1171 |
1171 |
def test_resource_owner_password_credential_grant(app, oidc_client, admin, simple_user):
|
1172 |
1172 |
cache.clear()
|
1173 |
1173 |
oidc_client.authorization_flow = OIDCClient.FLOW_RESOURCE_OWNER_CRED
|
|
1174 |
oidc_client.scope = 'openid'
|
1174 |
1175 |
oidc_client.save()
|
1175 |
1176 |
token_url = make_url('oidc-token')
|
1176 |
1177 |
if oidc_client.idtoken_algo == OIDCClient.ALGO_HMAC:
|
... | ... | |
1194 |
1195 |
jwt.deserialize(token, key=jwk)
|
1195 |
1196 |
claims = json.loads(jwt.claims)
|
1196 |
1197 |
# xxx already verified by jwcrypto deserialization?
|
1197 |
|
assert all(claims.get(key) for key in ('acr', 'aud', 'auth_time', 'exp', 'iat', 'iss', 'sub'))
|
|
1198 |
assert set(claims) == set(['acr', 'aud', 'auth_time', 'exp', 'iat', 'iss', 'sub'])
|
|
1199 |
assert all(claims.values())
|
1198 |
1200 |
|
1199 |
1201 |
# 2. test basic authz
|
1200 |
1202 |
params.pop('client_id')
|
... | ... | |
1208 |
1210 |
jwt.deserialize(token, key=jwk)
|
1209 |
1211 |
claims = json.loads(jwt.claims)
|
1210 |
1212 |
# xxx already verified by jwcrypto deserialization?
|
1211 |
|
assert all(claims.get(key) for key in ('acr', 'aud', 'auth_time', 'exp', 'iat', 'iss', 'sub'))
|
|
1213 |
assert set(claims) == set(['acr', 'aud', 'auth_time', 'exp', 'iat', 'iss', 'sub'])
|
|
1214 |
assert all(claims.values())
|
1212 |
1215 |
|
1213 |
1216 |
|
1214 |
1217 |
def test_resource_owner_password_credential_grant_ratelimitation_invalid_client(
|
... | ... | |
1311 |
1314 |
assert 'id_token' in response.json
|
1312 |
1315 |
|
1313 |
1316 |
|
|
1317 |
def test_credentials_grant_invalid_flow(
|
|
1318 |
app, oidc_client, admin, simple_user, settings):
|
|
1319 |
cache.clear()
|
|
1320 |
params = {
|
|
1321 |
'client_id': oidc_client.client_id,
|
|
1322 |
'client_secret': oidc_client.client_secret,
|
|
1323 |
'grant_type': 'password',
|
|
1324 |
'username': simple_user.username,
|
|
1325 |
'password': u'SurelyNotTheRightPassword',
|
|
1326 |
}
|
|
1327 |
token_url = make_url('oidc-token')
|
|
1328 |
response = app.post(token_url, params=params, status=400)
|
|
1329 |
assert response.json['error'] == 'unauthorized_client'
|
|
1330 |
assert 'is not configured' in response.json['error_description']
|
|
1331 |
|
|
1332 |
|
1314 |
1333 |
def test_credentials_grant_invalid_client(
|
1315 |
1334 |
app, oidc_client, admin, simple_user, settings):
|
1316 |
1335 |
cache.clear()
|
1317 |
|
-
|