def test_verify_client_bearer_header(): endpoint_context.registration_access_token["1234567890"] = client_id token = "Bearer 1234567890" request = {"client_id": client_id} res = verify_client( endpoint_context, request, authorization_info=token, get_client_id_from_token=get_client_id_from_token, ) res = verify_client(endpoint_context, request, token, get_client_id_from_token) assert set(res.keys()) == {"token", "method", "client_id"} assert res["method"] == "bearer_header"
def client_authentication(self, request, auth=None, **kwargs): """ Do client authentication :param endpoint_context: A :py:class:`oidcendpoint.endpoint_context.SrvInfo` instance :param request: Parsed request, a self.request_cls class instance :param authn: Authorization info :return: client_id or raise an exception """ try: authn_info = verify_client(self.endpoint_context, request, auth, self.get_client_id_from_token, **kwargs) except UnknownOrNoAuthnMethod: if self.client_authn_method is None: return {} else: if "none" in self.client_authn_method: return {} else: raise if authn_info == {} and self.client_authn_method and len( self.client_authn_method): raise UnAuthorizedClient("Authorization failed") return authn_info
def client_authentication(self, request, auth=None, **kwargs): """ Deal with client authentication :param request: The refresh access token request :param auth: Client authentication information :param kwargs: Extra keyword arguments :return: dictionary containing client id, client authentication method and possibly access token. """ try: auth_info = verify_client(self.endpoint_context, request, auth) msg = "" except Exception as err: msg = "Failed to verify client due to: {}".format(err) logger.error(msg) return self.error_cls(error="unauthorized_client", error_description=msg) else: if "client_id" not in auth_info: logger.error("No client_id, authentication failed") return self.error_cls(error="unauthorized_client", error_description="unknown client") return auth_info
def client_authentication(self, request, auth=None, **kwargs): """ Do client authentication :param endpoint_context: A :py:class:`oidcendpoint.endpoint_context.SrvInfo` instance :param request: Parsed request, a self.request_cls class instance :param authn: Authorization info :return: client_id or raise an exception """ try: authn_info = verify_client(self.endpoint_context, request, auth, self.get_client_id_from_token, **kwargs) except UnknownOrNoAuthnMethod: if self.client_authn_method is None: return {} else: if "none" in self.client_authn_method: return {} else: raise if authn_info["method"] not in self.client_authn_method: LOGGER.warning("Wrong client authentication method was used") raise WrongAuthnMethod("Wrong authn method") return authn_info
def test_verify_client_client_secret_basic(): _token = "{}:{}".format(client_id, client_secret) token = as_unicode(base64.b64encode(as_bytes(_token))) authz_token = "Basic {}".format(token) res = verify_client(endpoint_context, {}, authz_token) assert set(res.keys()) == {"method", "client_id"} assert res["method"] == "client_secret_basic"
def test_verify_client_bearer_body(): request = {"access_token": "1234567890", "client_id": client_id} endpoint_context.registration_access_token["1234567890"] = client_id res = verify_client(endpoint_context, request, get_client_id_from_token=get_client_id_from_token) assert set(res.keys()) == {"token", "method", "client_id"} assert res["method"] == "bearer_body"
def test_verify_client_registration_none(self): # This is when no special auth method is configured request = {"redirect_uris": ["https://example.com/cb"]} res = verify_client( self.endpoint_context, request, authorization_info=None, endpoint="registration" ) assert res == {}
def client_authentication(self, request, auth=None, **kwargs): """ :param endpoint_context: A :py:class:`oidcendpoint.endpoint_context.SrvInfo` instance :param request: Parsed request, a self.request_cls class instance :param authn: Authorization info :return: client_id or raise and exception """ return verify_client(self.endpoint_context, request, auth)
def test_verify_client_authorization_none(self): # This is when it's explicitly said that no client auth method is allowed request = {"client_id": client_id} res = verify_client( self.endpoint_context, request, authorization_info=None, endpoint="authorization" ) assert res["method"] == "none" assert res["client_id"] == "client_id"
def test_verify_client_bearer_header(self): # A prerequisite for the get_client_id_from_token function self.endpoint_context.registration_access_token["1234567890"] = client_id token = "Bearer 1234567890" request = {"client_id": client_id} res = verify_client( self.endpoint_context, request, authorization_info=token, get_client_id_from_token=get_client_id_from_token, endpoint="authorization" ) assert set(res.keys()) == {"token", "method", "client_id"} assert res["method"] == "bearer_header"
def client_authentication(self, request, auth=None, **kwargs): try: auth_info = verify_client(self.endpoint_context, request, auth) msg = '' except Exception as err: msg = "Failed to verify client due to: {}".format(err) logger.error(msg) return self.error_cls(error="unauthorized_client", error_description=msg) else: if 'client_id' not in auth_info: logger.error('No client_id, authentication failed') return self.error_cls(error="unauthorized_client", error_description='unknown client') return auth_info
def test_verify_client_jws_authn_method(self): client_keyjar = KeyJar() client_keyjar[CONF["issuer"]] = KEYJAR.issuer_keys[""] # The only own key the client has a this point client_keyjar.add_symmetric("", client_secret, ["sig"]) _jwt = JWT(client_keyjar, iss=client_id, sign_alg="HS256") # Audience is OP issuer ID aud = CONF["issuer"] + "token" _assertion = _jwt.pack({"aud": [aud]}) request = {"client_assertion": _assertion, "client_assertion_type": JWT_BEARER} res = verify_client(self.endpoint_context, request, endpoint="token") assert res["method"] == "client_secret_jwt" assert res["client_id"] == "client_id"
def test_verify_client_client_secret_post(): request = {"client_id": client_id, "client_secret": client_secret} res = verify_client(endpoint_context, request) assert set(res.keys()) == {"method", "client_id"} assert res["method"] == "client_secret_post"