This repository was archived by the owner on Aug 29, 2023. It is now read-only.
Send in the request meta for headers when creating the authorization response #2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add the request headers to authorization response to allow for dynamic issuer support.
ryanluker
changed the title
alexpdraper
reviewed
Nov 17, 2020
|
|
||
| # Turn back on the OIDC specific endpoints | ||
| oauth2_settings.OIDC_ISS_ENDPOINT = "http://localhost" | ||
| oauth2_settings.OIDC_USERINFO_ENDPOINT = "http://localhost/userinfo/" |
There was a problem hiding this comment.
You might want to move this logic into before/after functions. If the test fails before this then these lines won’t be called and the settings won’t get restored.
The other thing I’d consider doing is storing the initial values in variables and then setting to those variables after instead of hardcoding the settings here.
There was a problem hiding this comment.
Yah I was pondering along similar lines but I wanted to keep with the same style that are in the other tests inside test_oidc_views.
class TestConnectDiscoveryInfoView(TestCase):
def test_get_connect_discovery_info(self):
expected_response = {
"issuer": "http://localhost",
"authorization_endpoint": "http://localhost/o/authorize/",
"token_endpoint": "http://localhost/o/token/",
"userinfo_endpoint": "http://localhost/userinfo/",
"jwks_uri": "http://localhost/o/jwks/",
"response_types_supported": [
"code",
"token",
"id_token",
"id_token token",
"code token",
"code id_token",
"code id_token token"
],
"subject_types_supported": ["public"],
"id_token_signing_alg_values_supported": ["RS256", "HS256"],
"token_endpoint_auth_methods_supported": ["client_secret_post", "client_secret_basic"]
}
response = self.client.get(reverse("oauth2_provider:oidc-connect-discovery-info"))
self.assertEqual(response.status_code, 200)
assert response.json() == expected_response
def test_get_connect_discovery_info_without_issuer_url(self):
oauth2_settings.OIDC_ISS_ENDPOINT = None
oauth2_settings.OIDC_USERINFO_ENDPOINT = None
expected_response = {
"issuer": "http://testserver/o",
"authorization_endpoint": "http://testserver/o/authorize/",
"token_endpoint": "http://testserver/o/token/",
"userinfo_endpoint": "http://testserver/o/userinfo/",
"jwks_uri": "http://testserver/o/jwks/",
"response_types_supported": [
"code",
"token",
"id_token",
"id_token token",
"code token",
"code id_token",
"code id_token token"
],
"subject_types_supported": ["public"],
"id_token_signing_alg_values_supported": ["RS256", "HS256"],
"token_endpoint_auth_methods_supported": ["client_secret_post", "client_secret_basic"]
}
response = self.client.get(reverse("oauth2_provider:oidc-connect-discovery-info"))
self.assertEqual(response.status_code, 200)
assert response.json() == expected_response
oauth2_settings.OIDC_ISS_ENDPOINT = "http://localhost"
oauth2_settings.OIDC_USERINFO_ENDPOINT = "http://localhost/userinfo/"
class TestJwksInfoView(TestCase):
def test_get_jwks_info(self):
expected_response = {
"keys": [{
"alg": "RS256",
"use": "sig",
"kid": "s4a1o8mFEd1tATAIH96caMlu4hOxzBUaI2QTqbYNBHs",
"e": "AQAB",
"kty": "RSA",
"n": "mwmIeYdjZkLgalTuhvvwjvnB5vVQc7G9DHgOm20Hw524bLVTk49IXJ2Scw42HOmowWWX-oMVT_ca3ZvVIeffVSN1-TxVy2zB65s0wDMwhiMoPv35z9IKHGMZgl9vlyso_2b7daVF_FQDdgIayUn8TQylBxEU1RFfW0QSYOBdAt8" # noqa
}]
}
response = self.client.get(reverse("oauth2_provider:jwks-info"))
self.assertEqual(response.status_code, 200)
assert response.json() == expected_response
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://app.clubhouse.io/greenspace/story/26294/properly-add-request-meta-to-authorization-response
Description of the Change
Before we couldn't do custom issuer domains because of an issue where the request was being sanitized and loosing the request headers. This PR uses the request.META before the sanitation occurs to persist the headers into the lower areas of the code.
This module leverages the oauthlib to construct this response so you will need to look here if you wish to see how it was moving the headers around.
https://oauthlib.readthedocs.io/en/latest/_modules/oauthlib/oauth2/rfc6749/endpoints/authorization.html#AuthorizationEndpoint.create_authorization_response
Note:
Reminder that this is a library and not the greenspace project, we dont expect to verify acceptance style tests in this repo. I will create a release for 1.4.1 and then update the greenspace requirements to include these changes.
Checklist
CHANGELOG.mdupdated (only for user relevant changes)author name inN/AAUTHORSExamples
Failing test
QA Notes (no CICD in this repo)
How to run all the tests
How to run the single test
After following the setup guide in the readme you can run the single new test with the command below.