diff options
author | Tom Evans <tevans@mintel.com> | 2021-02-01 13:44:19 +0000 |
---|---|---|
committer | Asif Saif Uddin <auvipy@gmail.com> | 2021-02-12 11:31:48 +0600 |
commit | 89162b8a7a911f094674d0a77199ae226b71a656 (patch) | |
tree | 8ec5c33f35aa4f1e6183d9c199900197a48789c0 /tests | |
parent | 637c8945f2ba1481927478db7d1fa09de43c265b (diff) | |
download | oauthlib-89162b8a7a911f094674d0a77199ae226b71a656.tar.gz |
Use request.nonce when generating hybrid id token
Like with the implicit grant, we need to override add_id_token to pass
the nonce from the current request to GrantBase.add_id_token in order
for the ID token to have the correct nonce.
Add test that the nonce is in ID token from hybrid OIDC flow.
Fixes: #746
Diffstat (limited to 'tests')
-rw-r--r-- | tests/openid/connect/core/grant_types/test_hybrid.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/tests/openid/connect/core/grant_types/test_hybrid.py b/tests/openid/connect/core/grant_types/test_hybrid.py index fb61b04..e525f63 100644 --- a/tests/openid/connect/core/grant_types/test_hybrid.py +++ b/tests/openid/connect/core/grant_types/test_hybrid.py @@ -67,6 +67,15 @@ class OpenIDHybridCodeIdTokenTest(OpenIDAuthCodeTest): self.assertIsNone(b) self.assertEqual(s, 302) + def test_id_token_contains_nonce(self): + token = {} + self.mock_validator.get_id_token.side_effect = None + self.mock_validator.get_id_token.return_value = None + token = self.auth.add_id_token(token, None, self.request) + assert self.mock_validator.finalize_id_token.call_count == 1 + claims = self.mock_validator.finalize_id_token.call_args[0][0] + assert "nonce" in claims + class OpenIDHybridCodeIdTokenTokenTest(OpenIDAuthCodeTest): |