diff options
author | Jonathan Huot <jonathan.huot@thomsonreuters.com> | 2018-11-30 15:15:50 +0100 |
---|---|---|
committer | Jonathan Huot <jonathan.huot@thomsonreuters.com> | 2018-11-30 15:15:50 +0100 |
commit | 6bd865b36dc64caaa8aab9788742c9d54ce81c4d (patch) | |
tree | 7a47ce65b03845b32b98043579d360cf3edacb47 | |
parent | cf3cf407be774405f66188219eb1653c723e294b (diff) | |
download | oauthlib-6bd865b36dc64caaa8aab9788742c9d54ce81c4d.tar.gz |
Add Server metadata test and fix metadata.
Fix grant_types_supported which must include "implicit" even if it is not a grant_type in oauthlib sense. Removed internal "none" field value from the list of response_types.
-rw-r--r-- | oauthlib/oauth2/rfc6749/endpoints/metadata.py | 12 | ||||
-rw-r--r-- | tests/oauth2/rfc6749/endpoints/test_metadata.py | 53 |
2 files changed, 62 insertions, 3 deletions
diff --git a/oauthlib/oauth2/rfc6749/endpoints/metadata.py b/oauthlib/oauth2/rfc6749/endpoints/metadata.py index 6873334..84ddf8f 100644 --- a/oauthlib/oauth2/rfc6749/endpoints/metadata.py +++ b/oauthlib/oauth2/rfc6749/endpoints/metadata.py @@ -89,17 +89,19 @@ class MetadataEndpoint(BaseEndpoint): raise ValueError("array {}: {} must contains only string (not {})".format(key, array[key], elem)) def validate_metadata_token(self, claims, endpoint): - claims.setdefault("grant_types_supported", list(endpoint._grant_types.keys())) + self._grant_types += list(endpoint._grant_types.keys()) claims.setdefault("token_endpoint_auth_methods_supported", ["client_secret_post", "client_secret_basic"]) - self.validate_metadata(claims, "grant_types_supported", is_list=True) self.validate_metadata(claims, "token_endpoint_auth_methods_supported", is_list=True) self.validate_metadata(claims, "token_endpoint_auth_signing_alg_values_supported", is_list=True) self.validate_metadata(claims, "token_endpoint", is_required=True, is_url=True) def validate_metadata_authorization(self, claims, endpoint): - claims.setdefault("response_types_supported", list(self._response_types.keys())) + claims.setdefault("response_types_supported", + list(filter(lambda x: x != "none", endpoint._response_types.keys()))) claims.setdefault("response_modes_supported", ["query", "fragment"]) + if "token" in claims["response_types_supported"]: + self._grant_types.append("implicit") self.validate_metadata(claims, "response_types_supported", is_required=True, is_list=True) self.validate_metadata(claims, "response_modes_supported", is_list=True) @@ -183,6 +185,7 @@ class MetadataEndpoint(BaseEndpoint): self.validate_metadata(claims, "op_policy_uri", is_url=True) self.validate_metadata(claims, "op_tos_uri", is_url=True) + self._grant_types = [] for endpoint in self.endpoints: if isinstance(endpoint, TokenEndpoint): self.validate_metadata_token(claims, endpoint) @@ -192,4 +195,7 @@ class MetadataEndpoint(BaseEndpoint): self.validate_metadata_revocation(claims, endpoint) if isinstance(endpoint, IntrospectEndpoint): self.validate_metadata_introspection(claims, endpoint) + + claims.setdefault("grant_types_supported", self._grant_types) + self.validate_metadata(claims, "grant_types_supported", is_list=True) return claims diff --git a/tests/oauth2/rfc6749/endpoints/test_metadata.py b/tests/oauth2/rfc6749/endpoints/test_metadata.py index 301e846..5174b2d 100644 --- a/tests/oauth2/rfc6749/endpoints/test_metadata.py +++ b/tests/oauth2/rfc6749/endpoints/test_metadata.py @@ -3,6 +3,7 @@ from __future__ import absolute_import, unicode_literals from oauthlib.oauth2 import MetadataEndpoint from oauthlib.oauth2 import TokenEndpoint +from oauthlib.oauth2 import Server from ....unittest import TestCase @@ -36,3 +37,55 @@ class MetadataEndpointTest(TestCase): metadata = MetadataEndpoint([], self.metadata) self.assertIn("issuer", metadata.claims) self.assertEqual(metadata.claims["issuer"], 'https://foo.bar') + + def test_server_metadata(self): + endpoint = Server(None) + metadata = MetadataEndpoint([endpoint], { + "issuer": 'https://foo.bar', + "authorization_endpoint": "https://foo.bar/authorize", + "introspection_endpoint": "https://foo.bar/introspect", + "revocation_endpoint": "https://foo.bar/revoke", + "token_endpoint": "https://foo.bar/token", + "jwks_uri": "https://foo.bar/certs", + "scopes_supported": ["email", "profile"] + }) + self.assertEqual(metadata.claims, { + "issuer": "https://foo.bar", + "authorization_endpoint": "https://foo.bar/authorize", + "introspection_endpoint": "https://foo.bar/introspect", + "revocation_endpoint": "https://foo.bar/revoke", + "token_endpoint": "https://foo.bar/token", + "jwks_uri": "https://foo.bar/certs", + "scopes_supported": ["email", "profile"], + "grant_types_supported": [ + "authorization_code", + "password", + "client_credentials", + "refresh_token", + "implicit" + ], + "token_endpoint_auth_methods_supported": [ + "client_secret_post", + "client_secret_basic" + ], + "response_types_supported": [ + "code", + "token" + ], + "response_modes_supported": [ + "query", + "fragment" + ], + "code_challenge_methods_supported": [ + "plain", + "S256" + ], + "revocation_endpoint_auth_methods_supported": [ + "client_secret_post", + "client_secret_basic" + ], + "introspection_endpoint_auth_methods_supported": [ + "client_secret_post", + "client_secret_basic" + ] + }) |