def test_register_client(self):
federation = Federation(TestOP.federation_key)
rp_root_key = rsa_key()
rp_intermediate_key = rsa_key()
rp_signed_intermediate_key = JWS(
json.dumps(rp_intermediate_key.serialize(private=False)), alg=rp_root_key.alg
).sign_compact(keys=[rp_root_key])
rp_software_statement = federation.create_software_statement(
dict(root_key=rp_root_key.serialize(private=False), response_types=["code"])
)
client_metadata = {
"signing_key": rp_signed_intermediate_key,
"signed_jwks_uri": "https://rp.example.com/signed_jwks",
"software_statements": [rp_software_statement],
"redirect_uris": ["https://rp.example.com"],
"response_types": ["id_token"],
}
req = FederationRegistrationRequest(**client_metadata)
signature = SignedHttpRequest(rp_intermediate_key).sign(rp_intermediate_key.alg, body=req.to_json())
response = self.op.register_client("pop {}".format(signature), req.to_json())
client_metadata = json.loads(response.message)
registration_response = FederationRegistrationResponse().from_dict(client_metadata)
assert registration_response.verify()
assert "client_id" in registration_response
assert registration_response["provider_software_statement"] == self.op.software_statements_jws[0]
assert registration_response["response_types"] == ["code"]
def test_sign_registration_request(self):
rp_root_key = rsa_key()
rp = RP(None, rp_root_key, [], None, None)
reg_req = FederationRegistrationRequest(**{"foo": "bar"})
signed = rp._sign_registration_request(reg_req)
_jws = JWS()
assert _jws.is_jws(signed)
assert _jws.jwt.headers["kid"] == rp.intermediate_key.kid
assert SignedHttpRequest(rp.intermediate_key).verify(signed, body=reg_req.to_json())
