response_types"] == ["code"]
def test_sign_registration_request(self): rp_root_key = rsa_key() rp = RP(None, rp_root_key, [], None, None) reg_req = FederationRegistrationRequest(**{"foo": "bar"}) signed = rp._sign_registration_request(reg_req) _jws = JWS() assert _jws.is_jws(signed) assert _jws.jwt.headers["kid"] == rp.intermediate_key.kid assert SignedHttpRequest(rp.intermediate_key).verify(signed, body=reg_req.to_json())