def _access_token_post_parse_request(self,
request,
client_id="",
**kwargs):
"""
This is where clients come to get their access tokens
:param request: The request
:param authn: Authentication info, comes from HTTP header
:returns:
"""
request = AccessTokenRequest(**request.to_dict())
if "state" in request:
try:
sinfo = self.endpoint_context.sdb[request["code"]]
except KeyError:
logger.error("Code not present in SessionDB")
return self.error_cls(error="unauthorized_client")
else:
state = sinfo["authn_req"]["state"]
if state != request["state"]:
logger.error("State value mismatch")
return self.error_cls(error="unauthorized_client")
if "client_id" not in request: # Optional for access token request
request["client_id"] = client_id
logger.debug("%s: %s" %
(request.__class__.__name__, sanitize(request)))
return request
client_id="client_1",
redirect_uri="https://example.com/cb",
scope=["openid"],
state="STATE",
response_type="code id_token",
)
TOKEN_REQ = AccessTokenRequest(
client_id="client_1",
redirect_uri="https://example.com/cb",
state="STATE",
grant_type="authorization_code",
client_secret="hemligt",
)
TOKEN_REQ_DICT = TOKEN_REQ.to_dict()
BASEDIR = os.path.abspath(os.path.dirname(__file__))
def full_path(local_file):
return os.path.join(BASEDIR, local_file)
class TestEndpoint(object):
@pytest.fixture(autouse=True)
def create_endpoint(self):
conf = {
"issuer": "https://example.com/",
"password": "******",
"token_expires_in": 600,