File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -703,3 +703,30 @@ def test_validate_ial_jwt_cache_replay(
703703 # Second call with same jti/iss fails
704704 with pytest .raises (InvalidRequestError ):
705705 self .token_view ._validate_ial_jwt ('token' , self .mock_jwks_client )
706+
707+ @override_switch ('client_credentials_validation' , active = True )
708+ @patch ('jwt.decode_complete' )
709+ def test_validate_ial_jwt_fails_when_auth_time_exceeds_5_minutes (
710+ self ,
711+ mock_decode_complete ,
712+ ):
713+ """Test _validate_ial_jwt fails when auth time is greater than 5 minutes."""
714+
715+ mock_payload = {
716+ 'iss' : 'test_iss' ,
717+ 'jti' : 'test_validate_ial_jwt_cache_replay' ,
718+ 'iat' : datetime .datetime .now ().timestamp (),
719+ 'auth_time' : datetime .datetime .now ().timestamp () - 301 ,
720+ 'identity_assurance_level' : 2 ,
721+ 'family_name' : 'Doe' ,
722+ 'given_name' : 'John' ,
723+ 'birthdate' : '1990-01-01' ,
724+ }
725+ mock_decode_complete .return_value = {
726+ 'payload' : mock_payload ,
727+ 'header' : {'typ' : 'JWT' },
728+ }
729+
730+ # Call fails when auth time is greater than 5 minutes
731+ with pytest .raises (InvalidRequestError ):
732+ self .token_view ._validate_ial_jwt ('token' , self .mock_jwks_client )
You can’t perform that action at this time.
0 commit comments