canaille-globuzma/tests/oidc/test_well_known.py

from flask import g


def test_oauth_authorization_server(testclient):
    res = testclient.get("/.well-known/oauth-authorization-server", status=200).json
    assert "https://auth.mydomain.tld" == res["issuer"]
    assert res == {
        "authorization_endpoint": "http://canaille.test/oauth/authorize",
        "code_challenge_methods_supported": ["plain", "S256"],
        "introspection_endpoint": "http://canaille.test/oauth/introspect",
        "issuer": "https://auth.mydomain.tld",
        "jwks_uri": "http://canaille.test/oauth/jwks.json",
        "registration_endpoint": "http://canaille.test/oauth/register",
        "response_types_supported": [
            "code",
            "token",
            "id_token",
            "code token",
            "code id_token",
            "token id_token",
        ],
        "scopes_supported": [
            "openid",
            "profile",
            "email",
            "address",
            "phone",
            "groups",
        ],
        "token_endpoint": "http://canaille.test/oauth/token",
        "token_endpoint_auth_methods_supported": [
            "client_secret_basic",
            "private_key_jwt",
            "client_secret_post",
            "none",
        ],
        "token_endpoint_auth_signing_alg_values_supported": ["RS256", "ES256"],
        "ui_locales_supported": g.available_language_codes,
        "userinfo_endpoint": "http://canaille.test/oauth/userinfo",
    }


def test_openid_configuration(testclient):
    res = testclient.get("/.well-known/openid-configuration", status=200).json
    assert "https://auth.mydomain.tld" == res["issuer"]
    assert res == {
        "authorization_endpoint": "http://canaille.test/oauth/authorize",
        "claims_supported": [
            "sub",
            "iss",
            "auth_time",
            "acr",
            "name",
            "given_name",
            "family_name",
            "nickname",
            "profile",
            "picture",
            "website",
            "email",
            "email_verified",
            "locale",
            "zoneinfo",
            "groups",
            "nonce",
        ],
        "code_challenge_methods_supported": ["plain", "S256"],
        "end_session_endpoint": "http://canaille.test/oauth/end_session",
        "id_token_signing_alg_values_supported": ["RS256", "ES256", "HS256"],
        "introspection_endpoint": "http://canaille.test/oauth/introspect",
        "issuer": "https://auth.mydomain.tld",
        "jwks_uri": "http://canaille.test/oauth/jwks.json",
        "registration_endpoint": "http://canaille.test/oauth/register",
        "response_types_supported": [
            "code",
            "token",
            "id_token",
            "code token",
            "code id_token",
            "token id_token",
        ],
        "scopes_supported": [
            "openid",
            "profile",
            "email",
            "address",
            "phone",
            "groups",
        ],
        "subject_types_supported": ["pairwise", "public"],
        "token_endpoint": "http://canaille.test/oauth/token",
        "token_endpoint_auth_methods_supported": [
            "client_secret_basic",
            "private_key_jwt",
            "client_secret_post",
            "none",
        ],
        "token_endpoint_auth_signing_alg_values_supported": ["RS256", "ES256"],
        "ui_locales_supported": g.available_language_codes,
        "userinfo_endpoint": "http://canaille.test/oauth/userinfo",
        "prompt_values_supported": ["none"],
    }


def test_openid_configuration_prompt_value_create(testclient):
    testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True
    res = testclient.get("/.well-known/openid-configuration", status=200).json
    assert "create" in res["prompt_values_supported"]
LDAP 'preferredLanguage' attribute support 2022-11-20 21:12:18 +00:00			`from flask import g`


Serve server metadata files 2020-08-27 14:08:26 +00:00			`def test_oauth_authorization_server(testclient):`
			`res = testclient.get("/.well-known/oauth-authorization-server", status=200).json`
Implemented a basic WebFinger endpoint. 2022-10-03 15:25:32 +00:00			`assert "https://auth.mydomain.tld" == res["issuer"]`
Add nonce to the claims_supported server metadata list 2022-12-15 10:59:00 +00:00			`assert res == {`
tests: use canaille.test domain instead of localhost 2023-12-14 19:07:49 +00:00			`"authorization_endpoint": "http://canaille.test/oauth/authorize",`
Add nonce to the claims_supported server metadata list 2022-12-15 10:59:00 +00:00			`"code_challenge_methods_supported": ["plain", "S256"],`
tests: use canaille.test domain instead of localhost 2023-12-14 19:07:49 +00:00			`"introspection_endpoint": "http://canaille.test/oauth/introspect",`
Add nonce to the claims_supported server metadata list 2022-12-15 10:59:00 +00:00			`"issuer": "https://auth.mydomain.tld",`
tests: use canaille.test domain instead of localhost 2023-12-14 19:07:49 +00:00			`"jwks_uri": "http://canaille.test/oauth/jwks.json",`
			`"registration_endpoint": "http://canaille.test/oauth/register",`
Add nonce to the claims_supported server metadata list 2022-12-15 10:59:00 +00:00			`"response_types_supported": [`
			`"code",`
			`"token",`
			`"id_token",`
			`"code token",`
			`"code id_token",`
			`"token id_token",`
			`],`
			`"scopes_supported": [`
			`"openid",`
			`"profile",`
			`"email",`
			`"address",`
			`"phone",`
			`"groups",`
			`],`
tests: use canaille.test domain instead of localhost 2023-12-14 19:07:49 +00:00			`"token_endpoint": "http://canaille.test/oauth/token",`
Add nonce to the claims_supported server metadata list 2022-12-15 10:59:00 +00:00			`"token_endpoint_auth_methods_supported": [`
			`"client_secret_basic",`
			`"private_key_jwt",`
			`"client_secret_post",`
			`"none",`
			`],`
			`"token_endpoint_auth_signing_alg_values_supported": ["RS256", "ES256"],`
			`"ui_locales_supported": g.available_language_codes,`
tests: use canaille.test domain instead of localhost 2023-12-14 19:07:49 +00:00			`"userinfo_endpoint": "http://canaille.test/oauth/userinfo",`
Add nonce to the claims_supported server metadata list 2022-12-15 10:59:00 +00:00			`}`
unit tests: increased well-known coverage 2022-12-04 12:43:29 +00:00
Serve server metadata files 2020-08-27 14:08:26 +00:00
			`def test_openid_configuration(testclient):`
			`res = testclient.get("/.well-known/openid-configuration", status=200).json`
Implemented a basic WebFinger endpoint. 2022-10-03 15:25:32 +00:00			`assert "https://auth.mydomain.tld" == res["issuer"]`
Add nonce to the claims_supported server metadata list 2022-12-15 10:59:00 +00:00			`assert res == {`
tests: use canaille.test domain instead of localhost 2023-12-14 19:07:49 +00:00			`"authorization_endpoint": "http://canaille.test/oauth/authorize",`
Add nonce to the claims_supported server metadata list 2022-12-15 10:59:00 +00:00			`"claims_supported": [`
			`"sub",`
			`"iss",`
			`"auth_time",`
			`"acr",`
			`"name",`
			`"given_name",`
			`"family_name",`
			`"nickname",`
			`"profile",`
			`"picture",`
			`"website",`
			`"email",`
			`"email_verified",`
			`"locale",`
			`"zoneinfo",`
			`"groups",`
			`"nonce",`
			`],`
			`"code_challenge_methods_supported": ["plain", "S256"],`
tests: use canaille.test domain instead of localhost 2023-12-14 19:07:49 +00:00			`"end_session_endpoint": "http://canaille.test/oauth/end_session",`
Add nonce to the claims_supported server metadata list 2022-12-15 10:59:00 +00:00			`"id_token_signing_alg_values_supported": ["RS256", "ES256", "HS256"],`
tests: use canaille.test domain instead of localhost 2023-12-14 19:07:49 +00:00			`"introspection_endpoint": "http://canaille.test/oauth/introspect",`
Add nonce to the claims_supported server metadata list 2022-12-15 10:59:00 +00:00			`"issuer": "https://auth.mydomain.tld",`
tests: use canaille.test domain instead of localhost 2023-12-14 19:07:49 +00:00			`"jwks_uri": "http://canaille.test/oauth/jwks.json",`
			`"registration_endpoint": "http://canaille.test/oauth/register",`
Add nonce to the claims_supported server metadata list 2022-12-15 10:59:00 +00:00			`"response_types_supported": [`
			`"code",`
			`"token",`
			`"id_token",`
			`"code token",`
			`"code id_token",`
			`"token id_token",`
			`],`
			`"scopes_supported": [`
			`"openid",`
			`"profile",`
			`"email",`
			`"address",`
			`"phone",`
			`"groups",`
			`],`
			`"subject_types_supported": ["pairwise", "public"],`
tests: use canaille.test domain instead of localhost 2023-12-14 19:07:49 +00:00			`"token_endpoint": "http://canaille.test/oauth/token",`
Add nonce to the claims_supported server metadata list 2022-12-15 10:59:00 +00:00			`"token_endpoint_auth_methods_supported": [`
			`"client_secret_basic",`
			`"private_key_jwt",`
			`"client_secret_post",`
			`"none",`
			`],`
			`"token_endpoint_auth_signing_alg_values_supported": ["RS256", "ES256"],`
			`"ui_locales_supported": g.available_language_codes,`
tests: use canaille.test domain instead of localhost 2023-12-14 19:07:49 +00:00			`"userinfo_endpoint": "http://canaille.test/oauth/userinfo",`
tests: fix OIDC well-known tests 2023-12-23 16:24:03 +00:00			`"prompt_values_supported": ["none"],`
Add nonce to the claims_supported server metadata list 2022-12-15 10:59:00 +00:00			`}`
feat: OIDC prompt=create implementation 2023-12-23 17:02:08 +00:00

			`def test_openid_configuration_prompt_value_create(testclient):`
feat: use pydantic to validate the configuration 2023-12-18 17:06:03 +00:00			`testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True`
feat: OIDC prompt=create implementation 2023-12-23 17:02:08 +00:00			`res = testclient.get("/.well-known/openid-configuration", status=200).json`
			`assert "create" in res["prompt_values_supported"]`