fixup! Synced implementation of token_endpoint

CZ-NIC · Mar 3, 2019 · 3feb5cc · 3feb5cc
1 parent 87965a0
commit 3feb5cc
Showing 1 changed file with 55 additions and 0 deletions.
diff --git a/tests/test_oauth2_provider.py b/tests/test_oauth2_provider.py
@@ -12,6 +12,8 @@
 from oic.oauth2.message import AccessTokenResponse
 from oic.oauth2.message import AuthorizationRequest
 from oic.oauth2.message import AuthorizationResponse
+from oic.oauth2.message import CCAccessTokenRequest
+from oic.oauth2.message import ROPCAccessTokenRequest
 from oic.oauth2.message import TokenErrorResponse
 from oic.oauth2.provider import Provider
 from oic.utils.authn.authn_context import AuthnBroker
@@ -53,6 +55,12 @@
         "redirect_uris": [("http://localhost:8087/authz", None)],
         'token_endpoint_auth_method': 'client_secret_post',
         'response_types': ['code', 'token']
+    },
+    "client2": {
+        "client_secret": "verysecret",
+        "redirect_uris": [("http://localhost:8087/authz", None)],
+        'token_endpoint_auth_method': 'client_secret_basic',
+        'response_types': ['code', 'token']
     }
 }
 
@@ -340,6 +348,53 @@ def test_token_endpoint_unauth(self):
         atr = TokenErrorResponse().deserialize(resp.message, "json")
         assert _eq(atr.keys(), ['error_description', 'error'])
 
+    def test_token_endpoint_client_credentials(self):
+        authreq = AuthorizationRequest(state="state",
+                                       redirect_uri="http://example.com/authz",
+                                       client_id="client1")
+
+        _sdb = self.provider.sdb
+        sid = _sdb.access_token.key(user="sub", areq=authreq)
+        access_grant = _sdb.access_token(sid=sid)
+        _sdb[sid] = {
+            "oauth_state": "authz",
+            "sub": "sub",
+            "authzreq": "",
+            "client_id": "client1",
+            "code": access_grant,
+            "code_used": False,
+            "redirect_uri": "http://example.com/authz",
+            'token_endpoint_auth_method': 'client_secret_basic',
+        }
+        areq = CCAccessTokenRequest(grant_type='client_credentials')
+        authn = 'Basic Y2xpZW50Mjp2ZXJ5c2VjcmV0='
+        with pytest.raises(NotImplementedError):
+            self.provider.token_endpoint(request=areq.to_urlencoded(), authn=authn)
+
+    def test_token_endpoint_password(self):
+        authreq = AuthorizationRequest(state="state",
+                                       redirect_uri="http://example.com/authz",
+                                       client_id="client1")
+
+        _sdb = self.provider.sdb
+        sid = _sdb.access_token.key(user="sub", areq=authreq)
+        access_grant = _sdb.access_token(sid=sid)
+        _sdb[sid] = {
+            "oauth_state": "authz",
+            "sub": "sub",
+            "authzreq": "",
+            "client_id": "client1",
+            "code": access_grant,
+            "code_used": False,
+            "redirect_uri": "http://example.com/authz",
+            'token_endpoint_auth_method': 'client_secret_basic',
+        }
+        areq = ROPCAccessTokenRequest(grant_type='password', username='client1', password='password')
+        pytest.set_trace()
+        authn = 'Basic Y2xpZW50Mjp2ZXJ5c2VjcmV0='
+        with pytest.raises(NotImplementedError):
+            self.provider.token_endpoint(request=areq.to_urlencoded(), authn=authn)
+
     @pytest.mark.parametrize("response_types", [
         ['token id_token', 'id_token'],
         ['id_token token']