1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
# -*- coding: utf-8 -*-
from oauthlib.oauth2 import MetadataEndpoint
from oauthlib.oauth2 import TokenEndpoint
from oauthlib.oauth2 import Server
from ....unittest import TestCase
class MetadataEndpointTest(TestCase):
def setUp(self):
self.metadata = {
"issuer": 'https://foo.bar'
}
def test_openid_oauth2_preconfigured(self):
default_claims = {
"issuer": 'https://foo.bar',
"authorization_endpoint": "https://foo.bar/authorize",
"revocation_endpoint": "https://foo.bar/revoke",
"introspection_endpoint": "https://foo.bar/introspect",
"token_endpoint": "https://foo.bar/token"
}
from oauthlib.oauth2 import Server as OAuth2Server
from oauthlib.openid import Server as OpenIDServer
endpoint = OAuth2Server(None)
metadata = MetadataEndpoint([endpoint], default_claims)
oauth2_claims = metadata.claims
endpoint = OpenIDServer(None)
metadata = MetadataEndpoint([endpoint], default_claims)
openid_claims = metadata.claims
# Pure OAuth2 Authorization Metadata are similar with OpenID but
# response_type not! (OIDC contains "id_token" and hybrid flows)
del oauth2_claims['response_types_supported']
del openid_claims['response_types_supported']
self.maxDiff = None
self.assertEqual(openid_claims, oauth2_claims)
def test_token_endpoint(self):
endpoint = TokenEndpoint(None, None, grant_types={"password": None})
metadata = MetadataEndpoint([endpoint], {
"issuer": 'https://foo.bar',
"token_endpoint": "https://foo.bar/token"
})
self.assertIn("grant_types_supported", metadata.claims)
self.assertEqual(metadata.claims["grant_types_supported"], ["password"])
def test_token_endpoint_overridden(self):
endpoint = TokenEndpoint(None, None, grant_types={"password": None})
metadata = MetadataEndpoint([endpoint], {
"issuer": 'https://foo.bar',
"token_endpoint": "https://foo.bar/token",
"grant_types_supported": ["pass_word_special_provider"]
})
self.assertIn("grant_types_supported", metadata.claims)
self.assertEqual(metadata.claims["grant_types_supported"], ["pass_word_special_provider"])
def test_mandatory_fields(self):
metadata = MetadataEndpoint([], self.metadata)
self.assertIn("issuer", metadata.claims)
self.assertEqual(metadata.claims["issuer"], 'https://foo.bar')
def test_server_metadata(self):
endpoint = Server(None)
metadata = MetadataEndpoint([endpoint], {
"issuer": 'https://foo.bar',
"authorization_endpoint": "https://foo.bar/authorize",
"introspection_endpoint": "https://foo.bar/introspect",
"revocation_endpoint": "https://foo.bar/revoke",
"token_endpoint": "https://foo.bar/token",
"jwks_uri": "https://foo.bar/certs",
"scopes_supported": ["email", "profile"]
})
expected_claims = {
"issuer": "https://foo.bar",
"authorization_endpoint": "https://foo.bar/authorize",
"introspection_endpoint": "https://foo.bar/introspect",
"revocation_endpoint": "https://foo.bar/revoke",
"token_endpoint": "https://foo.bar/token",
"jwks_uri": "https://foo.bar/certs",
"scopes_supported": ["email", "profile"],
"grant_types_supported": [
"authorization_code",
"password",
"client_credentials",
"refresh_token",
"implicit"
],
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic"
],
"response_types_supported": [
"code",
"token"
],
"response_modes_supported": [
"query",
"fragment"
],
"code_challenge_methods_supported": [
"plain",
"S256"
],
"revocation_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic"
],
"introspection_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic"
]
}
def sort_list(claims):
for k in claims.keys():
claims[k] = sorted(claims[k])
sort_list(metadata.claims)
sort_list(expected_claims)
self.assertEqual(sorted(metadata.claims.items()), sorted(expected_claims.items()))
|
