idpy-oidc/patch/test_client_30.patch at client_oauth · IdentityPython/idpy-oidc · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
diff --git a/tests/test_client_30_rp_handler_oidc.py b/tests/test_client_30_rp_handler_oidc.py
index 3a3d75f..f02aa8d 100644
--- a/tests/test_client_30_rp_handler_oidc.py
+++ b/tests/test_client_30_rp_handler_oidc.py
@@ -4,12 +4,13 @@ from urllib.parse import parse_qs
 from urllib.parse import urlparse
 from urllib.parse import urlsplit

-from cryptojwt.key_jar import init_key_jar
 import pytest
 import responses
+from cryptojwt.key_jar import init_key_jar

 from idpyoidc.client.entity import Entity
 from idpyoidc.client.rp_handler import RPHandler
+from idpyoidc.key_import import import_jwks
 from idpyoidc.message.oidc import AccessTokenResponse
 from idpyoidc.message.oidc import APPLICATION_TYPE_WEB
 from idpyoidc.message.oidc import AuthorizationResponse
@@ -217,6 +218,7 @@ def iss_id(iss):


 class TestRPHandler(object):
+
     @pytest.fixture(autouse=True)
     def rphandler_setup(self):
         self.rph = RPHandler(
@@ -270,6 +272,7 @@ class TestRPHandler(object):
                               'id_token_signing_alg_values_supported',
                               'redirect_uris',
                               'request_object_signing_alg_values_supported',
+                              'request_parameter_supported',
                               'response_modes_supported',
                               'response_types_supported',
                               'scopes_supported',
@@ -279,13 +282,13 @@ class TestRPHandler(object):

         _github_id = iss_id("github")
         _keyjar = _context.upstream_get("attribute", "keyjar")
-        _keyjar.import_jwks(GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)
+        _keyjar = import_jwks(_keyjar, GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)

         # The key jar should only contain a symmetric key that is the clients
         # secret. 2 because one is marked for encryption and the other signing
         # usage.

-        assert set(_keyjar.owners()) == {"", "eeeeeeeee", _github_id}
+        assert set(_keyjar.owners()) == {"", _context.claims.prefer["client_id"], _github_id}
         keys = _keyjar.get_issuer_keys("")
         assert len(keys) == 3

@@ -329,9 +332,9 @@ class TestRPHandler(object):
         assert _context.issuer == _github_id

         _keyjar = _context.upstream_get("attribute", "keyjar")
-        _keyjar.import_jwks(GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)
+        _keyjar = import_jwks(_keyjar, GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)

-        assert set(_keyjar.owners()) == {"", "eeeeeeeee", _github_id}
+        assert set(_keyjar.owners()) == {"", _context.claims.prefer["client_id"], _github_id}
         keys = _keyjar.get_issuer_keys("")
         assert len(keys) == 3

@@ -347,7 +350,7 @@ class TestRPHandler(object):
         cb = _context.get_preference("callback_uris")

         assert set(cb.keys()) == {"request_uris", "redirect_uris"}
-        assert set(cb["redirect_uris"].keys()) == {"query", "fragment"}
+        assert set(cb["redirect_uris"].keys()) == {"query", "fragment", "form_post"}
         _hash = _context.iss_hash

         assert cb["redirect_uris"]["query"] == [f"https://example.com/rp/authz_cb/{_hash}"]
@@ -449,7 +452,7 @@ class TestRPHandler(object):
         _github_id = iss_id("github")
         _context = client.get_context()
         _keyjar = _context.upstream_get("attribute", "keyjar")
-        _keyjar.import_jwks(GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)
+        _keyjar = import_jwks(_keyjar, GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)

         _nonce = _session["nonce"]
         _iss = _session["iss"]
@@ -524,7 +527,7 @@ class TestRPHandler(object):

         _github_id = iss_id("github")
         _keyjar = _context.upstream_get("attribute", "keyjar")
-        _keyjar.import_jwks(GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)
+        _keyjar = import_jwks(_keyjar, GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)

         idts = IdToken(**idval)
         _signed_jwt = idts.to_jwt(
@@ -571,7 +574,7 @@ class TestRPHandler(object):

         _github_id = iss_id("github")
         _keyjar = _context.upstream_get("attribute", "keyjar")
-        _keyjar.import_jwks(GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)
+        _keyjar = import_jwks(_keyjar, GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)

         idts = IdToken(**idval)
         _signed_jwt = idts.to_jwt(
@@ -618,7 +621,7 @@ class TestRPHandler(object):

         _github_id = iss_id("github")
         _keyjar = _context.upstream_get("attribute", "keyjar")
-        _keyjar.import_jwks(GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)
+        _keyjar = import_jwks(_keyjar, GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)

         idts = IdToken(**idval)
         _signed_jwt = idts.to_jwt(
@@ -697,6 +700,7 @@ def test_get_provider_specific_service():


 class TestRPHandlerTier2(object):
+
     @pytest.fixture(autouse=True)
     def rphandler_setup(self):
         self.rph = RPHandler(BASE_URL, CLIENT_CONFIG, keyjar=CLI_KEY)
@@ -712,7 +716,7 @@ class TestRPHandlerTier2(object):

         _github_id = iss_id("github")
         _keyjar = _context.upstream_get("attribute", "keyjar")
-        _keyjar.import_jwks(GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)
+        _keyjar = import_jwks(_keyjar, GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)

         idts = IdToken(**idval)
         _signed_jwt = idts.to_jwt(
@@ -818,6 +822,7 @@ class TestRPHandlerTier2(object):


 class MockResponse:
+
     def __init__(self, status_code, text, headers=None):
         self.status_code = status_code
         self.text = text
@@ -825,6 +830,7 @@ class MockResponse:


 class MockOP(object):
+
     def __init__(self, issuer, keyjar=None):
         self.keyjar = keyjar
         self.issuer = issuer
@@ -913,6 +919,7 @@ def test_rphandler_request():


 class TestRPHandlerWithMockOP(object):
+
     @pytest.fixture(autouse=True)
     def rphandler_setup(self):
         self.issuer = "https://github.com/login/oauth/authorize"
@@ -956,7 +963,7 @@ class TestRPHandlerWithMockOP(object):
         )
         _github_id = iss_id("github")
         _keyjar = client.get_attribute("keyjar")
-        _keyjar.import_jwks(GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)
+        _keyjar = import_jwks(_keyjar, GITHUB_KEY.export_jwks(issuer_id=_github_id), _github_id)
         with responses.RequestsMock() as rsps:
             rsps.add(
                 "POST",