summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBraedon Vickers <braedon.vickers@gmail.com>2020-04-22 21:04:00 +0800
committerBraedon Vickers <braedon.vickers@gmail.com>2020-04-22 21:04:00 +0800
commite2f89114ec22ce382fe03f37d9bdc841f85325f2 (patch)
treebad09528d31380053112e49a284d89ba0c4a63e9
parenta6001006dd19d6dfc7d68e6572b53fc271aae072 (diff)
parent90d6398c6d5f98f65d98defda71987fbf457dd00 (diff)
downloadoauthlib-e2f89114ec22ce382fe03f37d9bdc841f85325f2.tar.gz
Merge remote-tracking branch 'upstream/master' into improve-validator-skeleton
-rw-r--r--CHANGELOG.rst19
-rw-r--r--oauthlib/oauth2/rfc6749/clients/base.py26
-rw-r--r--oauthlib/oauth2/rfc6749/clients/legacy_application.py1
-rw-r--r--oauthlib/oauth2/rfc6749/clients/mobile_application.py2
-rw-r--r--oauthlib/oauth2/rfc6749/clients/service_application.py1
-rw-r--r--oauthlib/oauth2/rfc6749/clients/web_application.py1
-rw-r--r--requirements-test.txt1
-rw-r--r--tests/oauth1/rfc5849/endpoints/test_access_token.py2
-rw-r--r--tests/oauth1/rfc5849/endpoints/test_authorization.py2
-rw-r--r--tests/oauth1/rfc5849/endpoints/test_base.py2
-rw-r--r--tests/oauth1/rfc5849/endpoints/test_request_token.py2
-rw-r--r--tests/oauth1/rfc5849/endpoints/test_resource.py2
-rw-r--r--tests/oauth1/rfc5849/endpoints/test_signature_only.py2
-rw-r--r--tests/oauth2/rfc6749/clients/test_backend_application.py2
-rw-r--r--tests/oauth2/rfc6749/clients/test_legacy_application.py2
-rw-r--r--tests/oauth2/rfc6749/clients/test_mobile_application.py2
-rw-r--r--tests/oauth2/rfc6749/clients/test_service_application.py2
-rw-r--r--tests/oauth2/rfc6749/clients/test_web_application.py2
-rw-r--r--tests/oauth2/rfc6749/endpoints/test_client_authentication.py2
-rw-r--r--tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py2
-rw-r--r--tests/oauth2/rfc6749/endpoints/test_error_responses.py2
-rw-r--r--tests/oauth2/rfc6749/endpoints/test_extra_credentials.py2
-rw-r--r--tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py2
-rw-r--r--tests/oauth2/rfc6749/endpoints/test_resource_owner_association.py2
-rw-r--r--tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py2
-rw-r--r--tests/oauth2/rfc6749/endpoints/test_scope_handling.py2
-rw-r--r--tests/oauth2/rfc6749/grant_types/test_authorization_code.py2
-rw-r--r--tests/oauth2/rfc6749/grant_types/test_client_credentials.py2
-rw-r--r--tests/oauth2/rfc6749/grant_types/test_implicit.py2
-rw-r--r--tests/oauth2/rfc6749/grant_types/test_refresh_token.py2
-rw-r--r--tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py2
-rw-r--r--tests/oauth2/rfc6749/test_parameters.py2
-rw-r--r--tests/oauth2/rfc6749/test_server.py2
-rw-r--r--tests/oauth2/rfc6749/test_tokens.py2
-rw-r--r--tests/openid/connect/core/endpoints/test_claims_handling.py2
-rw-r--r--tests/openid/connect/core/endpoints/test_openid_connect_params_handling.py2
-rw-r--r--tests/openid/connect/core/endpoints/test_userinfo_endpoint.py2
-rw-r--r--tests/openid/connect/core/grant_types/test_authorization_code.py2
-rw-r--r--tests/openid/connect/core/grant_types/test_base.py2
-rw-r--r--tests/openid/connect/core/grant_types/test_dispatchers.py2
-rw-r--r--tests/openid/connect/core/grant_types/test_hybrid.py2
-rw-r--r--tests/openid/connect/core/grant_types/test_implicit.py2
-rw-r--r--tests/openid/connect/core/test_server.py2
-rw-r--r--tests/openid/connect/core/test_tokens.py2
44 files changed, 77 insertions, 48 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index ab556f1..c42df83 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -1,7 +1,22 @@
Changelog
=========
-3.1.0 (TBD)
+3.1.1 (TBD)
+------------------
+OAuth2.0 Client - Bugfixes
+
+ * #730: Base OAuth2 Client now has a consistent way of managing the `scope`: it consistently
+ relies on the `scope` provided in the constructor if any, except if overridden temporarily
+ in a method call. Note that in particular providing a non-None `scope` in
+ `prepare_authorization_request` or `prepare_refresh_token` does not override anymore
+ `self.scope` forever, it is just used temporarily.
+ * #726: MobileApplicationClient.prepare_request_uri and MobileApplicationClient.parse_request_uri_response,
+ ServiceApplicationClient.prepare_request_body,
+ and WebApplicationClient.prepare_request_uri now correctly use the default `scope` provided in
+ constructor.
+ * #725: LegacyApplicationClient.prepare_request_body now correctly uses the default `scope` provided in constructor
+
+3.1.0 (2019-08-06)
------------------
OAuth2.0 Provider - Features
@@ -25,7 +40,7 @@ OAuth2.0 Provider - Bugfixes
OAuth2.0 Client - Bugfixes
* #290: Fix Authorization Code's errors processing
- * #603: BackendApplication.Client.prepare_request_body use the `scope` argument as intended.
+ * #603: BackendApplicationClient.prepare_request_body use the `scope` argument as intended.
* #672: Fix edge case when `expires_in=Null`
OAuth1.0 Client
diff --git a/oauthlib/oauth2/rfc6749/clients/base.py b/oauthlib/oauth2/rfc6749/clients/base.py
index 04dabe6..4043258 100644
--- a/oauthlib/oauth2/rfc6749/clients/base.py
+++ b/oauthlib/oauth2/rfc6749/clients/base.py
@@ -220,7 +220,10 @@ class Client:
the provider. If provided then it must also be provided in the
token request.
- :param scope:
+ :param scope: List of scopes to request. Must be equal to
+ or a subset of the scopes granted when obtaining the refresh
+ token. If none is provided, the ones provided in the constructor are
+ used.
:param kwargs: Additional parameters to included in the request.
@@ -231,10 +234,11 @@ class Client:
self.state = state or self.state_generator()
self.redirect_url = redirect_url or self.redirect_url
- self.scope = scope or self.scope
+ # do not assign scope to self automatically anymore
+ scope = self.scope if scope is None else scope
auth_url = self.prepare_request_uri(
authorization_url, redirect_uri=self.redirect_url,
- scope=self.scope, state=self.state, **kwargs)
+ scope=scope, state=self.state, **kwargs)
return auth_url, FORM_ENC_HEADERS, ''
def prepare_token_request(self, token_url, authorization_response=None,
@@ -295,7 +299,8 @@ class Client:
:param scope: List of scopes to request. Must be equal to
or a subset of the scopes granted when obtaining the refresh
- token.
+ token. If none is provided, the ones provided in the constructor are
+ used.
:param kwargs: Additional parameters to included in the request.
@@ -304,9 +309,10 @@ class Client:
if not is_secure_transport(token_url):
raise InsecureTransportError()
- self.scope = scope or self.scope
+ # do not assign scope to self automatically anymore
+ scope = self.scope if scope is None else scope
body = self.prepare_refresh_body(body=body,
- refresh_token=refresh_token, scope=self.scope, **kwargs)
+ refresh_token=refresh_token, scope=scope, **kwargs)
return token_url, FORM_ENC_HEADERS, body
def prepare_token_revocation_request(self, revocation_url, token,
@@ -380,7 +386,8 @@ class Client:
returns an error response as described in `Section 5.2`_.
:param body: The response body from the token request.
- :param scope: Scopes originally requested.
+ :param scope: Scopes originally requested. If none is provided, the ones
+ provided in the constructor are used.
:return: Dictionary of token parameters.
:raises: Warning if scope has changed. OAuth2Error if response is invalid.
@@ -416,6 +423,7 @@ class Client:
.. _`Section 5.2`: https://tools.ietf.org/html/rfc6749#section-5.2
.. _`Section 7.1`: https://tools.ietf.org/html/rfc6749#section-7.1
"""
+ scope = self.scope if scope is None else scope
self.token = parse_token_response(body, scope=scope)
self.populate_token_attributes(self.token)
return self.token
@@ -437,9 +445,11 @@ class Client:
Section 3.3. The requested scope MUST NOT include any scope
not originally granted by the resource owner, and if omitted is
treated as equal to the scope originally granted by the
- resource owner.
+ resource owner. Note that if none is provided, the ones provided
+ in the constructor are used if any.
"""
refresh_token = refresh_token or self.refresh_token
+ scope = self.scope if scope is None else scope
return prepare_token_request(self.refresh_token_key, body=body, scope=scope,
refresh_token=refresh_token, **kwargs)
diff --git a/oauthlib/oauth2/rfc6749/clients/legacy_application.py b/oauthlib/oauth2/rfc6749/clients/legacy_application.py
index 1bb0e14..fe2ff4a 100644
--- a/oauthlib/oauth2/rfc6749/clients/legacy_application.py
+++ b/oauthlib/oauth2/rfc6749/clients/legacy_application.py
@@ -79,5 +79,6 @@ class LegacyApplicationClient(Client):
"""
kwargs['client_id'] = self.client_id
kwargs['include_client_id'] = include_client_id
+ scope = self.scope if scope is None else scope
return prepare_token_request(self.grant_type, body=body, username=username,
password=password, scope=scope, **kwargs)
diff --git a/oauthlib/oauth2/rfc6749/clients/mobile_application.py b/oauthlib/oauth2/rfc6749/clients/mobile_application.py
index 73627c4..cd325f4 100644
--- a/oauthlib/oauth2/rfc6749/clients/mobile_application.py
+++ b/oauthlib/oauth2/rfc6749/clients/mobile_application.py
@@ -91,6 +91,7 @@ class MobileApplicationClient(Client):
.. _`Section 3.3`: https://tools.ietf.org/html/rfc6749#section-3.3
.. _`Section 10.12`: https://tools.ietf.org/html/rfc6749#section-10.12
"""
+ scope = self.scope if scope is None else scope
return prepare_grant_uri(uri, self.client_id, self.response_type,
redirect_uri=redirect_uri, state=state, scope=scope, **kwargs)
@@ -167,6 +168,7 @@ class MobileApplicationClient(Client):
.. _`Section 7.1`: https://tools.ietf.org/html/rfc6749#section-7.1
.. _`Section 3.3`: https://tools.ietf.org/html/rfc6749#section-3.3
"""
+ scope = self.scope if scope is None else scope
self.token = parse_implicit_response(uri, state=state, scope=scope)
self.populate_token_attributes(self.token)
return self.token
diff --git a/oauthlib/oauth2/rfc6749/clients/service_application.py b/oauthlib/oauth2/rfc6749/clients/service_application.py
index 09fc7ba..34c2a66 100644
--- a/oauthlib/oauth2/rfc6749/clients/service_application.py
+++ b/oauthlib/oauth2/rfc6749/clients/service_application.py
@@ -181,6 +181,7 @@ class ServiceApplicationClient(Client):
kwargs['client_id'] = self.client_id
kwargs['include_client_id'] = include_client_id
+ scope = self.scope if scope is None else scope
return prepare_token_request(self.grant_type,
body=body,
assertion=assertion,
diff --git a/oauthlib/oauth2/rfc6749/clients/web_application.py b/oauthlib/oauth2/rfc6749/clients/web_application.py
index aedc9d1..42b2c96 100644
--- a/oauthlib/oauth2/rfc6749/clients/web_application.py
+++ b/oauthlib/oauth2/rfc6749/clients/web_application.py
@@ -84,6 +84,7 @@ class WebApplicationClient(Client):
.. _`Section 3.3`: https://tools.ietf.org/html/rfc6749#section-3.3
.. _`Section 10.12`: https://tools.ietf.org/html/rfc6749#section-10.12
"""
+ scope = self.scope if scope is None else scope
return prepare_grant_uri(uri, self.client_id, 'code',
redirect_uri=redirect_uri, scope=scope, state=state, **kwargs)
diff --git a/requirements-test.txt b/requirements-test.txt
index 64485a6..6d8d6e9 100644
--- a/requirements-test.txt
+++ b/requirements-test.txt
@@ -1,4 +1,3 @@
-r requirements.txt
-mock>=2.0
pytest>=4.0
pytest-cov>=2.6
diff --git a/tests/oauth1/rfc5849/endpoints/test_access_token.py b/tests/oauth1/rfc5849/endpoints/test_access_token.py
index 9ba8a3e..05d62fc 100644
--- a/tests/oauth1/rfc5849/endpoints/test_access_token.py
+++ b/tests/oauth1/rfc5849/endpoints/test_access_token.py
@@ -1,4 +1,4 @@
-from mock import ANY, MagicMock
+from unittest.mock import ANY, MagicMock
from oauthlib.oauth1 import RequestValidator
from oauthlib.oauth1.rfc5849 import Client
diff --git a/tests/oauth1/rfc5849/endpoints/test_authorization.py b/tests/oauth1/rfc5849/endpoints/test_authorization.py
index 178bddf..a9b2fc0 100644
--- a/tests/oauth1/rfc5849/endpoints/test_authorization.py
+++ b/tests/oauth1/rfc5849/endpoints/test_authorization.py
@@ -1,4 +1,4 @@
-from mock import MagicMock
+from unittest.mock import MagicMock
from oauthlib.oauth1 import RequestValidator
from oauthlib.oauth1.rfc5849 import errors
diff --git a/tests/oauth1/rfc5849/endpoints/test_base.py b/tests/oauth1/rfc5849/endpoints/test_base.py
index de6c1a4..6fc991a 100644
--- a/tests/oauth1/rfc5849/endpoints/test_base.py
+++ b/tests/oauth1/rfc5849/endpoints/test_base.py
@@ -1,6 +1,6 @@
from re import sub
-from mock import MagicMock
+from unittest.mock import MagicMock
from oauthlib.common import CaseInsensitiveDict, safe_string_equals
from oauthlib.oauth1 import Client, RequestValidator
diff --git a/tests/oauth1/rfc5849/endpoints/test_request_token.py b/tests/oauth1/rfc5849/endpoints/test_request_token.py
index ece36bd..e16ea7b 100644
--- a/tests/oauth1/rfc5849/endpoints/test_request_token.py
+++ b/tests/oauth1/rfc5849/endpoints/test_request_token.py
@@ -1,4 +1,4 @@
-from mock import ANY, MagicMock
+from unittest.mock import ANY, MagicMock
from oauthlib.oauth1 import RequestValidator
from oauthlib.oauth1.rfc5849 import Client
diff --git a/tests/oauth1/rfc5849/endpoints/test_resource.py b/tests/oauth1/rfc5849/endpoints/test_resource.py
index 41c9aee..2aeb1c8 100644
--- a/tests/oauth1/rfc5849/endpoints/test_resource.py
+++ b/tests/oauth1/rfc5849/endpoints/test_resource.py
@@ -1,4 +1,4 @@
-from mock import ANY, MagicMock
+from unittest.mock import ANY, MagicMock
from oauthlib.oauth1 import RequestValidator
from oauthlib.oauth1.rfc5849 import Client
diff --git a/tests/oauth1/rfc5849/endpoints/test_signature_only.py b/tests/oauth1/rfc5849/endpoints/test_signature_only.py
index 9804137..2ff1073 100644
--- a/tests/oauth1/rfc5849/endpoints/test_signature_only.py
+++ b/tests/oauth1/rfc5849/endpoints/test_signature_only.py
@@ -1,4 +1,4 @@
-from mock import ANY, MagicMock
+from unittest.mock import ANY, MagicMock
from oauthlib.oauth1 import RequestValidator
from oauthlib.oauth1.rfc5849 import Client
diff --git a/tests/oauth2/rfc6749/clients/test_backend_application.py b/tests/oauth2/rfc6749/clients/test_backend_application.py
index 8d80b39..b05786a 100644
--- a/tests/oauth2/rfc6749/clients/test_backend_application.py
+++ b/tests/oauth2/rfc6749/clients/test_backend_application.py
@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
import os
-from mock import patch
+from unittest.mock import patch
from oauthlib import signals
from oauthlib.oauth2 import BackendApplicationClient
diff --git a/tests/oauth2/rfc6749/clients/test_legacy_application.py b/tests/oauth2/rfc6749/clients/test_legacy_application.py
index 34ea108..1daf2a3 100644
--- a/tests/oauth2/rfc6749/clients/test_legacy_application.py
+++ b/tests/oauth2/rfc6749/clients/test_legacy_application.py
@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
import os
-from mock import patch
+from unittest.mock import patch
from oauthlib import signals
from oauthlib.oauth2 import LegacyApplicationClient
diff --git a/tests/oauth2/rfc6749/clients/test_mobile_application.py b/tests/oauth2/rfc6749/clients/test_mobile_application.py
index e2bdebe..2fb839e 100644
--- a/tests/oauth2/rfc6749/clients/test_mobile_application.py
+++ b/tests/oauth2/rfc6749/clients/test_mobile_application.py
@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
import os
-from mock import patch
+from unittest.mock import patch
from oauthlib import signals
from oauthlib.oauth2 import MobileApplicationClient
diff --git a/tests/oauth2/rfc6749/clients/test_service_application.py b/tests/oauth2/rfc6749/clients/test_service_application.py
index ba9406b..6f48e23 100644
--- a/tests/oauth2/rfc6749/clients/test_service_application.py
+++ b/tests/oauth2/rfc6749/clients/test_service_application.py
@@ -3,7 +3,7 @@ import os
from time import time
import jwt
-from mock import patch
+from unittest.mock import patch
from oauthlib.common import Request
from oauthlib.oauth2 import ServiceApplicationClient
diff --git a/tests/oauth2/rfc6749/clients/test_web_application.py b/tests/oauth2/rfc6749/clients/test_web_application.py
index e3382c8..719a07d 100644
--- a/tests/oauth2/rfc6749/clients/test_web_application.py
+++ b/tests/oauth2/rfc6749/clients/test_web_application.py
@@ -2,7 +2,7 @@
import os
import warnings
-from mock import patch
+from unittest.mock import patch
from oauthlib import common, signals
from oauthlib.oauth2 import (BackendApplicationClient, Client,
diff --git a/tests/oauth2/rfc6749/endpoints/test_client_authentication.py b/tests/oauth2/rfc6749/endpoints/test_client_authentication.py
index 48b5485..69cb7ee 100644
--- a/tests/oauth2/rfc6749/endpoints/test_client_authentication.py
+++ b/tests/oauth2/rfc6749/endpoints/test_client_authentication.py
@@ -11,7 +11,7 @@ prevents this check from being circumvented with a client form parameter.
"""
import json
-import mock
+from unittest import mock
from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer,
MobileApplicationServer, RequestValidator,
diff --git a/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py b/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py
index bda71f7..9a76da9 100644
--- a/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py
+++ b/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py
@@ -5,7 +5,7 @@ uri and the Implicit Grant will need to preserve state.
"""
import json
-import mock
+from unittest import mock
from oauthlib.oauth2 import (MobileApplicationServer, RequestValidator,
WebApplicationServer)
diff --git a/tests/oauth2/rfc6749/endpoints/test_error_responses.py b/tests/oauth2/rfc6749/endpoints/test_error_responses.py
index cdf2b63..aac66df 100644
--- a/tests/oauth2/rfc6749/endpoints/test_error_responses.py
+++ b/tests/oauth2/rfc6749/endpoints/test_error_responses.py
@@ -2,7 +2,7 @@
"""
import json
-import mock
+from unittest import mock
from oauthlib.common import urlencode
from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer,
diff --git a/tests/oauth2/rfc6749/endpoints/test_extra_credentials.py b/tests/oauth2/rfc6749/endpoints/test_extra_credentials.py
index 6895dcd..936a129 100644
--- a/tests/oauth2/rfc6749/endpoints/test_extra_credentials.py
+++ b/tests/oauth2/rfc6749/endpoints/test_extra_credentials.py
@@ -1,6 +1,6 @@
"""Ensure extra credentials can be supplied for inclusion in tokens.
"""
-import mock
+from unittest import mock
from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer,
MobileApplicationServer, RequestValidator,
diff --git a/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py b/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py
index 0942d96..3c67673 100644
--- a/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py
+++ b/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py
@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
from json import loads
-from mock import MagicMock
+from unittest.mock import MagicMock
from oauthlib.common import urlencode
from oauthlib.oauth2 import RequestValidator, IntrospectEndpoint
diff --git a/tests/oauth2/rfc6749/endpoints/test_resource_owner_association.py b/tests/oauth2/rfc6749/endpoints/test_resource_owner_association.py
index 9e9d836..6280cac 100644
--- a/tests/oauth2/rfc6749/endpoints/test_resource_owner_association.py
+++ b/tests/oauth2/rfc6749/endpoints/test_resource_owner_association.py
@@ -2,7 +2,7 @@
"""
import json
-import mock
+from unittest import mock
from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer,
MobileApplicationServer, RequestValidator,
diff --git a/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py b/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py
index 0e3b2e1..6bfba9a 100644
--- a/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py
+++ b/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py
@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
from json import loads
-from mock import MagicMock
+from unittest.mock import MagicMock
from oauthlib.common import urlencode
from oauthlib.oauth2 import RequestValidator, RevocationEndpoint
diff --git a/tests/oauth2/rfc6749/endpoints/test_scope_handling.py b/tests/oauth2/rfc6749/endpoints/test_scope_handling.py
index 65e0e3c..0bf760b 100644
--- a/tests/oauth2/rfc6749/endpoints/test_scope_handling.py
+++ b/tests/oauth2/rfc6749/endpoints/test_scope_handling.py
@@ -5,7 +5,7 @@ need to be persisted temporarily in an authorization code.
"""
import json
-import mock
+from unittest import mock
from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer,
MobileApplicationServer, RequestValidator, Server,
diff --git a/tests/oauth2/rfc6749/grant_types/test_authorization_code.py b/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
index 4ed9086..a9e384f 100644
--- a/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
+++ b/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
import json
-import mock
+from unittest import mock
from oauthlib.common import Request
from oauthlib.oauth2.rfc6749 import errors
diff --git a/tests/oauth2/rfc6749/grant_types/test_client_credentials.py b/tests/oauth2/rfc6749/grant_types/test_client_credentials.py
index d994278..0a45ef6 100644
--- a/tests/oauth2/rfc6749/grant_types/test_client_credentials.py
+++ b/tests/oauth2/rfc6749/grant_types/test_client_credentials.py
@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
import json
-import mock
+from unittest import mock
from oauthlib.common import Request
from oauthlib.oauth2.rfc6749.grant_types import ClientCredentialsGrant
diff --git a/tests/oauth2/rfc6749/grant_types/test_implicit.py b/tests/oauth2/rfc6749/grant_types/test_implicit.py
index ffd766a..4a0313d 100644
--- a/tests/oauth2/rfc6749/grant_types/test_implicit.py
+++ b/tests/oauth2/rfc6749/grant_types/test_implicit.py
@@ -1,5 +1,5 @@
# -*- coding: utf-8 -*-
-import mock
+from unittest import mock
from oauthlib.common import Request
from oauthlib.oauth2.rfc6749.grant_types import ImplicitGrant
diff --git a/tests/oauth2/rfc6749/grant_types/test_refresh_token.py b/tests/oauth2/rfc6749/grant_types/test_refresh_token.py
index 074f359..0d0fd37 100644
--- a/tests/oauth2/rfc6749/grant_types/test_refresh_token.py
+++ b/tests/oauth2/rfc6749/grant_types/test_refresh_token.py
@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
import json
-import mock
+from unittest import mock
from oauthlib.common import Request
from oauthlib.oauth2.rfc6749 import errors
diff --git a/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py b/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py
index 4e93015..42f0aa6 100644
--- a/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py
+++ b/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py
@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
import json
-import mock
+from unittest import mock
from oauthlib.common import Request
from oauthlib.oauth2.rfc6749 import errors
diff --git a/tests/oauth2/rfc6749/test_parameters.py b/tests/oauth2/rfc6749/test_parameters.py
index e9b3621..4380447 100644
--- a/tests/oauth2/rfc6749/test_parameters.py
+++ b/tests/oauth2/rfc6749/test_parameters.py
@@ -1,4 +1,4 @@
-from mock import patch
+from unittest.mock import patch
from oauthlib import signals
from oauthlib.oauth2.rfc6749.errors import *
diff --git a/tests/oauth2/rfc6749/test_server.py b/tests/oauth2/rfc6749/test_server.py
index 9288e49..e6ad5cd 100644
--- a/tests/oauth2/rfc6749/test_server.py
+++ b/tests/oauth2/rfc6749/test_server.py
@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
import json
-import mock
+from unittest import mock
from oauthlib import common
from oauthlib.oauth2.rfc6749 import errors, tokens
diff --git a/tests/oauth2/rfc6749/test_tokens.py b/tests/oauth2/rfc6749/test_tokens.py
index 61a23cb..8402133 100644
--- a/tests/oauth2/rfc6749/test_tokens.py
+++ b/tests/oauth2/rfc6749/test_tokens.py
@@ -1,4 +1,4 @@
-import mock
+from unittest import mock
from oauthlib.common import Request
from oauthlib.oauth2.rfc6749.tokens import (
diff --git a/tests/openid/connect/core/endpoints/test_claims_handling.py b/tests/openid/connect/core/endpoints/test_claims_handling.py
index 943210c..1fe86ef 100644
--- a/tests/openid/connect/core/endpoints/test_claims_handling.py
+++ b/tests/openid/connect/core/endpoints/test_claims_handling.py
@@ -6,7 +6,7 @@ The claims parameter is an optional query param for the Authorization Request en
request the claims should be transferred (via the oauthlib request) to be persisted
with the Access Token when it is created.
"""
-import mock
+from unittest import mock
from oauthlib.openid import RequestValidator
from oauthlib.openid.connect.core.endpoints.pre_configured import Server
diff --git a/tests/openid/connect/core/endpoints/test_openid_connect_params_handling.py b/tests/openid/connect/core/endpoints/test_openid_connect_params_handling.py
index 26ff46b..98482e2 100644
--- a/tests/openid/connect/core/endpoints/test_openid_connect_params_handling.py
+++ b/tests/openid/connect/core/endpoints/test_openid_connect_params_handling.py
@@ -1,4 +1,4 @@
-import mock
+from unittest import mock
from oauthlib.oauth2 import InvalidRequestError
from oauthlib.oauth2.rfc6749.endpoints.authorization import \
diff --git a/tests/openid/connect/core/endpoints/test_userinfo_endpoint.py b/tests/openid/connect/core/endpoints/test_userinfo_endpoint.py
index 9edc970..dd48bdd 100644
--- a/tests/openid/connect/core/endpoints/test_userinfo_endpoint.py
+++ b/tests/openid/connect/core/endpoints/test_userinfo_endpoint.py
@@ -1,5 +1,5 @@
# -*- coding: utf-8 -*-
-import mock
+from unittest import mock
import json
from oauthlib.openid import RequestValidator
diff --git a/tests/openid/connect/core/grant_types/test_authorization_code.py b/tests/openid/connect/core/grant_types/test_authorization_code.py
index b6bb99c..829af92 100644
--- a/tests/openid/connect/core/grant_types/test_authorization_code.py
+++ b/tests/openid/connect/core/grant_types/test_authorization_code.py
@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
import json
-import mock
+from unittest import mock
from oauthlib.common import Request
from oauthlib.oauth2.rfc6749.tokens import BearerToken
diff --git a/tests/openid/connect/core/grant_types/test_base.py b/tests/openid/connect/core/grant_types/test_base.py
index d506b7e..786b24b 100644
--- a/tests/openid/connect/core/grant_types/test_base.py
+++ b/tests/openid/connect/core/grant_types/test_base.py
@@ -1,5 +1,5 @@
# -*- coding: utf-8 -*-
-import mock
+from unittest import mock
import time
from oauthlib.common import Request
diff --git a/tests/openid/connect/core/grant_types/test_dispatchers.py b/tests/openid/connect/core/grant_types/test_dispatchers.py
index 2fc4ae6..d423915 100644
--- a/tests/openid/connect/core/grant_types/test_dispatchers.py
+++ b/tests/openid/connect/core/grant_types/test_dispatchers.py
@@ -1,5 +1,5 @@
# -*- coding: utf-8 -*-
-import mock
+from unittest import mock
from oauthlib.common import Request
diff --git a/tests/openid/connect/core/grant_types/test_hybrid.py b/tests/openid/connect/core/grant_types/test_hybrid.py
index 3347031..53175df 100644
--- a/tests/openid/connect/core/grant_types/test_hybrid.py
+++ b/tests/openid/connect/core/grant_types/test_hybrid.py
@@ -1,5 +1,5 @@
# -*- coding: utf-8 -*-
-import mock
+from unittest import mock
from oauthlib.oauth2.rfc6749 import errors
from oauthlib.oauth2.rfc6749.tokens import BearerToken
diff --git a/tests/openid/connect/core/grant_types/test_implicit.py b/tests/openid/connect/core/grant_types/test_implicit.py
index c8fefd4..b914eb6 100644
--- a/tests/openid/connect/core/grant_types/test_implicit.py
+++ b/tests/openid/connect/core/grant_types/test_implicit.py
@@ -1,5 +1,5 @@
# -*- coding: utf-8 -*-
-import mock
+from unittest import mock
from oauthlib.common import Request
from oauthlib.oauth2.rfc6749 import errors
diff --git a/tests/openid/connect/core/test_server.py b/tests/openid/connect/core/test_server.py
index 681748f..bb3cc3c 100644
--- a/tests/openid/connect/core/test_server.py
+++ b/tests/openid/connect/core/test_server.py
@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
import json
-import mock
+from unittest import mock
from oauthlib.oauth2.rfc6749 import errors
from oauthlib.oauth2.rfc6749.endpoints.authorization import AuthorizationEndpoint
diff --git a/tests/openid/connect/core/test_tokens.py b/tests/openid/connect/core/test_tokens.py
index f1a6688..5889df5 100644
--- a/tests/openid/connect/core/test_tokens.py
+++ b/tests/openid/connect/core/test_tokens.py
@@ -1,4 +1,4 @@
-import mock
+from unittest import mock
from oauthlib.openid.connect.core.tokens import JWTToken