def test_reauthenticate_end_user(client, oauth_client): data = {'max_age': 0} # TODO response = oauth2.post_authorize(client, oauth_client, data=data, confirm=True)
def test_ui_locale_no_errors(client, oauth_client): """ Test the very basic requirement that including the ``ui_locales`` parameter does not cause any errors. """ data = {'ui_locales': 'fr-CA fr en'} auth_response = oauth2.post_authorize(client, oauth_client, data=data, confirm=True) assert auth_response.status_code == 302 assert 'Location' in auth_response.headers assert oauth2.code_from_authorize_response(auth_response)
def test_id_token_hint_empty(client, oauth_client): """ Test ``id_token_hint`` parameter when it's empty. "If the End-User identified by the ID Token is logged in or is logged in by the request, then the Authorization Server returns a positive response; otherwise, it SHOULD return an error" No end user in hint, so return an error """ data = {"id_token_hint": ""} auth_response = oauth2.post_authorize(client, oauth_client, data=data, confirm=True) assert auth_response.status_code == 302 assert "Location" in auth_response.headers query_params = parse_qs(urlparse(auth_response.headers["Location"]).query) assert "error" in query_params assert query_params["error"][0] == "access_denied"
def test_id_token_hint_not_logged_in(app, client, oauth_client, monkeypatch): """ Test ``id_token_hint`` parameter when hinted user is not logged in. TODO: This should attempt to log the user in """ # test user is logged in right now token_response = oauth2.get_token_response(client, oauth_client).json id_token = validate_jwt(token_response["id_token"], {"openid"}) # don't mock auth so there isn't a logged in user any more monkeypatch.setitem(config, "MOCK_AUTH", False) # Now use that id_token as a hint to the authorize endpoint data = {"id_token_hint": str(id_token)} auth_response = oauth2.post_authorize(client, oauth_client, data=data, confirm=True) assert auth_response.status_code == 302 assert "Location" in auth_response.headers query_params = parse_qs(urlparse(auth_response.headers["Location"]).query) assert "error" in query_params assert query_params["error"][0] == "access_denied"