0001-oidc-authn-test-id-token-required-claims-31863.patch
src/authentic2_auth_oidc/utils.py | ||
---|---|---|
127 | 127 |
raise ValueError('invalid id_token') |
128 | 128 |
keys = set(decoded.keys()) |
129 | 129 |
# check fields are ok |
130 |
if keys < REQUIRED_ID_TOKEN_KEYS:
|
|
130 |
if not keys.issuperset(REQUIRED_ID_TOKEN_KEYS):
|
|
131 | 131 |
raise ValueError('missing field: %s' % (REQUIRED_ID_TOKEN_KEYS - keys)) |
132 | 132 |
for key in keys: |
133 | 133 |
if key == 'aud': |
tests/test_auth_oidc.py | ||
---|---|---|
464 | 464 |
name='test_issuer_hmac_only', |
465 | 465 |
issuer='https://hmac_only.issuer', |
466 | 466 |
openid_configuration=oidc_conf) |
467 | ||
468 | ||
469 |
def test_required_keys(db, caplog): |
|
470 |
erroneous_payload = base64url_encode(json.dumps({ |
|
471 |
'sub': '248289761001', |
|
472 |
'iss': 'http://server.example.com', |
|
473 |
'iat': 1311280970, |
|
474 |
'exp': 1311281970, # Missing 'aud' and 'nonce' required claims |
|
475 |
'extra_stuff': 'hi there', # Wrong claim |
|
476 |
})) |
|
477 | ||
478 |
with pytest.raises(ValueError) as e: |
|
479 |
with utils.check_log(caplog, 'missing field'): |
|
480 |
IDToken('{}.{}.{}'.format(header, erroneous_payload, signature)) |
|
467 |
- |