()
| 440 | |
| 441 | |
| 442 | def test_openid_authorize(): |
| 443 | app = Flask(__name__) |
| 444 | app.secret_key = "!" |
| 445 | oauth = OAuth(app) |
| 446 | key = jwk.import_key("secret", "oct") |
| 447 | |
| 448 | client = oauth.register( |
| 449 | "dev", |
| 450 | client_id="dev", |
| 451 | api_base_url="https://resource.test/api", |
| 452 | access_token_url="https://provider.test/token", |
| 453 | authorize_url="https://provider.test/authorize", |
| 454 | client_kwargs={"scope": "openid profile"}, |
| 455 | jwks={"keys": [key.as_dict()]}, |
| 456 | ) |
| 457 | |
| 458 | with app.test_request_context(): |
| 459 | resp = client.authorize_redirect("https://client.test/callback") |
| 460 | assert resp.status_code == 302 |
| 461 | |
| 462 | url = resp.headers["Location"] |
| 463 | query_data = dict(url_decode(urlparse.urlparse(url).query)) |
| 464 | |
| 465 | state = query_data["state"] |
| 466 | assert state is not None |
| 467 | session_data = session[f"_state_dev_{state}"] |
| 468 | nonce = session_data["data"]["nonce"] |
| 469 | assert nonce is not None |
| 470 | assert nonce == query_data["nonce"] |
| 471 | |
| 472 | token = get_bearer_token() |
| 473 | now = int(time.time()) |
| 474 | claims = { |
| 475 | "sub": "123", |
| 476 | "iss": "https://provider.test", |
| 477 | "aud": "dev", |
| 478 | "iat": now, |
| 479 | "auth_time": now, |
| 480 | "exp": now + 3600, |
| 481 | "nonce": query_data["nonce"], |
| 482 | "at_hash": create_half_hash(token["access_token"], "HS256").decode("utf-8"), |
| 483 | } |
| 484 | id_token = jwt.encode({"alg": "HS256"}, claims, key) |
| 485 | token["id_token"] = id_token |
| 486 | path = f"/?code=a&state={state}" |
| 487 | with app.test_request_context(path=path): |
| 488 | session[f"_state_dev_{state}"] = session_data |
| 489 | with mock.patch("requests.sessions.Session.send") as send: |
| 490 | send.return_value = mock_send_value(token) |
| 491 | token = client.authorize_access_token() |
| 492 | assert token["access_token"] == "a" |
| 493 | assert "userinfo" in token |
| 494 | |
| 495 | |
| 496 | def test_oauth2_access_token_with_post(): |
nothing calls this directly
no test coverage detected
searching dependent graphs…