A `TokenVerifier` backed by a fixed token→`AccessToken` mapping. Any token string not in the mapping verifies to `None`, which the bearer middleware treats as an unrecognized token. Tests seed the mapping with the exact token shapes (valid, expired, wrong scope, wrong audience) they nee
| 86 | |
| 87 | |
| 88 | class StaticTokenVerifier: |
| 89 | """A `TokenVerifier` backed by a fixed token→`AccessToken` mapping. |
| 90 | |
| 91 | Any token string not in the mapping verifies to `None`, which the bearer middleware treats |
| 92 | as an unrecognized token. Tests seed the mapping with the exact token shapes (valid, expired, |
| 93 | wrong scope, wrong audience) they need so the resource-server gate's behaviour is asserted in |
| 94 | isolation from the authorization-server provider. |
| 95 | """ |
| 96 | |
| 97 | def __init__(self, tokens: Mapping[str, AccessToken]) -> None: |
| 98 | self._tokens = dict(tokens) |
| 99 | |
| 100 | async def verify_token(self, token: str) -> AccessToken | None: |
| 101 | return self._tokens.get(token) |
| 102 | |
| 103 | |
| 104 | class InMemoryTokenStorage: |