diff options
author | Jonathan Huot <jonathan.huot@thomsonreuters.com> | 2019-02-25 21:34:31 +0100 |
---|---|---|
committer | Jonathan Huot <jonathan.huot@thomsonreuters.com> | 2019-07-04 11:17:19 +0200 |
commit | ad7b15428bde9eaa55bbc0ca0ce338342740a7c9 (patch) | |
tree | a8d0b5c0f4058b381189c95f3d4d27ad126ff9f3 | |
parent | 0d423ac7af419b69530cd05ab786527d941b4ffb (diff) | |
download | oauthlib-ad7b15428bde9eaa55bbc0ca0ce338342740a7c9.tar.gz |
Add nonce auth request check for authorization_code
-rw-r--r-- | tests/openid/connect/core/grant_types/test_authorization_code.py | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/tests/openid/connect/core/grant_types/test_authorization_code.py b/tests/openid/connect/core/grant_types/test_authorization_code.py index c3c7824..89401ab 100644 --- a/tests/openid/connect/core/grant_types/test_authorization_code.py +++ b/tests/openid/connect/core/grant_types/test_authorization_code.py @@ -40,6 +40,7 @@ class OpenIDAuthCodeTest(TestCase): self.request.grant_type = 'authorization_code' self.request.redirect_uri = 'https://a.b/cb' self.request.state = 'abc' + self.request.nonce = None self.mock_validator = mock.MagicMock() self.mock_validator.authenticate_client.side_effect = self.set_client @@ -148,3 +149,16 @@ class OpenIDAuthCodeTest(TestCase): self.assertIn('scope', token) self.assertNotIn('id_token', token) self.assertNotIn('openid', token['scope']) + + @mock.patch('oauthlib.common.generate_token') + def test_optional_nonce(self, generate_token): + generate_token.return_value = 'abc' + self.request.nonce = 'xyz' + scope, info = self.auth.validate_authorization_request(self.request) + + bearer = BearerToken(self.mock_validator) + self.request.response_mode = 'query' + h, b, s = self.auth.create_authorization_response(self.request, bearer) + self.assertURLEqual(h['Location'], self.url_query) + self.assertEqual(b, None) + self.assertEqual(s, 302) |